The previously reported Fortnite Mobile for Android security concerns turned out to be legitimate, possibly exposing millions of Android gamers to malware.
Epic Games was said to be unhappy with how Google handled the matter, which happened due to the developer's decision to bypass the Google Play Store for the highly anticipated Android game.
Fortnite Mobile Malware: Android Users, Beware
Fortnite Mobile for iOS quickly achieved massive success when it was launched in March, but Android device owners were forced to wait for a few months before getting the Battle Royale shooter into their smartphones.
For Fortnite Mobile for Android, Epic Games decided to bypass the Google Play Store and released its own launcher for the game. Users will first need to download the installer, which in turn downloads the full game directly from Epic Games.
Google, however, discovered that the Fortnite installer was easy to exploit, with hackers able to hijack the request to download Fortnite Mobile from Epic Games. The "man-in-the-disk" attack tricks the installer app into thinking that it is downloading Fortnite Mobile, when it is instead downloading malware.
Once the malware is installed instead of Fortnite Mobile, tapping on the installer to launch the game instead opens the malware.
Epic Games vs Google
Google discovered the vulnerability on the Fortnite installer app on Aug. 15 and immediately notified Epic Games. Within 48 hours, Epic Games fixed the Fortnite installer and deployed it to all Android users who installed it.
Epic Games requested Google to keep the exploit secret until after 90 days to give Android owners time to update their Fortnite installer apps, which will prevent hackers from taking advantage of the vulnerability.
However, according to Google's policy, once the patch for an exploit it discovered is released, it will immediately share the details of the bug. After Epic Games fixed the problem, Google went ahead and published the bug's details, ignoring the developer's request.
Epic Games will likely not be facing the malware problem for its Fortnite installer app for Android if it allowed Fortnite Mobile to be downloaded though the Google Play Store, allowing Google to take a 30 percent cut of the profits in the process. Google, meanwhile, should have been more flexible in its disclosure guidelines, if it really wanted to protect Android users from hackers.
Whoever is right between the two companies does not matter now. As is usually the case, it is the general public who will be affected the most.