first_imgGoogle discloses vulnerability in Fortnite launcher that allowed possible malware installationEpic Games has since fixed the exploit, but CEO Tim Sweeney calls Google disclosure “irresponsible”Rebekah ValentineSenior Staff WriterMonday 27th August 2018Share this article Recommend Tweet ShareCompanies in this articleEpic GamesGoogleFortnite has skipped the Google Play store for its Android release, but its avoidance of the securities offered by Google Play potentially allowed for a major exploit to make its way into the launcher. On Friday, Google publicly disclosed a bug in the Fortnite launcher that potentially allowed for hackers to install malware onto Android devices.The exploit, which has since been fixed with version 2.1.0 of the app, was essentially a weakness in the installer app for Fortnite that allowed for other programs already-downloaded onto the device to go through the launcher and install other programs without the knowledge of the user. For the vulnerability to cause a problem, the user would already have to have an app on their phone looking for said vulnerability, but if they did, malware could be installed and launched through the Fortnite app while the user assumed they were installing and launching Fortnite itself.While the issue was fixed shortly after Google made the information public, Epic CEO Tim Sweeney responded in a comment made to Android Central regarding the company’s publication of the issue:”Epic genuinely appreciated Google’s effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered.”However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.”An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused. You can read it all at JobsSenior Game Designer – UE4 – AAA United Kingdom Amiqus GamesProgrammer – REMOTE – work with industry veterans! North West Amiqus GamesJunior Video Editor – GLOBAL publisher United Kingdom Amiqus GamesDiscover more jobs in games “Google’s security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play.”It’s worth noting that whether or not the exploit would have existed in a universe where Fortnite goes through Google Play, Google Play Protect is able to stop apps from being installed when issues such as these present themselves.Epic Games told earlier this month that it is skipping the Google Play store specifically to avoid the 30% cut of revenue that Google takes from a game’s sales.Celebrating employer excellence in the video games industry8th July 2021Submit your company Sign up for The Publishing & Retail newsletter and get the best of in your inbox. Enter your email addressMore storiesEpic vs Apple – Week One Review: Epic still faces an “uphill battle”Legal experts share their thoughts on the proceedings so far, and what to expect from the coming weekBy James Batchelor 11 hours agoEpic Games claims Fortnite is at “full penetration” on consoleAsserts that mobile with the biggest growth potential as it fights for restoration to iOS App StoreBy James Batchelor 15 hours agoLatest comments Sign in to contributeEmail addressPasswordSign in Need an account? Register now.last_img