A security hole in the Huawei AppGallery means that paid apps can be downloaded for free.
Enlarge
A gap in the Huawei AppGallery allows paid apps to be downloaded free of charge.
©Huawei
Huawei has lost access to Google’s services as a result of a US ban. For this reason, the Chinese company has to offer alternative software solutions on its devices. This also includes the Huawei AppGallery, which is the counterpart to the Google Play Store.
Vulnerability makes paid apps free
Android developer Dylan Roussel discovered a vulnerability in Huawei AppGallery, which allows users to download paid apps for free. While browsing the App Store API, he found a vulnerability that was used to return APK download links for both paid and free apps. Through these links, Roussel was able to download, install, and use various applications. According to Roussel, the error in app license verification lies with Huawei.
Gap should be closed by May 25th
The vulnerability not only costs Huawei revenue, but could also lead to app pirates using the vulnerability for dubious purposes by accessing paid software. Roussel informed Huawei about the vulnerability back in February, but the company didn’t respond to his tip. For this reason, the developer is now making the vulnerability public. Huawei has finally reacted to this and announced that it intends to close the gap by May 25, 2022.
