A newly discovered flaw in Huawei’s AppGallery store makes it possible for paid Android apps to be downloaded for free.
Given the ongoing sanctions against Huawei that prevent the phone maker from using Google’s services (among other things), the company’s own suite of apps and services have been critically important. This includes the AppGallery store, which allows for distributing Android apps without the Google Play Store. The AppGallery offers both free applications and premium apps that need to be paid for.
In a new exploit discovered by Android developer (and 9to5Google contributor) Dylan Roussel, the underlying API of Huawei’s AppGallery store offers no protection for paid applications. Without needing to pay for a particular app or even so much as log into an account, it’s reportedly possible to obtain a valid APK download link for premium apps. In effect, this exploit in Huawei’s AppGallery could be used for app piracy.
Huawei has been made aware of the vulnerability and has acknowledged it, but the company has not yet shared any plans or timeline for the issue to be fixed.
In the meantime, if you’re an app developer with a paid app in Huawei’s AppGallery, your best bet would be to ensure that you have an additional means of protecting your application through DRM, such as the AppGallery DRM Service. This sort of protection is good practice, anyway, as a paid app without DRM protection could be freely distributed to others after only a single purchase.
More on Android:
- Pixel 6 series helps Google to reach UK sales top 5 for first time in Q1 2022 w/ 3.3% market share
- Amazon finally brings USB-C to its most affordable Android tablet, the $60 Fire 7
- Material You on Android 12 awarded prestigious iF Gold Design Award
Author: Kyle Bradshaw
Source: 9TO5Google