A flaw had been discovered by the Android developer Dylan Roussel in the Huawei AppGallery due to which one can download paid apps for free. The Huawei smartphones did not have the access to Google Play Store since the Huawei devices have banned from US. Huawei offered the AppGallery, which is part of the Huawei Mobile Services suite for the downloading of different apps.
The flaw in the Huawei AppGallery has created a vulnerability in it. It can download paid apps for free. The Android developer said that due to this flaw no protection is available for the paid apps. The developer further added that a little technical know-how and work can easily make one able to obtain the APK link for the paid apps and apps can be download without paying a penny.
According to the Roussel, he had thoroughly exploited the vulnerability and he had been able to download multiple paid apps. He further added that this problem is coming from the device developer not from the apps developers. The Chinese company needs to work on the issue and remove the flaw.
Roussel after discovering the flaw had given the Chinese company five weeks to overcome the problem. He had discovered this vulnerability back in February. Till now the problem had not been fixed and paid apps can still be downloaded free of cost, but it can be assumed that company will be working on the problem.
Huawei only recently acknowledged Mr. Roussel’s email and assigned an ID to the vulnerability. They also offered him a bug bounty, for discovering the problem. But Mr. Roussel had declined the bounty for personal reasons.
This vulnerability in the Huawei AppGallery not only rips the app developers of their earnings but also threatens the app piracy.
It is dangerous and attackers can easily use the API to download a large number of paid apps without even going to the AppGallery.
Also Read: Huawei records 28% dip in sales in the U.S