Connect with us

Tech News

Huawei’s Mate 30 Nightmare Just Got Even Worse

Published

on

As the world watches on, the drama around Huawei’s newly released Mate 30 and its painful loss of Google’s full-fat Android software and services is now veering from bad to worse. In the latest sorry twist, users are being told of a newly shared workaround that installs a third-party backup onto new devices complete with Google’s array of offerings. Google’s Safetynet still fails, but otherwise “the whole service works great.”

The backup is from a device that was installed with Google apps back when the originally touted workaround still worked, before it was shutdown by some combination of Google and Huawei. It’s difficult to know where to start with this. The security implications for the average user are so alarming that they should be censored. With wave upon wave of malicious hacks targeting the Android community, sharing technical fixes that circumvent security protections—albeit for virtuous reasons—opens up so much risk that it needs clamping down.

The initial Google workaround was to install an unofficial Google installer app from an unknown Chinese developer, changing the core system setup on a Mate 30 to enable Google’s apps to be installed. It seemed fine, video tutorials instructed on the options to select. But when the workaround was unpicked, it became clear that the solution could only work if Huawei knowingly or unknowingly had left parameters open.Today In: Innovation

As soon as that became public, the workaround was shut down. At the time it seemed that any users who had applied there fix would come unstuck, although my colleague David Phelan has reported that lucky users who got in early might still be okay.

That LZPlay (as the Chinese workaround app was called) fix introduced significant risk. Granting core system access to an unknown app could have opened doors to more than Google Maps and Gmail. And the implication that somewhere between Huawei and Google there was a fix that circumvented the U.S. blacklist carried other risks. Whatever went on behind the scenes, the fix has been shut down.

Now, as explained by XDA-Developers in an October 8 post, the new “backup” fix “involves restoring a backup image from a device that managed to install Google apps using Google Services Assistant from back when the method worked.” As such, it is specific to the Mate 30 Pro—the device that applied the workaround at the time.

The use of the LZPlay workaround, replete with its Chinese language instructions, was complex enough. And this one “is not as simple,” and carries a caveat “that SafetyNet will continue to fail since that is a server-side change from Google.”

It is unclear what state a phone is in once this backup has been restored. A user would ordinarily set up a new device as a continuation of their last one, they would not reach for someone else’s backup, despite that backup being data-free. But for now, “if you are looking to install Google Apps… this new workaround is your best bet.”

And so for a typical user who wants a seamless Android experience, firmware updates and security patches, and assurance that there are no shocks down the road, spending $1000 on a device that might or might not survive the next set of firmware updates is a risk I would venture few will be willing to take. Unless Huawei had been able to launch its own click and install option for Google, there is no mass-market option. And that type of fix will not be available until the political situation changes.

Any workaround to enable an after-market Google load on a Mate 30 is opening up Google “stubs” deep within Huawei’s version of the Android open-source core to enable apps and services to be installed. As reported by John Wu in a Medium post when he unpicked this, “undocumented Huawei specific MDM APIs,” were used, “signed with a special certificate from Huawei, granting privileges nowhere to be found on standard Android systems.”

“Wait a minute,” Wu asked in his post, “does that mean either Google is sneaking the stubs to Huawei, or Huawei is blatantly stealing Google’s stub binaries? The sole purpose of the app is to install Google Services on a non licensed device, and it sounds very sketchy to me, but I’m no lawyer so I have absolutely no idea of its legality.”

And so to the issue. It is not in Google’s or Huawei’s interest to be seen to flaunt U.S. restrictions so publicly. When Huawei’s consumer boss hinted to the media—ahead of the Mate 30 launch—that such workarounds would come, it was shutdown by the company’s official communications channels. And when the initial workaround appeared and then disappeared, Huawei told me that the “Mate 30 series is not pre-installed with GMS, and Huawei has had no involvement with www.lzplay.net.”

It is entirely feasible for Huawei and Google to shut down any workaround as the firmware on the Mate 30 devices is updated. What works today can easily cease working tomorrow. And so any user that buys a device with a workaround in mind needs to bear this risk, unless they want to prevent their device updating or play a constant game of tag with the tech companies, applying fix after fix.

All of which kind of leaves us back where we thought we had started. Despite great devices, most analysts expect Huawei’s Mate 30 sales outside China to take a huge hit. And Huawei needs to turn to Beijing and the discussions with Washington to make this current nightmarish Google drama go away.

Source: https://www.forbes.com/sites/zakdoffman/2019/10/08/huaweis-mate-30-nightmare-just-got-even-worse/#328c66776605

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tech News

Apple TV+’s head of scripted and unscripted shows has left the company

Published

on

By

Apple has lost one its streaming service’s top personnel, just a couple of weeks after TV+ went live. According to Deadline, Kim Rozenfeld, the head of current scripted programming and unscripted content for Apple TV+, has stepped down from his position. Deadline’s report didn’t expound on the circumstances behind Rozenfeld’s departure, but it did say that he signed a first-look deal with Apple for his production company, Half Full Studios. His LinkedIn page also says he left Apple this month, and that he has a “development, producing and consultant deal with Apple TV+ for scripted and documentary series” under his company.

