Google Found A Serious Security Flaw In Fortnite Installer For Android

Epic Games has released Fortnite Battle Royale on both major mobile platforms

Epic Games has released Fortnite Battle Royale on both major mobile platforms

In brief: Earlier this month, rumors that Epic Games wanted to avoid Google's 30 percent revenue cut by distributing the Android version of Fortnite outside the Play store proved to be true.

To be clear, the wayward app in question isn't Fortnite for Android itself but the Fortnite Installer for Android.

On Samsung Experience devices such as the Galaxy S8+, Note 9, and the Tab S4, Fortnite is distributed via the Samsung Galaxy Apps store.

Google apparently noticed the issue and told Epic Games about it back on August 15th, with Epic having now patched its software to prevent the issue from continuing. Google discovered the flaw on Wednesday, August 15. This is also known as a "man-in-the-disk" attack. The vulnerability took advantage of the fact that rather than just installing Fortnite directly, you first have to download an installer which then downloads the necessary bits for you.

While it's certainly not 100 percent safe, the Google Play Store does offer some protections, and sideloading the Fortnite installer means allowing installations from unknown sources-something that's not recommended, especially as some users may forget to disable the permissions afterward.

To further detail the vulnerability, Google also provided a proof-of-concept video of the attack on a Samsung smartphone.

Kobe Bryant Expects LeBron-Hating Lakers Fans To ‘Fall In Line’
This will help the coaches and other team staffs find the areas they need to improve on a player's game. "He looks great man". But he can shoot the ball, and he has worked on his mid-range game a lot. "I'm looking forward to him having a good year".

Even though the company has no legal or financial stake in the matter, Google recently discovered an exploit in Fortnite's mobile version code that could be hacked. After the completion of the process, the user is seen to be tapping on "Launch", only to find a random app open.

XDA Developers provides an articulate context of what went wrong with the Fortnite installer. The Fortnite installer has to be downloaded from the Fortnite website instead.

The original installer app downloaded the Fortnite installer first, a simple app that would then download the full game directly from Epic. And as the Fortnite installer only checks the name of the APK, any file called "com.epicgames.fortnite" would be installed.

"However, Epic Games" developers quickly jumped on the issue to work on a fix and they deployed one soon. This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure. However, much to Epic Games' chagrin, Google disclosed the vulnerability within 7 days of its discovery without heeding to Epic Games' request for the usual 90 day window.

As a result, Epic CEO Todd Sweeney issued a statement to Android Central.

"Google's security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic's distribution of Fortnite outside of Google Play". In fact, Google made a decision to take a very hard look at the installer Epic Games was using for Fortnite and it found a massive security flaw.

Recommended News

  • Carlito on one issue he has with WWE’s NXT system

    Carlito on one issue he has with WWE’s NXT system

    Nowadays WWE has established NXT and the Performance Center, giving young WWE stars a plethora of sources to better themselves. Trent Seven: "I agree, I think it's that kind of pressure that really pushes people on to the next level".
    MotoGP: Weather forces cancellation of MotoGP's Silverstone round

    MotoGP: Weather forces cancellation of MotoGP's Silverstone round

    Conditions were atrocious and organisers were always going to err on the side of caution after Tito Rabat was badly injured in the fourth practice session of the weekend on Saturday.
    Chicago fire: at least eight dead including six children, officials say

    Chicago fire: at least eight dead including six children, officials say

    Clifford Spears of Saint Michael Missionary Baptist Church led a crowd that gathered in prayer, the Chicago Tribune reported. Police officers helped push a stretcher toward an ambulance, while a paramedic simultaneously performed CPR.
  • Gregg Williams says the way Denzel Ward tackles is 'stupid'

    Gregg Williams says the way Denzel Ward tackles is 'stupid'

    TE Seth DeValve and RB Danny Vitale remain with the crew working to the side with trainers, as both have for the entire preseason. Browns defensive coordinator Gregg Williams hopes Denzel Ward learns from the injury he suffered against the Eagles.
    Return of big names bolsters U.S. Open men's draw

    Return of big names bolsters U.S. Open men's draw

    Another great moment of tennis when Arthur Ashe won his first, unforgettable Slam title, in front of his home-crowd. In fact, there isn't a single player in his entire half that Nadal would be particularly concerned about.
    Andrea Pavan denies Padraig Harrington at Czech Masters

    Andrea Pavan denies Padraig Harrington at Czech Masters

    Although he missed out his first tournament win since the Portugal Masters in 2016, there were many positives to take. The 29-year-old Italian birdied the 16th and 17th as he ended on 22 under after a five-under-par 67.
  • Erik Karlsson Clarifies That He's Willing to Sign Long-Term With Canadian Team

    Erik Karlsson Clarifies That He's Willing to Sign Long-Term With Canadian Team

    As a long summer for the Ottawa Senators winds down, talk involving the future of captain Erik Karlsson is heating up ... again. There was a report yesterday that Karlsson doesn't want to sign an extension with a Canadian team.
    Homeless Samaritan can't get GoFundMe money

    Homeless Samaritan can't get GoFundMe money

    He also claims D'Amcio had spent some of his donations on gambling, but the pair insist they have been using their own money. Bobbitt did admit to swiftly spending the $25,000, but says he sent it to family and friends-and used some of it on drugs.
    Everton winger Bolasie joins Aston Villa on loan

    Everton winger Bolasie joins Aston Villa on loan

    The summer signings of Richarlison and Bernard means Bolasie has found himself further down the pecking order at Goodison Park. Aston Villa confirm that they have completed the season-long loan signing of Everton winger Yannick Bolasie .
  • Donald Trump's Tribute To John McCain Called Out By Fox News Analyst

    Donald Trump's Tribute To John McCain Called Out By Fox News Analyst

    Bush and Obama had been McCain's political opponents, too, blocking his White House ambitions in 2000 and 2008, respectively. Our thoughts and prayers go out to Senator McCain's family and friends in these turbulent times .
    Kalashnikov launches Tesla-rivalling electric vehicle

    Kalashnikov launches Tesla-rivalling electric vehicle

    Russian defence business Kalashnikov has unveiled an electric vehicle prototype which it said will rival cars produced by Tesla. Concern "Kalashnikov" is developing its own electric vehicle , which in the future will compete with Tesla auto Elon musk .
    DJI Reveals New Mavic 2 Drones With Upgraded Cameras and Zoom Lenses

    DJI Reveals New Mavic 2 Drones With Upgraded Cameras and Zoom Lenses

    Both include a more aerodynamic fuselage for less noise, faster speeds, and longer, more energy-efficient flight. These functions allow the drone to create moving time-lapse images when the drone covers a large distance.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.