A Security Flaw In Huawei Appgallery Allows You To Download Paid Android Apps From This Store For Free.
The Huawei AppGallery bug persists a few weeks after a developer reported it to Huawei.
As Androidauthority points out, Huawei has not been able to use the Google Play Store on its Android smartphones since imposed US sanctions. To meet users’ needs, Huawei has developed its app store called AppGallery, part of its mobile service portfolio.
Android developer Dylan Russell has discovered the latest bug in the AppGallery store. The API of this store does not provide any protection for paid applications. With a bit of work and a little technical knowledge, you can use the API of this store to get the download link of paid programs for free and download it without paying.
Russell was able to download several paid apps using the vulnerability discovered in AppGallery.
He points out that this is not a problem with disabling licensing in-app developers’ apps, and in fact, Huawei needs to fix it.
This bug will reduce the potential revenue of developers and be a gateway to stealing AppGallery. Attackers can use the Huawei AppGallery Store API to download paid apps for free without going to the store and paying.
Russell reported the bug to Huawei in February. He gave them five weeks to resolve the issue. However, after a few weeks, the security flaw of AppGallery persists, and people can download paid apps for free from this store. It does not seem to be taking longer for Huawei to fix this problem.
Russell has confirmed that an ID has been assigned to the vulnerability. Huawei also offered an award to the developer for discovering this security issue, but he did not accept the prize for some reason.