Today’s topic is about vulnerabilities and issues every app and game faces has now following along with how Epic Games is getting its creation of battle royale title into the hands of Android gamers. You will already know that it isn’t publishing it via the official Google Play Store but instead using its own delivery mechanism.
The process which means it will not have to hand over a portion of the game’s takings, but it also comes with its own problems. As Google confirms that a vulnerability in the Fortnite for Android installer allowed any application on a phone to then download and install anything it wanted. All in fact, in the background, without the user’s knowledge. That’s what tension reading.
Google apparently noticed the issue and told Epic Games about it back on August 15th, with the creator having now patched its software to prevent the issue from continuing. Again, Google is sharing the information publicly now, reminding us all gamers and players of Fortnite on Android of just how difficult it is to do things on the platform without accidentally opening the floodgates for all manner of nastiness. Particularly, if you try to bypass Google’s own store.
While the process of installing Fortnite on Android definitely involves downloading an installer, an app that then goes off and downloads the rest of the game directly from Epic. According to Google, the issue was that the installer itself was easily exploited, opening the doors to it hijacking the request to download the additional data and replacing it with one to download, well, anything.
Despite Google potentially saving it from the world of hacks, Epic Games couldn’t bring itself to be too graceful.
Epic genuinely appreciated Google’s effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered.
However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.
An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused. You can read it all at https://issuetracker.google.com/issues/112630336
Google’s security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play.
The good news here is that for this issue to really become a huge one, users would need to have an app installer that was capable to run or taking advantage of the Fortnite Android installer flaw, something that is pretty much unlikely as of right now. But the detail this was even possible in the first place should be a warning to any other developer contemplating going around the Play Store.
It’s your turn to decide whether to the literal way or flawless way before you go ahead and download Fortnite for Android installer on your protected platform. Deny or allow Fortnite installer to access your security features and unlock. Good luck!
Next up to check out:
- Download iOS 12 Beta 10 IPSW, Public Beta 8 OTA Update
- Download: Android 9 Pie Factory Images, OTA For Pixel, Essential Phone Released
- Download iOS 11.4.1 Final IPSW Links, OTA Update For iPhone And iPad
- Download iOS 12 Beta 9 Configuration Profile File Without Developer Account
- Download iOS 12 Beta 9 IPSW Links & Install On iPhone X, 8, 7, Plus, 6s, 6, SE, 5s, iPad, iPod [Tutorial]