Aug 24 AT 8:19 PM Evan Selleck 0 Comments

Fortnite installer revealed to have a security flaw

Fortnite-GalaxyNote9-official

Before Epic Games took the stage at Samsung’s Galaxy Note 9 event to confirm the launch details for its mega-popular Fortnite Battle Royale, it was rumored that the company would be avoiding the Google Play Store altogether when the title arrived on Android devices.

That turned out to be true, which meant that Android device owners that want to play the game won’t find it in the Play Store, but rather will have to allow downloads from unknown sources on their device and download the game’s APK file directly from Epic’s website. That probably didn’t raise any major red flags, considering this is Epic we’re talking about, but apparently it should have.

Google recently discovered that the installer for Fortnite on Android has a security flaw, which allows for any app on the device to download and install anything it wants in the background. According to Google, a malicious individual could take over the installer’s request to download Fortnite. Once that was complete, they could essentially download whatever they wanted to the Android device in question.

The good news is that all of this is really in the past tense. Google discovered the flaw on Wednesday, August 15. Epic confirmed the flaw existed on its own, and then within 48 hours had the issue patched. Epic released an updated version of the installer for Fortnite along with the requirements that Android users update their installer to get the fix. The updated version for the installer is version 2.1.0.

Things get really interesting when we get to Epic’s reaction to the situation. Initially, Epic Games’ CEO Tim Sweeney thanked Google for discovering the security flaw. However, Sweeney was then quick to turn things around and admonish Google for being “irresponsible” in its public disclosure of the flaw so soon after it was initially discovered.

Sweeney had this to say, per Android Central:

An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused.

All things considered, this situation was basically exactly what Epic wanted to avoid after its decision to skip the Play Store to sell its mobile game. It’s great to see that the installer was patched in such a short period of time, but this wouldn’t be something the company would have had to worry about had it just launched the game in the Play Store.

Sources: Android Central, Google

Evan is a pretty big fan of technology, from phones to video game consoles and everything in between.

    Most Tweeted This Week