So there is this thread on Twitter going around about Huawei phone tracking your location. While it looks scary at first, there are some information gaps in this reverse engineering analysis that made it appear much worse than it actually it. Let me break it down.
Is It An App… Or a Service?
In the second sentence of this thread, the author claimed that Decision was an app:
The 1st app I reversed is an app called Decision
However, later down the thread, the author also claims that this app has no UI:
To be clear, this app is composed of 3 background services and 2 services. There is NO UI in this app.
Well… That means this is a service, not an app.
In a typical Android app, you want to delegate non-UI or non-interactive processes to services so that your app logic is more clean. That’s why Google apps rely on Google Play services for location data as well.
You don’t need to trust me, just look at Google Pay Services docs, which I quote here:
Using the Google Play services location APIs, your app can request the last known location of the user’s device. In most cases, you are interested in the user’s current location, which is usually equivalent to the last known location of the device.
And yes, Google Play services also send this data to Google:
- Delete Google Maps? Go ahead, says Google, we’ll still track you
- Yes, Google Play is tracking you — and that’s just the tip of a very large iceberg
So in essence, this service is just doing what a location service is design to do, which is no different from Google Play services in terms of location data collection.
Given that Google Play services are generally not accessible in China, it would make sense for Huawei to build their own location services. And it is very clear from the de-compiled code that this was intended to provide route information when user is close to certain POIs (in geo-related products, it stands for point of interest, NOT person of interest).
But it is a Chinese Company, with the Chinese Government behind it
If you believe that Chinese government has access to all data from Chinese companies, then you are right to be worried about this.
What I am pointing out in this post is merely the fact that this is a standard practice for writing apps and services, not some malware or hidden tracking app.
Is it tracking your data? Absolutely yes.
Is it unethical or invasive of your privacy? About as unethical and invasive as Google.
Want to learn more about other Chinese apps and Internet services? Check out my other posts.