Get paid apps for free with Huawei AppGallery bug

A recent discovery has revealed that anyone can easily download and use paid apps from the Huawei AppGallery without actually paying anything. This vulnerability makes it possible for anyone to exploit the system and download premium apps for free. This problem was discovered by Android developer Dylan Roussel, who found that the API of the AppGallery does not offer any protection for paid apps. This means that with a bit of work and some technical know-how, anyone can obtain an APK link for a paid app and download it without paying anything.

Roussel was able to successfully download and use multiple paid apps by exploiting this vulnerability. He notes that the problem does not lie with app developers not enabling license verification on their apps. Instead, this is an issue that needs to be resolved by Huawei at its end. Not only does this rob developers of their potential earnings, but it’s also an accessible doorway for app piracy. Attackers could use the API to download a large number of paid apps without even needing to go through the AppGallery. Roussel informed Huawei about the flaw in February. He gave them five weeks to fix the problem. However, weeks later, the issue persists. Paid apps can still be downloaded freely from the AppGallery. However, we assume it won’t be long before the company fixes things.

Source: www.gsmarena.com