Epic Games recently addressed a vulnerability in the Android launcher for Fortnite that would have allowed hackers to slip malware onto users’ devices, and though players should no longer have to fear any issues, Epic isn’t too happy with the way Google handled the problem.
The vulnerability was detailed on Google’s Issue Tracker service, and stems from users being able to swap out the genuine Android Package — or APK — with a false one if it is given the same package name. This opens the door for a malicious program to be installed onto phones without players’ consent.
The vulnerability was reported on the service on August 15 and was subsequently patched a day later, and Epic requested that Google not disclose it for 90 days in order to give the company more time to update users’ devices. Google did not comply with this request, which could have given hackers enough time to exploit the issue before a patch was rolled out.
Though he praised Google’s effort to check for potential security issues in Fortnite on Android, Epic Games CEO Tim Sweeney told Android Central that it was “irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.”
Sweeney seemed to imply that Google’s decision was made in response to Epic not releasing the game through Google Play as well.
“Google’s security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play,” Sweeney said.
Fortnite only recently came to Android after previously being available on PC, Mac, Xbox One, PlayStation 4, Switch, and iOS. The decision to avoid the Google Play store was made in order to avoid paying a 30 percent revenue cut to Google on in-game purchases. With Fortnite pulling in tens of millions of players, it’s hard to blame Epic Games for wanting to do things its own way, but we hope it takes more steps to keep users and their systems safe in the future.