Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

How I discovered the vulnerability in Huawei’s AppGallery, the consequences and what happened.

Back in February 2022, a developer I know released an app on the AppGallery. While looking at the listing of the app, I started wondering how Huawei’s API worked. After a few minutes, I finally figured out one API that took a package name as a parameter and returned a JSON object with the details of the app. At that point I didn’t know what I would find later on, so I just tried the API with the package name of a known free app: Huawei’s AppGallery itself. Vulnerability in Huawei’s AppGallery: can download paid apps for free