- Google has revealed it found a major security flaw in the first version of the Fortnite for Android installer.
- Fortnite developer Epic Games was privately informed of the installer issue and it quickly released a new version.
- The installer flaw raises questions about Epic’s decision to bypass the Google Play Store for the Fortnite for Android release.
The release of Epic Games’ hit battle royale shooter Fortnite for Android a few weeks ago raised some concerns as the developer elected not to use the Google Play Store for the launch. Instead, Epic created its own installer for the game that could be downloaded on its own. Now, it’s been revealed that the first version of that installer had a major security issue.
Google discovered on August 15 that the Fortnite for Android installer had a vulnerability that, if exploited, could have allowed it to be taken over by hackers. This issue would have allowed the installer to download malicious apps to an Android phone without the owner knowing otherwise. The exploit did require that the phone already have a malicious app with the WRITE_EXTERNAL_STORAGE permission to be installed in order to take advantage of the Fortnite vulnerability.
After Google privately informed Epic Games of this issue, the developer quickly took steps to fix this problem. It released a new 2.1.0 version of the installer less than two days later that closed this loophole. So far, it’s unknown if any hackers took advantage of this security flaw while the first installer was made available by Epic.
Epic Games also asked Google not to publicly reveal this problem with the first Fortnite installer for 90 days, which is standard for the disclosure of normal bug reports. However, the flaw in the first Fortnite installer was considered to be a 0-day vulnerability, according to Google’s security policies, and the company decided to publicly reveal that problem seven days later.
This did not make Epic Games CEO Tim Sweeney happy. In a statement sent to Android Central, Sweeney stated that while Epic was thankful that Google performed a security check on the installer, and informed the developer of the flaw, the company wanted Google to wait for the longer 90 day period to reveal the issue “to allow time for the update to be more widely installed”.
All of this would seem to justify the concerns many people had about Epic’s decision to bypass the Google Play Store for the Fortnite launch on Android. Epic Games made this move in part so it could avoid paying 30 percent of the revenue generated by the game to Google if it used the Play Store.
Future Fortnite for Android updates
Late on Friday, Epic also posted an overall blog post on their current and future update plans for Fortnite, including a section for their Android version. Epic admitted that the launch “wasn’t the smoothest experience” but it says it is working on making improvements in both stability and performance across the range of currently supported Android devices. After that, the plan is to expand the current beta version across more Android phones, with the goal of supporting all Android devices that meet Fortnite’s minimal requirements.
Epic is also working to make downloading the game from the installer easier by decreasing its overall patch size. When Fortnite for Android was first released, it required a huge 1.88GB download from the installer. Hopefully, Epic can cut down that file size so it doesn’t take as long to download and/or patch the game.