A loophole in the AppGallery allows Huawei devices to download paid apps for free


After the US ban, Huawei missing access to Google services. As a result, she had to invest more resources into her own program.

Part of that is Huawei AppGallery, the company’s alternative to the Google Play Store. Now, the whole point of the App Store is to hand sth. out apps, and that includes raising money for paid titles. Unfortunately for Huawei, there seems to be a flaw that allows users to download paid apps for free.

Android developer Dylan Russell has discovered a vulnerability that causes APK download links of free and paid apps to be returned. He was able to download the mentioned apps through the links, install and use them without any hassle.

To make certain it wasn’t a license verification issue with a single app, repeat the process with multiple apps – the results were the same, confirming that the bug was indeed in the Huawei Store system. To further prove this finding, one of the games he tested had a license check that successfully prevented him from using it – the exception that proves the rule.

Aside from the potential for Huawei and developers to lose profits, app hackers could exploit the vulnerability to gain access to premium addresses for suspicious purposes.

Russell initially contacted Huawei shortly after the flaw was discovered in February. He offered them 5 weeks to sort it out, but after the company ignored him for 13 weeks, he finally announced his findings.

Leave A Reply

Please enter your comment!
Please enter your name here