At this point, it is pretty obvious that Huawei is well aware of this “LZPlay” app, and explicitly allows its existence. The developer of this app has to somehow be aware of these undocumented APIs, sign the legal agreements, go through several stages of reviews, and eventually have the app signed by Huawei. The sole purpose of the app is to install Google Services on a non licensed device, and it sounds very sketchy to me, but I’m no lawyer so I have absolutely no idea of its legality.
But even if it is legal, this backdoor should never exist in the first place from a security standpoint. There is a reason why system apps are allowed to have additional privileges: they exist on a cryptographically verified read-only partition. Despite the fact that the certificate to escalate a user app to system app is gate-kept by a trusted(?) party, Huawei, as long as things are stored on a writable partition (userdata), it is susceptible to malicious tampering, and should not be treated the same. 0007名刺は切らしておりまして2019/10/03(木) 01:57:29.84ID:cfDJDV7G>>4 これで解決やろうね 0008名刺は切らしておりまして2019/10/03(木) 02:24:02.28ID:d46CcKfW イタチごっこだろうな