THREAD: I'm looking at a Huawei P20 from China, let see what can I found

The 1st app I reversed is an app called Decision

Look at the name of the files contains in the assets folder:

- airport_china.txt

- city_china.txt

- cityinfo.db

- parkinglot_china.txt

- railwayinfo.db

- trainInfo.db

- trainstation.db



Interesting, no?

For example, the trainstation database contains:

- address

- name

- latitude

- longitude

- city

In the manifest of this application, there is a GeoReceiver

This receiver is receiving an UUID and will lookup an known fence id

I'm a stupid security researcher. For the moment, the keywords are: train, airport, city, geo fence... Do you see where we are going?

In the data folder, there is a file called CalcMain. Here some of the methods of this class:

- callGetBusTime

- callGetTaxiTime

- isTrafficBusy

- callGetHomeCity

- callHasHotelTicket

- callGetAirportMultiPoi

- callHasGroupBuyingTicket

- ...

Nice data types haha

To be clear, this app is composed of 3 background services and 2 services. There is NO UI in this app.

Please be nice "DO NOT KILL ME >_<"

This is the kind of function that I love to find

This app doesn't seems to send the data BUT they communicate with another service called HiActionService which is coming from an Huawei app called HiAction

The previous screenshot is from the class called ActionCommonUtil. We can easily that Decision is sending all his events to this service through the methods in this class.

I will study the app HiAction another time but what you have to know is that this app is sending the data to hicloud[.]com, "the Huawei Cloud"

In order to be more discreet, the OEM dispatch the responsibilities to multiple apps. In this case:

1. An app or the modified Android is getting your location regularly. It will trigger a GEO_ALARM_TRIGGERED to the Decision app

2. Decision app is getting this location and check with his internal databases. If there is a match, it will generate an event

3. Decision will send this event to HiAction

4. HiAction will upload the data to the Huawei cloud

Ugly, no?

Ofc, this is the big picture, I need more time to get all the details.

I started this thread 2 hours ago. Decision app was the first app I checked. I still have a lot of Huawei apps to check

Ofc, I will continue this thread later 😏

If it was not clear enough: DO NOT buy @Huawei phones. NEVER.

Wow my English is really broken when I’m tired

You can follow @fs0c131y.

Share this thread

Bookmark

____

Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.



Enjoy Threader? Sign up.



Since you’re here...



... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.



Download Threader on iOS.