Huawei knows about it, but is in no hurry to close it. ljubye-prilozhenija-besplatno-0ccf9f4.jpg” alt=”The developer found a vulnerability in AppGallery. It allows you to download any application for free” />
Android developer Dylan Russell spoke in his blog about the vulnerability of the AppGallery app store, which is used in some Huawei and Honor smartphones as an alternative to Google Play. The API of the service allows you to get links to download the APK of both paid and free applications, without even requiring you to log in to your account.
To make sure it wasn't a licensing issue for one particular application, he repeated the procedure with several other programs – and the result was identical. Of those tested, only one game had protection that prevented him from using the application thus obtained.
This hurts not only the earnings of Huawei and developers, but also ordinary users. This loophole can make life easier for scammers, allowing, for example, to take the code of a popular application, modify it and distribute a file with viruses or trackers on the Web under the guise of a free hacked version.
To developers who are published in the Huawei application store, it is recommended to use additional protection measures – for example, the AppGallery DRM Service system, which checks every time the application is launched whether it was purchased by this user. If the purchase is not confirmed, the user is sent to the store. This is a simple method that prevents the purchased program from being transferred to other users.
Russell noted that he found this vulnerability and warned Huawei about it in February, but did not receive a response, after which he decided to make the problem public.Cover: Claudio Schwarz/Unsplash