Thursday, September 24, 2009

China, no Google Maps for you (maybe)

Today I was making the API for GraphicsServices, and found something... interesting.

Since 3.0 it was "well known" that there is a mysterious capability called as "Green Tea". Nothing was known except for this funny name. Things start to get clear in the 3.1 firmware. The GraphicsServices of 3.1 has a new set of API for querying some properties of Maps and MapKit. Strangely, in the disassembly of these functions, the mysterious "Green Tea" capability was refered, e.g.
Boolean GSMapKitUserShifting() {
static CFStringRef gtDefault = CFSTR("MapKitUserShiftingGreenTea");
static CFStringRef ngtDefault = CFSTR("MapKitUserShiftingNonGreenTea");
if (GSSystemHasCapability(CFSTR("green-tea")))
return GetMapsDefault(gtDefault);
return GetMapsDefault(ngtDefault);

It means the "Green Tea" capability is related to Maps, and takes different default values. No big deal right?

Moving downwards shows a more horrific picture, e.g. the GSMapKitAvailable() function is
Boolean GSMapKitAvailable() {
if (!GSSystemHasCapability(CFSTR("green-tea")))
return true;
else {
static CFStringRef defaultName = CFSTR("MapKitAvailableGreenTea");
return GetMapsDefault(defaultName);

Ah, when a device is "Not Green Tea", it directly says MapKit is available, but when the device is "Green Tea" it needs to check a default value? Sounds more like a restriction than a capability!

Further down, in GSMapsVisible(),
static Boolean _mapsLastVisible;
Boolean GSMapsVisible() {
static Boolean _registeredListener = false;
_mapsLastVisible = _GSMapsVisible();
if (!_registeredListener) {
CFNotificationCenterAddObserver(CFNotificationCenterGetDarwinNotifyCenter(), NULL, CarrierBundleChangedHandler, CFSTR("NewCarrierNotification"), NULL, 0);
_registeredListener = true;
return _mapsLastVisible;

_GSMapsVisible() has a same "Green Tea" check as GSMapKitAvailable(). Strangely, it subscribes to the "New Carrier" Darwin notification, which probably means the Carrier can decide if Maps is visible or not (if can be edited)!

So what does this "Green Tea" capability refers to? If we turn to GMM.framework, we can find the following code:
 +00244 0000ba5c             ldr               r0,[pc,r0]                        ; -> kGSGreenTeaDeviceCapability _mh_dylib_header
+00248 0000ba60 ldr r0,[r0] ; -> _mh_dylib_header
+0024c 0000ba64 bl GSSystemHasCapability (stub)
+00250 0000ba68 ldr r3,[pc,#0x1bc] ; -> 0xbc2c
+00254 0000ba6c add r3,pc,r3 ; GMM::Factory::isChinaDevice_
+00258 0000ba70 subs r0,r0,#0x0
+0025c 0000ba74 movne r0,#0x1
+00260 0000ba78 strb r0,[r3] ; -> GMM::Factory::isChinaDevice_

So having "Green Tea" is equivalent to China device! Let's recap:
  1. Green Tea ⇒ Maps can be disabled.
  2. Visibility of Maps is affected by Carrier
  3. Green Tea = China Device

so a logical conclusion could be Carriers in China can affect the visibility of iPhone's Maps. Could it be a political decision? No matter what, China's iPhone already has no WiFi, but turns out it could be more crippled than expected.


  1. I am always amazed at the things you find and your wizardry hacking skills at all things iPhone. I love grip and quickscroll. Before that, I really appreciated hclipboard. No doubt, China would not want people knowing where the borders of the country are so as to escape to less enlightened republics. So no maps for you!

  2. Is the WiFi disabled in the software (jailbreaking will re-enable it) or it's special hardware ?

  3. @Anonymous: there's no WiFi chip on the China iPhone IIRC. But for the maps restriction it's just software restriction (that even a sandboxed AppStore app should be able to partly reenable it.)

  4. It's intriguing that a country like China ( actually its citizens), strong at software development, for internet and mobile phones users, doesn't have access to all the inventions in this field.

  5. Great subject. I have been playing around with the idea of the comment structure recently.

    The popular comment layout is common, so it is easily recognized when scanning to post a comment. If the comment section is in a different format, then I am going to spend more time trying to decipher what everything means.
    IT Provider