Huawei Mate 30 loses sketchy workaround to install Google Play

The Mate 30 series might be Huawei's best smartphone yet but it might also be its most pointless as far as the market outside of China goes. That's mostly because those markets rely on Google Play services for their Android experience, whether or not they actually use Google's mobile apps and Internet services. While there were a few glimpses of hope in the past days, it seems that the Huawei Mate 30 is back to square one and is once again unable to install Google Play Services even unofficially.

Huawei already said it won't unlock the Mate 30's bootloader just so that owners can sideload Google Play on it but, last week, a curious app by the name of LZ Play popped up to offer a bit hope, allowing users to do exactly that without unlocking the bootloader or rooting the device. Then just as suddenly, LZ Play disappeared and it may be for the best.

Security researcher John Wu dug deeper into LZ Play and learned more than he perhaps expected. As if it weren't dangerous enough to install a third-party app from an unknown source and give it system-level access, the app apparently used undocumented Huawei APIs that gave a lot more control to the app and bypassed Android's security system. In other words, a backdoor, not to mention a smoking gun that the US government might have been waiting for.

Of course, no app can simply use those APIs and have to undergo a review process by Huawei. The implication here is that LZ Play either had unauthorized access to those APIs or that Huawei itself approved of the app. It could have been its covert way of circumventing the US blacklist though there are no clear connections between the app and Huawei other than this API.

Curiously, LZ Play disappeared from the Internet after this study broke out, hinting that the powers that be may have not wanted certain information to leak to the public. More than that, however, Mate 30 phones that used the workaround to install Google Play now fail Google's SafetyNet tests. This practically labels the devices as compromised and insecure and blocks the use of services like Google Pay.