Rozenfeld was one of the first people from Sony TV that Zack Van Amburg and Jamie Erlicht (former Sony TV heads) hired when they went to Apple. There was clearly a shift of some sort in the division after launch, though it’s still unclear what that means for TV+. Now that he’s exited, the service will combine its development and current programming teams under a single group of executives. Matt Cherniss, who was Rozenfeld’s counterpart as head of scripted development, will now also head up the service’s current scripted series team.

Source: https://www.engadget.com/2019/11/12/apple-tv-kim-rozenfeld-steps-down/

Continue Reading

Tech News

Apple pulls app that let you stalk people you follow on Instagram

Published

on

By

In October, Instagram phased out the “Following” tab. That’s because it shared a lot of information about what your friends and the people you follow were doing on the social network — maybe too much — and Instagram said some people were surprised their activity was showing up there. And now, the company is apparently keeping others from re-creating that idea: Apple has removed Like Patrol from the App Store, according to CNET.

At the end of October, Instagram sent a cease-and-desist letter to Like Patrol, an app described by its maker as the Following tab “on steroids,” and on Saturday, Apple reportedly removed it from its iOS marketplace entirely.

Like Patrol went beyond the Following tab in some potentially creepy ways, with a number of features that could let users stalk someone’s behavior on Instagram without them knowing. CNET reports that the app could notify you if someone you followed interacted with a post from a man or a woman, for example, and the app’s makers apparently claimed to “have an algorithm to detect if they were posts from attractive people.”

CNET reports Like Patrol was able to track Instagram users by scraping their public profiles for data — which violates Instagram’s policies, according to a Facebook spokesperson who spoke with CNET in October. Apple told CNET it removed Like Patrol for violating the company’s guidelines, but didn’t explain further.

Source: https://www.theverge.com/2019/11/11/20959419/apple-instagram-like-patrol-app-following-tab|

Continue Reading

Tech News

Fitbit users fear privacy invasion after $2.1bn Google acquisition

Published

on

By

Google’s recent acquisition of Fitbit for $2.1bn has left many users worried the tech giant may soon have access to their most intimate health information – from the number of steps they take each day to their breathing patterns, sleep quality or menstrual cycles.

Fitbit, founded in San Francisco in 2007, tracks the health data of 28 million users. In a blogpost following the acquisition on Friday, Fitbit claimed user data would not be sold or used for Google advertising. “Consumer trust is paramount to Fitbit. Strong privacy and security guidelines have been part of Fitbit’s DNA since day one, and this will not change,” the company said in a statement.

Still, dozens of Fitbit wearers complained on social media over the weekend about the Google takeover. “I tossed my Fitbit into the trash today,” one user tweeted. “I intend to sell my Fitbit and delete my account,” said another.

Google already keeps a trove of information on people, including location data, search history and YouTube viewing history. The company also creates advertisement profiles of users based on information such as location, gender, age, hobbies, career, interests, relationship status, possible weight (need to lose 10lb in one day?) and income.

I have a knee-jerk reaction to Google having any of my dataResearcher Veronica KB Olsen

Veronica KB Olsen, a research fellow at Cern in Geneva, said she immediately requested her data be deleted upon hearing news of the merger.

“I am usually careful about big tech companies gobbling up too much data, but especially Google,” she said. “I have a knee-jerk reaction to Google having any of my data. I try to opt out of most of the stuff they do.”

Because Olsen is based in Europe, Fitbit is required to delete her data if she requests it under the European Union’s General Data Protection Regulation (GDPR), which went into effect in 2018. Under GDPR, users are also entitled to copies of their own data.

But users in any location, even outside the EU, can delete their accounts via the Fitbit website. The company said it would then permanently delete data associated with the account after a seven-day grace period.

Olsen was sent a copy of the data collected during the last year she owned the device, a huge tranche of information that included her heart rate taken every few seconds. She said that even if Fitbit claims it does not share health data with Google, she didn’t want to take a chance by giving it more information.

“The more data points you have on someone, the more you can build a profile of their life,” she said.

The Fitbit acquisition comes despite recent antitrust scrutiny faced by Google after a US government inquiry into its impact on competition was announced in September. The investigation is meant to focus on the company’s advertising practices but could extend to its acquisitions of competing firms.

Google founded its own fitness tracking service, Google Fit, in 2014, but it has relied on third parties such as Fossil and Tag Heuer to produce Android-compatible smartwatches.

Even if Google claims it won’t use Fitbit health data for advertising, the acquisition is probably bad for user privacy, said Paul Bischoff, a privacy advocate with Comparitech. Just because the companies say user data will not be used for advertising now does not mean that won’t change, he said.

“Fitbit says health and wellness data will not be used for advertising, but that leaves plenty of other information for Google to gather, including users’ locations, device info, friends’ lists, messages, profile photos, participation in employee wellness programs, and usage logs,” he said.

Source: https://www.theguardian.com/technology/2019/nov/05/fitbit-google-acquisition-health-data

Continue Reading
Advertisement

Trending

%d bloggers like this: