Huawei has been developing its analogue of the Google software ecosystem for several years, and, in addition to HMS services, the App Gallery app store is a key component of it. As it turned out, there is a vulnerability in it, which the company has been aware of for three months, but still has not fixed. It was discovered by programmer Dylan Roussel from 9To5Google.
Back in February of this year, Dylan wanted to figure out one of Huawei’s APIs, which takes a package name as a parameter and returns a JSON file with detailed information about the application. The programmer found out that, among other things, it contains a direct download link with the sign parameter at the end – as it turned out, it allows you to download even paid applications completely freely.
Huawei has already acknowledged the problem, but so far (at the time of writing on May 18) has not fixed it. 9To5Google notes that right now the only way to protect their paid apps from free downloads through AppGallery is to use DRM protection. However, large developers have probably been using it for a long time, because otherwise their products could be freely distributed by the first to buy them.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.