HUAWEI’s AppGallery, World’s 3rd largest app market after Play Store and the App Store, has been reported for a vulnerability issue that’s allowing a free download link for paid applications listed on the platform.
The flaw was discovered by Android developer Dylan Roussel while attempting to learn how AppGallery’s API works. He discovered that an API of a paid app returned the URL of that app, which was downloadable. He also claims that he tried three different APIs for different apps, all of which returned the same downloadable URL, and that he was able to open and use the app successfully.
Dylan reported the vulnerability to the company in February, but there has been no proper response or action taken against this flaw until now. This will result in paid app piracy, which will eventually deprive both the developer and the app store of their benefits. The API of Huawei’s AppGallery store appears to provide no protection for paid applications.
This is a bad sign for HUAWEI’s AppGallery, given that the company is constantly improving the app store. We hope that this issue is resolved as soon as possible so that developers can use the platform safely.