Epic boss criticises Google decision to publicise Fortnite flaw

Says Google is trying to "score cheap PR points." 

In the aftermath of Epic's decision to have battle royale phenomenon Fortnite avoid the Google Play store, it seems tensions remain high between the two companies. Over the past few days, a new tussle has emerged - this time over a security flaw found in the Android version of the game.

On Friday, Google published a report which revealed the Fortnite app could be hijacked by other apps "to instead install a fake APK with any permissions that would normally require user disclosure". This essentially meant apps could silently download unapproved software in the background. Huh, I guess this "worm" file isn't a Fortnite dance move after all...

Google reported the flaw to Epic on 15th August, and according to records on Google's issue tracker, the vulnerability was fixed by the Fortnite team two days later. Epic's CEO Tim Sweeney believes publishing the flaw is a "valid PR strategy," but criticised Google's decision to publicise it a week after the patch had been issued.

1
The flaw has been addressed in a recent Fortnite patch.

Epic originally requested Google refrain from revealing the problem for a period of 90 days rather than Google's usual seven days "so users have time to patch their devices". According to Sweeney, this is because Fortnite updates on Android are downloaded only when the game is launched. Interestingly, as security expert Graham Cluley notes, this would not have been an issue on Google Play where updates happen automatically.

Despite the fact Google stuck to its standard disclosure policies, in Sweeney's opinion, the move has done "nothing but give hackers a chance to target unpatched users". Today, Sweeney even hinted he felt "the word punishment is very appropriate here". Some have suggested this might have been payback for Fortnite avoiding the Google Play store - and thus Google's cut of sales generated by the game.

In any case, Fortnite's decision to avoid the Google Play store seems to have come at a cost. Although Epic has avoided paying out 30 per cent to Google, the downside is Fortnite on Android carries the perception of an increased vulnerability to security problems. Related, Fortnite recently encouraged users to add additional security measures to their accounts, such as two-factor authentication (which will land you a sweet boogie emote).

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (74)

About the author

Emma Kent

Emma Kent

Reporter

Emma was Eurogamer's summer intern in 2018 and we liked her so much we decided to keep her. Now a fully-fledged reporter, she loves asking difficult questions, smashing people at DDR and arguing about, well, everything.

Related

You may also enjoy...

Fortnite Utopia secret Battle Star locations from each loading screen

How to find Utopia locations and their secret Battle Stars in Fortnite.

Devil May Cry 5 Secret Mission locations explained

Where to find all 12 Secret Missions locations in Devil May Cry 5.

Fortnite Challenges for Overtime, Birthday and Week 10, plus Challenge reset times explained

Everything you need to know about Weekly Challenges in Fortnite.

Comments (74)

Comments for this article are now closed. Thanks for taking part!

Hide low-scoring comments
Order
Threading