Huawei AppGallery |
Since the US ban, Huawei's new phones have lost the provision of Google GMS services. As a result, Huawei had to invest more resources in developing its own software store and supporting services, Huawei Mobile Services (HMS), for use on its own phones, including Huawei AppGallery.
Of course, since it is the benchmark for the PlayStore, the significance of the AppGallery application store is not only to promote software but also to generate revenue for paid games. But now a developer has discovered a vulnerability in Huawei’s AppGallery, which allows users to download paid Apps for free.
Android developer @Dylan Roussel discovered a vulnerability while exploring the AppGallery store API, through which Huawei returns (corresponding to data requests) APK download links for free and paid apps, while the underlying API of Huawei AppGallery does not provide paid apps provide any protection.
He tried it out and eventually found that users didn’t have to pay for a particular app, or even log in to an account, to get a valid download link for a paid app. He said that this vulnerability can help others to easily download pirated apps, and install and use them without any trouble.
To make sure it wasn’t a license verification issue for one app, he also repeated the process for multiple apps – it turned out that other apps responded the same, confirming that the vulnerability was indeed on Huawei’s side.
He first discovered the vulnerability in February this year and then contacted Huawei for feedback. According to industry rules, he gave Huawei 5 weeks to fix the vulnerability, and Huawei has also been aware of the vulnerability and admitted it. After 13 weeks, he decided to go public with the discovery, though Huawei has yet to release a report on whether the vulnerability has been fixed or give a timeline for a planned fix.
The best solution for Huawei AppGallery program developers is to ensure that your App has DRM protection, such as the AppGallery DRM service. It checks to see if the user has purchased the app when they open it, and it’s also a great way to make sure the app isn’t redistributed to others.