The developer behind wildly popular battle royale game Fortnite has called Google ‘irresponsible’ after the tech giant disclosed dangerous flaws in the game’s Android edition.
Google said Friday it discovered a vulnerability in Fortnite’s original Android installer that would let hackers load malware onto unsuspecting users’ devices.
The announcement drew criticism from the founder of Epic Games, who said Google should have waited to make the flaw public.
Fortnite developer Epic Games is calling Google ‘irresponsible’ after it disclosed a security flaw in the game’s Android installer that allowed hackers to load malware onto users’ devices
‘We asked Google to hold the disclosure until the update was more widely installed,’ Epic Games CEO Tim Sweeney wrote in a tweet.
‘They refused, creating an unnecessary risk for Android users in order to score cheap PR points.’
In another set of tweets, Sweeney said Epic Games ‘worked around the clock’ to release an Android software update that would patch the flaw.
‘The only irresponsible thing here is Google’s rapid public release of technical details,’ he added.
Earlier this month, Epic Games announced Android owners would have to visit the Fortnite website and download a launcher in order to load it onto their devices, instead of just downloading it from the Google Play Store.
It chose to do this to avoid giving Google a cut of its sales. The search giant gets a 30 percent fee when a user makes in-app purchases.
The move immediately faced scrutiny from cybersecurity experts who said players may mistakenly download a malware-laden clone onto their devices without knowing it.
Those concerns appear to have been warranted, as Google disclosed in a blog post that the Fortnite installer for Samsung Galaxy phones includes code that allows hackers to hijack the download process.
As a result, hackers could install apps with higher security permissions, leaving the device open to further attacks.
‘Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified,’ Google wrote in a blog post.
‘This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK.
‘This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure,’ it continued.
Google included a proof-of-concept screen recording to show how the flaw works.
Earlier this month, Epic Games announced Android owners would have to visit the Fortnite website and download a launcher in order to load it onto their devices
The firm shared this screen recording with Epic on August 15. Epic responded by saying it was working on a fix and added:
‘We would like to request the full 90 days before disclosing this issue so our users have time to patch their devices.’
Google typically waits 90 days to publicly disclose a bug if developers have not resolved it, but the firm only waits one week after a patch is made ‘broadly available,’ according to BBC. As a result, Google rejected Epic’s request.
Sweeney questioned suggestions that Google acted in users’ interests by disclosing the flaw.
In the blog post, Google explained that the patched version of the Fortnite installer had been available for seven days, so it moved to disclose the security flaw.
The dispute highlights many of the security risks of letting users sideload apps onto their system.
Sideloading involves installing third-party apps onto an Android device using Android Package Kit (APK) files.
Unlike Android, users cannot ‘sideload’ apps onto their system with iOS devices.
WHAT IS FORTNITE?
Fortnite is a game that originally launched as a disk back in July 2017 and was then turned into a free-to-download game by its developer, Epic Games, in September.
There are three forms of the game: ‘Battle Royale’, ‘Save The World’ and ‘Playground’.
Save the world is the original form of the game and is currently not available to play as part of the free-to-download game, instead it comes as part of a £30 ($40) extra.
It is a co-op mode with a story that’s playable solo or online with friends.
Fortnite is a battle royale-style survival shooter where players create a superhero avatar and compete against each other on a dystopian island
Users compete in teams of up to three to complete a variety of missions.
It is rumoured that the game will be added to the free-to-play version of the game in the future.
Whilst Save The World may be the original version of the game, its sister mode is by far the most popular.
Battle Royale is a game of survival where players create a superhero avatar and compete against each other on a dystopian island.
Each game, or ‘match’ as each competition is known, starts with 100 players.
The aim of the game is to be the last one standing. Users can form allegiances and play in small groups.
To enable this and the interactive experience, the game allows completely open communication between players.
Inspired by the Hunger Games novels and films, gamers search for weapons to help them survive.
Armed with quirky weapons and amusing dances, the game has swept across the gaming world, with children flocking to it.
While there is no exact figure on how many children play Fortnite, the game has so far pulled in an audience of over 125 million players.
Playground is the latest addition to the game and is a consequence free mode with more loot and unlimited respawning to allow players to get creative.
It involved groups of up to four people working as a team and the players can hone their skills as the practise in advance of entering Battle Royale where they will face better players.