September 28, 2019

Could Google lock Huawei out of Play?

Well, Trumpelstilzchen won (this time). The Huawei Mate 30 won't come preloaded with Google Apps, meaning it will pretty much not come at all. But what if Huawei decided to simply ignore the embargo and ship with the Gapps suite anyway. After all, the company is based in China, way outside of US jurisdiction. Could Google lock Huawei out of Play if push came to shove?

Fun fact: the Android ecosystem is fragmented (Surprise!). Not every app runs on every device and to minimize compatibility issues, Play gives developers the option to manually exclude devices. Owners of these devices are then prohibited from downloading the app in question. So, considering that the filtering infrastructure is already in place, it should probably be no trouble at all for Google to configure a global “no Huawei” filter. But how effective would that be? Could Huawei sneak past? Would it be advisable?

Hacks galore!

Device manufacturers that want to preload Google Play Services need go through a certification process and pay license fees. Though, they don’t need to register their devices, in the sense that each model is assigned a unique API key:

  • Models often come in variants (different color, memory size,…) that may be encoded in the model number. Absolutely no one wants to manage per variant API keys. Especially not if the only difference is something as minor as the cover’s pattern.
  • API keys can easily be extracted from the device’s memory. They don’t provide any kind of real access control to begin with.

As far as Play is concerned, a device simply is what it claims to be. Meaning, Huawei could just masquerade it’s Mate 30 as Thingamabob by Acme Inc. if they wanted to. Not a very helpful thing to do, though, since any made up name would end up faster on the no-fly list than production can be sold off. The only way around that is to masquerade as smartphone from a different manufacturer. For that, Huawei would have to lie in three places:

  1. When registering a new GSF ID (once; whenever a new account is bound to the device).
  2. For Checkins (regularly; about once per hour).
  3. When downloading apps (compatibility check).

The obvious solution would be to outsource registration and checkin into a separate process while preloading a modded version of the Play client with a hard coded user agent string. Sounds plain and simple, but unfortunately, wouldn’t work at all, since the app updates itself automatically through the Playstore, inevitably killing the mod (note: code signing isn’t be an issue here. Signatures are only checked by the package manager at install time, not at runtime). The next idea would be to ship the lie in 📁 /system/build.prop and to let it propagate through the entire Android framework from there. This, however, will only work as long as Google isn’t looking too closely and can have a ton of unforseeable side effects. So, bad idea as well. This leaves the final option on the table: build a complete clone of the Playstore app and the underlying Google Play services framework from scratch. It’s certainly doable, but requires a lot of work and the devil is in the details.

Marketing: let’s talk about shooting yourself in the foot

In principle, Huawei could probably disguise it’s own devices as smartphones produced by other manufacturers. It could not be kept secret though. Especially not from their own customers.

Selling products under a someone else’s label is an absolute no-go for a brand manufacturer. I mean, you don’t spend tons of money on advertising in order to make your name known to consumers, just to then divert their attention towards your competitors. In Huawei’s case, this would happen in three places:

  • In the ROM Image itself.
  • On the Play website
  • Within the Account Manager website.

Relabeling the product within the software on the device itself is largely safe from prying eyes, as far as regular consumers are concerned. But there are, of course, people who earn their money by looking for exactly that kind of thing. They would find it, no doubt, resulting in the press having a field day. Huawei would not only instantly earn itself the reputation of being China’s largest knock-off manufacturer and involuntarily promote the competition as well.

The far bigger issue, however, is that Huawei supplies the mass market, i.e. millions of technically almost illiterate users that are going to learn through Google that they are supposedly using a type of smartphone which they don’t actually own. This can be quite irritating, if not outright scary, when seeing that their Google account was logged in from an unknown device. It’s foreseeable that many of these users will ask their vendor for help, probably even try to return the “faulty” device. Most stores are likely to take Huawei products off the shelves as a precaution under such circumstances.

Legally, Huawei has little to fear in China, but that’s the thing, isn’t it? They can’t serve the global market without sticking their neck out of their home turf. Everywhere else in the world, the vultures are already waiting, without the the Trump administration having to lift a single finger.

To illustrate, let’s assume, Huawei would masquerade the Mate 30 as a Galaxy Note 10. Then they’d furnish Samsung a fit occasion to sue their largest competitor off the market under the pretense of trademark infringement. Things don’t look much better with any other smartphone manufacturer either. Every marketing team would see an (easy to win) lawsuit as just another PR opportunity and no one can afford to be Huawei’s accomplice in this anyways.

Google itself would also be forced to sue over copyright infringement (even if Huawei’s solution doesn’t contain any Google code at all. A 100% clone still, by definition, looks like the original). On one hand because of government pressure, on the other because Play is their biggest leverage. If there was a fully functional third party client implementation, then smartphone manufacturers could no longer be bullied to preload the original including the entire Gapps suite (and pay license fees for the whole thing). So Google pretty much can’t afford to let Huawei get away with it, even if they hadn’t Trump breath down their neck.

Ignoring the US embargo would only result in a flood of lawsuits and confiscated wares. Bottom line: just expenses, no profit.

Conclusion

Could Huawei sneak by the embargo by masquerading its devices? Sure, technically it’s possible, but for a brand manufacturer, it would be suicide.