Google finds dangerous security flaw in Epic Games' Fortnite installer

Tim Sweeney stated that Epic Games would release the much-anticipated game Fortnite on Android devices starting with Samsung Galaxy Note 9 and other Galaxy devices at first and then, it would be made available to other smartphones but from outside the Play Store that left a giant hole in Google’s pocket as it takes almost 1/3rd of the profits from in-app purchases as its distribution fees. But just after a day of Fortnite’s Android launch, Google discovered a security flaw in its installer and made it public then and there.

Google’s engineer who goes by the name Edward studied the installer that Epic will be using to download APK files in Android smartphones and then, install the game on the phones and found a dangerous security flaw. The malicious flaw could allow a hacker or third party to download unwanted apps instead of Fortnite until the name of the file is ‘com.epicgames.fortnite’ which is known as ‘man in the disk’ attack. Soon after discovering this flaw, the Google engineer posted it on the social media and soon after, engineers at Epic Games developed a fix and deployed it across the platform on the very same day.

But this left a spat between Google and Epic as the latter claims that Google should have informed about the flaw and updated it officially after a certain period of time instead of the same day as it could make smartphones vulnerable to this security flaw. On the other hand, Google Play Store offers a varied level of security and privacy to the users both visible and under-the-hood and that would have protected the users from such a flaw if in case the game was distributed from Google Play Store.

When an APK file is downloaded outside the Play Store, the users must keep the installations from ‘unknown sources’ activated since without which, the game or app will not be downloaded but doing so can open loopholes in the system but Epic stated that it is ready to counter such challenges instead of paying a 30 percent cut from all in-app purchases to Google as it charges its distribution fee on each sale which is ‘unethical’ as per Tim Sweeney, CEO of Epic Games.

Epic Games asked Google to wait for 90 days to update the bug in its Google Issue Tracker but that hasn’t stopped Google from doing it as the issue was discussed in today’s Google Issue Tracker after Google refused to comply. On the contrary, Epic Games called Google as irresponsible since discussing such a dangerous flaw in the public and that too when it was just discovered could pose harm for users spread across the world who are more vulnerable to getting attacked by hackers.

It could be Google’s way to show its prowess over app developers and a counter-PR to Epic’s efforts to allow users to download the game outside the Play Store.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.