Huawei phone ban: Google issues new security warning

(Image credit: Future)

Google has issued a warning against downloading its apps (or any apps) outside the “safe” environment of the Play Store and installing them on newer Huawei phones. And of course they are right — to a point. 

The warning comes as part of a Google letter to users (via 9to5google) written by Google’s legal director for the Play Store Tristan Ostrowski. In it, he clarifies the Mountain View company’s position regarding the Huawei ban, which prohibits companies like Google to install its products on Huawei products.

Huawei has been accused by the U.S. government of basically being a spy agent for the Chinese government. Huawei has been prohibited from selling its phones in the U.S. and U.S. companies have been ordered to not collaborate in any way with Huawei — except to support products shipped before the ban.

Google gives a stern warning that basically tells Huawei and all Android users that “thou shall not use apps from any other place but the Google Play Store or thou shall be smitten to smithereens”. 

Sideloaded Google apps will not work reliably because we do not allow these services to run on uncertified devices where security may be compromised. Sideloading Google’s apps also carries a high risk of installing an app that has been altered or tampered with in ways that can compromise user security.

Tristan Ostrowski, Google

What is sideloading?

First, let’s clarify what sideloading means for the uninitiated.

In broad terms, it means downloading an application install package (called APK) and opening it in your Android phone to install the app. 

Using this practice, any user can use any app, despite not having the permission to use the Play Store. If you want to install Gmail, you can go to a site, download the Gmail APK, install it, and use it.

However, if you download an APK online, you could be opening yourself to malware. 

Ironically, the Google Play store has hosted plenty of rogue applications on multiple occasions. And the Google Play Protect tool has been found to not protect its users very well.  

Can I trust anyone to sideload apps?

APKMirror is perhaps the most popular and trustable of all repository sites. It’s operated by the website Android Police. I have used them a few times and never encountered a problem. 

Here’s what the APK says in its FAQ about how they check that all app packages are safe:

“All uploads are verified prior to publishing. 

We make sure that the cryptographic signatures for new versions of all previously published apps match the original ones, which means we know if uploaded APKs were signed by the real devs or someone pretending to be them. Note: has been protected from the Janus vulnerability in Android from day one."

Again, you should always be careful but, if you have a Huawei phone and you want to sideload Google’s apps, this could be the way to go.

Jesus Diaz

Jesus Diaz founded the new Sploid for Gawker Media after seven years working at Gizmodo, where he helmed the lost-in-a-bar iPhone 4 story and wrote old angry man rants, among other things. He's a creative director, screenwriter, and producer at The Magic Sauce, and currently writes for Fast Company and Tom's Guide.