Tagged as a bug bounty?
The guy wanted a bug bounty on something like this?
Like if he discovered now that software can be cracked??
Of course they weren’t interested, all the software is crackable. Even if the dev wasted one week of dev time to implement server side validation, then the for the cracker doesn’t change anything, they patch the server check to reverse the logic. Ok it’s a bit harder but if it’s worth, determined crackers will take the challenge.
Look at denuvo and the thousands of online checks, all defeated eventually.
Initial Response from the Company After informing the company of the vulnerability affecting File Manager: File Explorer (used by over 10M+ users), the company responded that it does not consider the issue a problem and has not taken steps to resolve it
Considering the miniscule number of people who would even attempt this. They do not bother which is good. Not worth the time to waste on this.
The app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?
Mostly nothing, but it’s enough to stop fully automated patching/modding the Playstore like Lucky Patcher does