Huawei's first Google-free phone loses ability to install Google apps

Now with even less Google

The new Huawei Mate 30 flagship device has lost its ability to install Googlle Play apps, which it had been able to accomplish through a (pretty shady) third-party service.

Hardware-wise, the Mate 30 is arguably Huawei's most exciting smartphone to date - but it's also its first handset to launch without access to Google apps after the firm failed to secure an exemption to the US ban that prevents it from launching devices with Google Play certification.

To make matters worse, Huawei confirmed at the launch that it wouldn't be unlocking the Mate 30's bootloader, which would have allowed users to sideload Google Play.

Last week, however, a Chinese app called 'LZPlay' offered a glimmer of hope for Mate 30 users, by enabling them to sideload Google Play onto the device without unlocking the bootloader or rooting the device.

This, unsurprisingly, rang alarm bells and John Wu, one of Android's leading security researchers and the creator of Magisk, has dug deeper into how the third-party app was able to install Google apps on the Huawei Mate 30.

Wu perhaps uncovered more than he had bargained for; he found that LZPlay hooks into a set of undocumented Huawei APIs hidden in the Mate 30's software, acting as a sort of "backdoor" that allows non-system apps access to elevated permissions and privileges.

What's more, in news that likely has the US government rubbing its hands together in glee, Wu's research claims that in order to use these undocumented permissions, the anonymous developer of LZPlay would need to have received certification from Huawei.

"At this point, it is pretty obvious that Huawei is well aware of this 'LZPlay app, and explicitly allows its existence," Wu claims. "The developer of this app has to somehow be aware of these undocumented APIs, sign the legal agreements, go through several stages of reviews, and eventually have the app signed by Huawei.

"The sole purpose of the app is to install Google Services on a non-licensed device, and it sounds very sketchy to me."

Since Wu published his findings, LZPlay has been taken down. Curiously, Mate 30 phones that used the workaround to install Google Play now fail Google's SafetyNet tests, which essentially labels the devices as compromised and insecure and blocks the use of services like Google Pay.