Huawei AppGallery flaw allegedly allows anyone to download paid apps for free
Ever since it got caught in the US vs. China crossfire, Huawei has had to develop its own software solutions, as it’s banned from using Google’s. One of those is AppGallery, and it’s basically Huawei’s version of the Google Play Store or Apple App Store.
AppGallery appears to have a very large issue that has been unfixed since February, even though one developer reported the problem to Huawei in February.
Anyone with some technical knowledge and a willingness to work a little bit can download any paid AppGallery app and have it installed without paying anything. Needless to say, that sounds rather bad for the developers who’ve stuck it out with Huawei so far.
Dylan Roussel is the one who discovered the issue. He says that it is not the app developers’ failure to enable license verification for their apps. It is a problem on Huawei’s part, which so far has not been resolved. The gist of it is that the AppGallery API doesn’t offer any protection for paid apps.
Roussel himself was able to download and use multiple paid apps by exploiting this vulnerability. Clearly this is problematic because pirates could use the API to download a large number of paid apps at a time, thus preventing app developers from earning as much as they otherwise would have. Hopefully Huawei intervenes soon.