If you follow the tech industry, you’re probably aware that Huawei is in a lot of trouble. The company was subject to a US trade ban in May 2019, which prevented it from working with some of its long-term partners including Google. This means Huawei phones cannot access Google services such as the Play Store. So, the company had to create its own alternative to the Google Play Store called “AppGallery”. However, it is reported that AppGallery is facing a certain glitch that allows users to download paid apps for free.
This vulnerability/glitch has been discovered by Dylan Roussel. He found that the API of Huawei’s AppGallery offers no protection for paid applications. It is reportedly possible to obtain a genuine APK download link for premium apps without even having to pay for it.
To make sure that it wasn’t the issue with just one particular app, Russel tried downloading multiple apps and he was successful each time. However, one game he downloaded had a license verification, which he failed to pass.
Russel even emailed Huawei informing them about the issue and offered them 5 weeks to fix it. Now it has been 13 Weeks and the vulnerability still persists. So, he decided to disclose it publicly.
Huawei’s ignorance can have a grave impact on the earnings of developers who have published their apps in Huawei’s AppGallery. Not only that, but this issue also invites app piracy. Attackers could exploit the API to download a huge number of premium apps without even visiting the AppGallery.
If you’re an app developer with a paid app published in Huawei’s AppGallery, it is advisable for you to implement additional means of protection to your application through DRM, like the AppGallery DRM Service.
Related:
