Huawei AppGallery: a flaw allows paid apps to be installed for free!

AppGallery, Huawei’s Android app store, suffers from a serious security breach. By exploiting the vulnerability, it is possible to install paid applications for free. Despite the warnings received, Huawei has not yet patched the breach.

Huawei App Gallery
Huawei App Gallery

A flaw has just been discovered in AppGallery, Huawei’s Android application store. According to Dylan Roussel, a French developer, the vulnerability allows a user to install paid Android apps on their smartphone for free. Like the Google Play Store, AppGallery includes both free apps and paid apps.

In a blog post, the developer explains being stumbled across this hole by chance wondering about the operation of the Huawei store. By digging, the developer got a download link, in the middle of other information related to an app.

Huawei is slow to fix the flaw

By clicking on this download link, he was able to install the application he was studying. It was a free app, so the expert operated the same way with a paid premium app. “This time I tried 3 different apps. Or rather, 2 more apps and 1 game. I was able to use the apps successfully”explains Dylan Roussel on his blog, stating that the game had a license check at launch, hampering its use.

“It shouldn’t be possible to download paid apps for free without any verification or anything. Although I don’t currently know if the vulnerability has been actively used, if so, the developers and Huawei could both lose some revenue.warns the expert.

After its discovery, the developer therefore contacted Huawei. The Chinese group has committed to correcting the situation as soon as possible asking his correspondent to remain silent for the time being. The developer gave Huawei 5 weeks to fix the flaw.

Related: Android Malware Spying on Over 9 Million Smartphones on AppGallery

After having finally waited for 13 weeks, Dylan Roussel resolved to disclose the existence of the breach. The expert ensures that the flaw is still gaping, despite the warnings sent to the manufacturer. “Developers using Huawei’s services were also not informed”regrets the developer, hoping that Huawei will act quickly.

Source : Dylan Roussel

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *