Oh, what’s this? More fake, copyright infringing apps on Huawei’s AppGallery?

From EMUI.

Huawei’s AppGallery continues to struggle against fake applications while scoring some big wins.

Artículo disponible en Español | Article disponible en Français

Two weeks ago, we published two articles covering AppGallery. One of them talked in a positive way of Huawei’s app store, while the second one looked at a series of abuses committed by “developers” and how Huawei could improve their submission process to reduce the amount of trash on their store. Well, two weeks later, here we are again, looking at some more trash and wondering what is actually going on over at Huawei Mobile Services and who is accepting all these applications. Of course, if we had to guess, Huawei’s submission process is entirely automated, in a similar way to what Steam (the world’s biggest online PC games store/platform) already does. But this process should definitely be changed or improved, as some applications straight up don’t work, don’t match the advertised product or are of such poor quality it shouldn’t be considered a finished product. Furthermore, the privacy policies don’t always match the product, sometimes being for an entirely different application.

Now that we’ve introduced the situation, let’s start talking about the positive: a few popular games and applications have been added to AppGallery, showing that the company is still intending in attempting to make it a viable replacement for Google’s Play Store. These new games are “The Walking Dead: Road to Survival”, which, on the Google Play Store, has over 10 million installs:

We then have “Guns of Glory”, also with over 10 million installs on the Google Play Store:

If we now focus on some news, in the past few days, dozens of articles have covered an Android keyboard named “ai.type”, which had an estimated 10 million installs through Google’s Play Store, and appeared on the news for attempting to charge users up to 16 million euros in unwanted charges, as well as running and clicking advertisements without the users’ knowledge on the background. Google removed this application from their store back in June 2019, although it is still available on some app stores. Some might have guessed it, but this application was recently added to Huawei’s AppGallery, before vanishing after the news broke out, likely due to Huawei Mobile Services removing it:

Concerning the fake or low-quality applications we’ve crossed this time, the first one is “Miraculous LadyBug”, which in theory should be “Miraculous LadyBug 2”, judging by the icon of the application. The screenshots and description claim to be an official application, although this quickly turns out to not be the case. Taking in account that “Miraculous Ladybug” is a protected intellectual property, one would expect the developer to be a well-known company. Well, in this case, we are dealing with some “Jamal Soufian”. Here are some screenshots of what can be seen on Huawei’s AppGallery:

Furthermore, the installation file has a rather curious name, “Daasoka”, although a quick search reveals that “Dasoka” is the name of the series in Arabic, which, seeing the name of the developer, isn’t surprising:

Launching the game and seeing the mess it is makes it even funnier. The 3D character in itself only has half of its body and is weirdly animated at times. On top of this, and as it can be seen in our video, some of the scenes happening are quite questionable, making the user wonder what is actually going on:

Just as last time, where the “developers” would use free resources such as Google Docs or a Blogger website to store their privacy policy, this person used a Google Site, which, yes, of course, are free to make. Weirdly enough, the name shown is not “Jamal Soufian”, but instead “OmiDesigner”. Here’s a screenshot of the privacy policy being stored on a free Google site:

And here’s a link to the privacy policy in question. Knowing that, when caught, these links usually vanish, here’s a screenshot of the full privacy policy.

A search for “OmiDesigner” brings up a page from APKPure, listing some other applications of this “developer”, showing that, as expected, this is just another shovelware developer making trash, and that we should be thankful the rest of their trash is not [yet] on AppGallery:

These are just some of the many applications available under the name of “OmiDesigner”, with the full list available on APKPure.

For the second developer we’ll be checking out today, the story is extremely similar to our previous article, with some company named “DI TE SAF” having between 100 to 130 applications on AppGallery, most of them stolen from other sources and distributed via Huawei’s app store, as we showed by looking up the original games. In this case, the developer this time is named “Ravi” and we found him via another “Miraculous ladybug” subway surfer game, called “Subway Adventures”:

The game in itself is also extremely funny to play, with an amazing running animation that the latest triple-A games from Ubisoft or Electronic Arts can’t even be compared to, and reminiscent of the Mass Effect: Andromeda days. Yes, this sentence was a joke. Some might have also noticed the similarities between both games: they are both “subway surfers” (or runners), and both share an extremely similar layout. For instance, in the first level/tutorial, the player will reach the same exact point at more or less the same time:

