Huawei AppGallery flaw allegedly allows anyone to download paid apps for free
Ever since it got caught in the US vs. China crossfire, Huawei has had to develop its own software solutions, as it’s banned from using Google’s. One of those is AppGallery, and it’s basically Huawei’s version of the Google Play Store or Apple App Store.
AppGallery apparently has a pretty huge issue, one which, according to one developer, has gone unfixed for months even though he reported it to Huawei back in February.
This flaw allows anyone with a bit of technical know-how and some time and willingness to put in a tiny bit of effort to basically download and install any paid app from AppGallery without actually paying for it. Needless to say, that sounds rather bad for the developers who’ve stuck it out with Huawei so far.
Dylan Roussel, the developer who found the problem, stresses that the issue isn’t with app developers themselves not enabling license verification on their apps, but is instead a flaw on Huawei’s end, which has so far gone unresolved. The gist of it is that the AppGallery API doesn’t offer any protection for paid apps.
Roussel himself was able to download and use multiple paid apps by exploiting this vulnerability. Clearly this is problematic because pirates could use the API to download a large number of paid apps at a time, thus preventing app developers from earning as much as they otherwise would have. Hopefully Huawei intervenes soon.