The American Video Games Company, Epic Games, bypassed the 30 per cent revenue demand by Google, by enabling access to Fornite Android version outside the Google Play Store. This Epic Games Developer’s financial benefitting move was predicted to be securely risky to Android users, and it has just been confirmed to be unsafe.
Google conducted an in-depth security inspection of Fornite just after the app was released on Android. Nobody knows what motivated Google to performed such audit, but some people allege that the absence of Fortnite on Play Store could be the reason. Google shared the results of the audit with Epic at its completion, shew Epic how Google Play Store offers better security needed, and advised Epic to speedily issue an update to fix the problem discovered.
Epic Games now realized that the Fortnite Installer allows installation from unknown and unrecommended sources, users are weak at disabling permission afterwards, and the Fortnite Installer cannot protect users against a Man-in-the-Disk (MitD) attack. A Google Engineer Edward texted that “Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK,”
These reasons made Epic Games addressed the Fortnite Installer’s vulnerability within 2 days of its discovery on August 15, 2018, by releasing a patch. The company also begged Google not to disclose the details of the audit until 90 days pass. The request seeks to provide users with enough time to update their apps and restrict hackers from using the bug.
After seven days of the patch’s release, Google ignored Epic’s request by sharing the details of the audit. Epic Boss Tim Sweeney hate the selfish Google’s move and admit it to be irresponsible the respected Google, but Google’s guidelines seem to rebut Epic’s request. He also tweeted this text and that seems to reveal much on his side, “Google did privately communicate something to the effect that they’re monitoring Fortnite installations on all Android devices(!) and felt that there weren’t many unpatched installs remaining.”
According to Sweeney, there are many unpatched installations remaining. Epic tries to mitigate the problem by motivating their users to update their apps and rewards free emote to users that enable two-factor authentication. What do you have to comment on Epic’s move and Google’s move? Just drop it in the comment box below.