Android app developer Dylan Roussel found a bug that, whereas non-trivial to use, is not inconceivable both. In a nutshell, Huawei’s AppGallery uncovered sure particulars about an app, together with the obtain hyperlink for the Android package deal (APK). Whereas which may be regular, the bug is that the identical hyperlink can be utilized to immediately obtain a paid app with out having to pay for it and even having to confirm something.
This bug has two damaging penalties for Huawei’s app market. The primary is extra apparent in that anybody with a little bit of technical know-how can simply bypass restrictions and obtain paid apps at no cost. The larger menace, nonetheless, is that the AppGallery makes it too simple to obtain apps, each paid and free, exterior of official channels, which in flip makes it too simple to pirate apps on that platform. This creates a really giant deterrent for builders who could not hassle placing within the work wanted to supply their apps for Huawei’s ecosystem.
This vulnerability was found and reported again in February 2022, nevertheless it took Huawei 90 days to ship a response. The corporate did apologize for the miscommunication and delay, citing logistics issues in fixing AppGallery throughout completely different areas because it apparently works very in a different way, too. A repair is promised to reach by Might 25, however the bug’s existence nonetheless raises issues about related points which may be lurking within the shadows nonetheless undiscovered.