Paid Android apps can now be downloaded for free because to a weakness in Huawei’s AppGallery store, but a remedy is on the way.
Given the continued sanctions against Huawei, which among other things ban the phone manufacturer from utilizing Google’s services, the company’s own suite of apps and services has been crucial. Included in this is the AppGallery marketplace, which enables the distribution of Android apps outside of the Google Play Store. The AppGallery offers both cost-free and premium apps that must be purchased.
According to a recent attack found by Android developer (and 9to5Google contributor) Dylan Roussel , Huawei’s AppGallery store’s core API provides no protection for purchased applications. It’s supposedly feasible to get a legitimate APK download link for a premium program without having to pay for it or even just enter into an account. In essence, program piracy might be accomplished using this vulnerability in Huawei’s AppGallery.
Although Huawei was informed of the vulnerability and recognized it, the corporation has not yet provided any plans or a schedule for fixing it.
Update 5/19: Huawei informed Roussel that a patch for this problem should be accessible to everyone by May 25 via an update to the vulnerability paper. It’s unclear whether this will necessitate an upgrade to Huawei phones’ AppGallery app or any work on the part of developers.
In the interim, your best chance would be to make sure that you have an alternate method of safeguarding your application through DRM, such as the AppGallery DRM Service, if you’re an app developer with a paid product in Huawei’s AppGallery. This kind of security is recommended in any case because a paid app without DRM protection could be freely shared with others after just one purchase.