There are some texture differences and some customizations made to the game UI, but, overall, they are both the same exact game, using the same exact base. Of course, some users having more knowledge or experience about this subject already know the answer. This is because both games use the same game engine (in this case, the Unity Engine) and the same shell/template, which can be bought from an asset store such as the Unity Asset Store for varying amounts. Here are two examples of “subway surfers/runners” templates that can be bought directly from the Unity Asset Store, with, ironically, one of them being the “Miraculous LadyBug” template:

Subway Runner – Starter Kit” from “Cool Templates”, sold for 44.67€

Ultimate Runner Engine” from “Trisoft Studios”, sold for 22.33€

Some might not know or be aware of how these packs of assets work: usually, developers wanting to make a specific type of game, or wanting to learn how to make games, can buy these pre-made packs which already have the foundations put in place (essentially, the game is already coded/working), and can then either train on them to learn how to code/use the engine, or customize said packs to create a new product, by changing the graphics, customizing the levels, music, menus, etc. This can result in very interesting creations. At the same time, developers can also buy pre-made assets for their games, such as furniture, buildings, packs of items such as weapons and others, and implement those in their game directly, without needing to design everything from scratch, meaning one can save both time and money, as well as create games with little knowledge. While the advantages are there, this has led to quite a lot of shovelware made by people seeking to make a quick buck from unsuspecting users, giving engines such as the Unity Engine a bad reputation, and re-using assets being considered by some as a lack of attention. Of course, this also depends on how much time and effort the developer using said engines/assets puts in their creation, although in this precise case, for “Miraculous LadyBug”, the “developer” just bought the template, attempted to modify the textures of the character, miserably failing at it, and then submitted said “game” to various app stores.

While the failure from placing a proper texture on the character might come from the “developer”, it is also possible this might be due to the template used, with some reviewers pointing out this option is bugged:

If we now look at the (many) other games this “Ravi” submitted to AppGallery, we can find a few other runners, all likely using the same Unity asset pack:

And here’s a look at all the applications “Ravi” supposedly developed, unless “Ravi” is some kind of company submitting applications on the behalf of a third-party, which is possible but extremely unlikely, as we have seen with “DI TE SAF” last time. We were surprised at the 100 to 130 applications from “DI TE SAF”, but this time there’s roughly the double, with us having counted some 180 to 190 applications overall:

“Ravi” also seems to struggle with privacy policies, putting his/theirs on a free Blogger website, just as “OSIC TECHNOLOGY CO., LTD.”, another one of the “developers” we covered in our previous article on this matter. Here, we learn that “Ravi”’s name is apparently “Brijmohan” (likely Brij Mohan, which appears to be a common Indian name due to the results a simple search yield), with the privacy policy being dedicated to some kind of free VPN, which doesn’t really match the application on AppGallery. Clicking on the privacy policy link in some other of his applications also lead to this same page. Here’s a screenshot of part of the privacy policy hosted on Blogger:

Surprisingly, this person happens to have two different privacy policies for a similar product, at least in name:

Of course, just as before, here’s the link to the privacy policy, as well as a copy we made, just in case it mysteriously vanishes. We are aware that earlier we claimed it is common for links to disappear once caught, although, thinking about it, this is highly unlikely, as otherwise it’ll probably lead to issues with the applications on AppGallery.

This ends our quick, second look at the evolution of Huawei’s AppGallery. Just as last time, we believe Huawei should implement a series of supplementary controls to make it harder to abuse their app submission system, such as:

  • Publish the application under the same name the developer uses/used on other app stores, such as Google’s Play Store.
  • If the developer has already published the application on another store, link to this one for further checks (only viewable to Huawei employees).
  • Huawei should be the ones taking the screenshots of the game/app, instead of relying on what the developers supply, which, in most of these cases, doesn’t match the real application.
  • Just as we did last time, and if Huawei doesn’t want to take the screenshots themselves, the company might want to develop some automated system to run the screenshots supplied by the developers through something such as Google’s image search or TinEye, to see if the images/name correspond to some other game or not.
  • We can’t stress this enough, but developers should be forced to post their Privacy Policy on a registered website with a proper domain, and not be allowed to use free options such as a Google Docs document, Blogger, Facebook or a Google Site. On top of this, linking or using Google services (such as Docs or Sites) knowing Huawei is unable to use their services is quite ironic.
  • Furthermore, developers should be forced to provide some identifying information and display this one in their Privacy Policy, such as an address, company name and its registration number, as well as an e-mail address.

In any case, we’ll keep an eye on Huawei’s AppGallery as, while the store might seem to be going through some difficulties, more and more well-known applications and companies are deciding to publish their applications on this store.

More on this subject:​