An Android app developer discovered a bug in the Huawei AppGallery. The bug allows users to download paid apps for free without any difficulty. He discovered a loophole in the Huawei AppGallery API, using which he was able to download paid apps from the store.
Huawei is trying to recover from the U.S. ban and has its app store called “Huawei AppGallery.” But this major security loophole is causing damage to the financial earnings of both the store and app developers.
What is the Huawei AppGallery vulnerability?
Android developer Dylan Rousse was curious about how Huawei’s API worked. His developer friend released an app on the Huawei AppGallery, after which he began toying with the API. He noticed that his request returned a URL value which was the download link for the app. He didn’t expect the paid apps to return the download URL, but the response contained the download link.
Dylan Rousse was sure that the downloads were working and did not have additional security to prevent paid app downloads. He was also successful in installing the app on his phone. After that, he tried downloading 2 more apps and one game. Dylan was able to install all three of them but could only access two. The game has inbuilt DRM protection, which verifies if he is a paid user or not.
What happened next?
Dylan immediately found the contact page and initiated communication with Huawei. He did receive a response and was assured that they would fix the vulnerability and keep him posted. The brand also asked for a disclosure period, and Dylan offered them five weeks to fix the vulnerability. They also offered a bug bounty, but he didn’t accept it for undisclosed reasons.
Huawei showed negligence and didn’t patch the vulnerability in time. Dylan received no response from the brand about the fix whatsoever and gave them some more time. His patience ran out after 13 weeks, and he decided to publish the news about the vulnerability which Huawei failed to fix.
Huawei AppGallery’s vulnerability is reducing developers’ profits with each passing day. Those apps which lack a DRM can be used without any worries. This makes the Huawei AppGallery a hot favorite for pirate groups to download all the paid apps. Dylan played the part of a good Samaritan to help fellow developers realize their loss. Huawei hasn’t fixed the vulnerability as of writing this post.