comscore
News

Google helps Fortnite with security flaw, Epic Games slams Google for sharing it publicly

Google discovered the vulnerability on August 15 and immediately notified Epic Games.

  • Published: August 27, 2018 3:50 PM IST
Fortnite Mobile Android

Image credit: Bodhisatwa ray


When Epic Games decided to keep Fortnite for Android exclusive to its own website and not on Google Play, it was estimated that Google will get hurt the most because of this decision, and that is of least $50 million loss in platform revenue fee. The Fortnite for Android installer has since been available for download from the Fortnite website instead, and Google has been vocal about warning users that it could potentially put security at risk.

Even further, Google recently discovered one of the potential risk in the Fortnite installer app. Accordinng to company the exploit could hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure.

“If the fake APK has a targetSdkVersion of 22 or lower, it will be granted all permissions it requests at install-time. This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure,” noted Google Issue Tracker.

Google discovered the vulnerability on August 15 and notified Epic Games about the same. The issue was addressed immediately by Epic Games and a patch was rolled out within 48 hours.

Google was suppose to maintain a 90-day disclosure deadline before sharing issue details in public, and Epic Games had also requested for the same, however, Google made the issue public and that made Fortnite developers furious. The company then slammed Google for its “irresponsible” behavior.

Epic Games CEO Tim Sweeney in a comment to Mashable said, “Epic genuinely appreciated Google’s effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered. […] However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.”

Watch: Monster Hunter World GamePlay

Following Sweeney’s statement, Google also responded with a comment saying, “user security is our top priority, and as part of our proactive monitoring for malware we identified a vulnerability in the Fortnite installer. We immediately notified Epic Games and they fixed the issue.”

  • Published Date: August 27, 2018 3:50 PM IST