- A flaw in Huawei’s AppGallery will be exploited to obtain paid Android apps without spending a dime.
- The difficulty stays unresolved weeks after a developer introduced it to Huawei’s consideration.
A newfound vulnerability within the Huawei AppGallery makes it potential for anybody to obtain paid apps without spending a dime.
For the reason that US Ban, Huawei telephones haven’t had entry to the Google Play Retailer to obtain apps. The Chinese language OEM presents its personal AppGallery, which is an element of its Huawei Cellular Companies suite.
The most recent flaw in Huawei’s app retailer was found by Android developer Dylan Roussel. Basically, the API of the AppGallery doesn’t supply any safety for paid apps. It takes a little bit of work and a few technical know-how, but when you have got that, you may simply receive an APK hyperlink for premium apps and obtain them with out paying something.
Roussel was capable of obtain and use a number of paid apps by exploiting the vulnerability. He notes that the issue doesn’t lie with app builders not enabling license verification on their apps. It’s a difficulty that Huawei must resolve at its finish.
Not solely does this rob builders of their potential earnings, nevertheless it’s additionally an accessible doorway for app piracy. Attackers may use the API to obtain numerous paid apps with out even needing to undergo the AppGallery.
Roussel knowledgeable Huawei in regards to the flaw in February. He gave them 5 weeks to repair the issue. Nevertheless, weeks later, the difficulty persists. Paid apps can nonetheless be downloaded freely from the AppGallery. Nevertheless, we assume it received’t be lengthy earlier than the corporate fixes issues. It not too long ago acknowledged Roussel’s e-mail and assigned an ID to the vulnerability. In addition they provided him a bug bounty, however he declined for private causes.