When we last covered Fortnite for Android devices, everything seemed to be going well. It was an exclusive for the Samsung Galaxy Note 9. Android users would eventually have a chance to play it. It’s going to rake in a lot of cash for Epic Games. Unfortunately, things came to a head recently when a vulnerability was discovered — it seems Android devices were made vulnerable to hacks due to Fortnite‘s downloader.
Fortnite for Android hack discovered
Prior to the release of Fortnite for Android devices, Google warned users of the security risks since it wouldn’t come from the Google Play Store. Instead, it’s be a separate download from the launcher. Google, naturally, balked at Epic Games’s decision. Meanwhile, Epic rejoiced that they’d be able to avoid update delays and Google taking a cut of the profits.
On August 15, Google discovered that because Epic released Fortnite as a separate download/installer rather than via the Play Store, it was vulnerable to hacks and exploits. An example of this would be when you try to download the game or its updates, rather than proceeding with a normal download, your device ends up downloading malware instead without your knowledge.
Experts call this the “man-on-the-disk” attack wherein hackers intercept the information from your device. This allows for sneaky installations and monitoring via a backdoor — which happens to be the Fortnite executable. This happens if your phone already had a particular malware in the first place. However, given that your device’s security can be breached via the Fortnite app, it is fairly telling how vulnerable and flawed it was.
Epic and Google bicker due to Fortnite hack
Epic was quick to patch their installer following Google’s discovery. However, they also notified Google not to release any information until 90 days had elapsed. This was, according to Epic, in order for more players to download their fix, and so that hackers would not be able to take advantage of this problem.
Google had other ideas though. This was because they have their own guidelines:
This bug is subject to a 90-day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report – including any comments and attachments – will become visible to the public.
Because Epic Games quickly patched the issue and “made it broadly available,” that meant Google was in the clear to inform the public of the matter. After all, a full week had already elapsed since the fix went live. That decision obviously did not sit well with Epic. Speaking to our friends at Mashable, Epic Games CEO Tim Sweeney felt that Google’s decision was “irresponsible” and was “counter-PR.”
In a way, Sweeney felt that Google set out to make Epic look foolish because of the company’s decision to avoid putting Fortnite on the Play Store altogether.
Google also replied to Mashable, stating the following:
User security is our top priority, and as part of our proactive monitoring for malware we identified a vulnerability in the Fortnite installer. We immediately notified Epic Games and they fixed the issue.
Who do you think was in the right here: Google or Epic Games? Let us know.