Skip to content
Captured DNS requests from Huawei P30 Pro to a block list
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
img Add analysis on Apr 22, 2019 Add information and link to issue #3 May 6, 2019 Fix typo on domain name Apr 23, 2019
master.txt Update lists Apr 22, 2019
requirements.txt Update project dependencies Apr 20, 2019 Update master.txt to exclude whitelisted domains Apr 22, 2019
whitelist.txt Update lists Apr 22, 2019



As a solely maintainer for this project, please accept my deepest apologies for mistakes which cause misunderstadning for Huawei brand and customers. The fact that Huawei P30 Pro initated connections to is not true.

I still maintain this project for my own benefits. Please use it at your own risk. Please see more info in next section, on an anaylsis of

Explanation for An Existing of

Please see my statement above

Due to my responsibility for this hobby research to prevent distributing misleading or misunderstanding information, and suggestions made by other researchers to discover more findings or correct me if I did something wrong. As an intention for this research I told everyone in Thai, we couldn't and shouldn't make a conclusion in this moment until we can see everything clearly.

The requests to were happened during testing, originate from Please see this analysis report for more info

I got a very useful information from @Sraw about, please see on issue #3.


  • April 22, 2019: Received a message from Huawei Thailand for supporting. They will try to coordinate with Huawei HQ.
  • April 23, 2019:
    • Sent more information about an analysis of to Huawei Thailand
    • Updated code and lists to support whitelist domain names and exclude false positive domain names
    • Updated posts to 2600 Thailand, /r/netsec on the thread and other media
    • Huawei Thailand ackownledged new update on false positive
    • Apology statements both in Thai and English have been distributed


Domain names on master.txt are captured DNS requests from Huawei P30 Pro purchased in Thailand. All domains located in China and/or has an IP address within China's ASN. The device hasn't configured with Huawei services, including Huawei ID or any Hi services.

Please note that:

  • The block list may includes test domain names, and
  • By relying on techniques in to verify location domain names. Some domain names such as and are not flagged. I will find a way to fix this issue later.

Setup Blocking

Setup Blocking with Algo VPN

  1. Setup Algo VPN and enable adblocking feature on both server and client-side
  2. Update /usr/local/sbin/ to include the raw version of block list. The block list should be appended to BLOCKLIST_URLS variable.
awk '{gsub(/"$/," \"")}' /usr/local/sbin/
  1. Execute /usr/local/sbin/ to apply new block list to dnsmasq. The script will be automatically executed by cron to pull and apply any updates.
sh /usr/local/sbin/

Setup Blocking with OpenDNS

If you don't have your own server or don't want to mess with configuration stuff, you can get a free OpenDNS account which you can create up to 25 domains to block. However, OpenDNS doesn't support leading dot domain like .cn. I recommend to add each domain which has only ccTLD, and add something like or to make you life easier.


Version of ROM

  • Android 9
  • EMUI 9.1.0 (Build number
  • Vendor country info
    • Vendor: HW
    • Country: spcseas

Pre-installed Appllications

There are consumer applications already installed on the device, including Uber, Facebook and SwiftKey, but I can't remember all of it. System-related and utilities are listing below, except* and*.

  • com.hisi.mapcon
  • com.huawei.HwMultiScreenShot
  • com.huawei.KoBackup
  • com.huawei.androidx
  • com.huawei.aod
  • com.huawei.appmarket
  • com.huawei.arengine.service
  • com.huawei.autoinstallapkfrommcc
  • com.huawei.bluetooth
  • com.huawei.browser
  • com.huawei.contacts.sync
  • com.huawei.contactscamcard
  • com.huawei.desktop.explorer
  • com.huawei.desktop.systemui
  • com.huawei.featurelayer.featureframework
  • com.huawei.gameassistant
  • com.huawei.hiaction
  • com.huawei.hiai
  • com.huawei.hicard
  • com.huawei.hidisk
  • com.huawei.hifolder
  • com.huawei.himovie.overseas
  • com.huawei.hitouch
  • com.huawei.hiview
  • com.huawei.hiviewtunnel
  • com.huawei.hwasm
  • com.huawei.hwdetectrepair
  • com.huawei.hwid
  • com.huawei.hwstartupguide
  • com.huawei.iaware
  • com.huawei.iconnect
  • com.huawei.imedia.dolby
  • com.huawei.ims
  • com.huawei.intelligent
  • com.huawei.languagedownloader
  • com.huawei.lbs
  • com.huawei.livewallpaper.paradise
  • com.huawei.mmitest
  • com.huawei.motionservice
  • com.huawei.msdp
  • com.huawei.nb.service
  • com.huawei.nearby
  • com.huawei.numberidentity
  • com.huawei.omacp
  • com.huawei.parentcontrol
  • com.huawei.pcassistant
  • com.huawei.phoneservice
  • com.huawei.powergenie
  • com.huawei.printservice
  • com.huawei.recsys
  • com.huawei.scanner
  • com.huawei.screenrecorder
  • com.huawei.securitymgr
  • com.huawei.synergy
  • com.huawei.systemmanager
  • com.huawei.systemserver
  • com.huawei.tmecustomize
  • com.huawei.trustagent
  • com.huawei.vassistant
  • com.huawei.videoeditor
  • com.huawei.wifieapsimplmn
  • com.huawei.wifiprobqeservice
  • com.ironsource.appcloud.oobe.huawei
  • com.qeexo.smartshot
  • com.swiftkey.swiftkeyconfigurator
  • com.touchtype.swiftkey

Configuration of Huawei-related Applications

The following list are "Do not accept to share information" applications. These applications still showing a privacy notice to me or still need my permission to access system components:

  • AppGallery
  • AppAssistant
  • HUAWEI Themes
  • HUAWEI Browser
  • HiCare
  • Recorder
  • Backup
  • PhoneClone

The following features are disabled:

  • Huawei Share
  • HiTouch

Network Configuration

Cellular network from one of top three mobile operators in Thailand. Always connecting to personal VPN deployed on Amazon EC2 instance in Asia Pacific region. The VPN I used is Algo from trailofbits with a local DNS server (dnsmasq), connect via WireGuard.

Usage Behaviors

Mostly like every normal users do. Brought back to Songkran Festival to try one of the best camera phones in the world. Listening to Blackpink's new album. Reading articles. Tweeting.

You can’t perform that action at this time.