In the aftermath of Epic's decision to have battle royale phenomenon Fortnite avoid the Google Play store, it seems tensions remain high between the two companies. Over the past few days, a new tussle has emerged - this time over a security flaw found in the Android version of the game.
On Friday, Google published a report which revealed the Fortnite app could be hijacked by other apps "to instead install a fake APK with any permissions that would normally require user disclosure". This essentially meant apps could silently download unapproved software in the background. Huh, I guess this "worm" file isn't a Fortnite dance move after all...
Google reported the flaw to Epic on 15th August, and according to records on Google's issue tracker, the vulnerability was fixed by the Fortnite team two days later. Epic's CEO Tim Sweeney believes publishing the flaw is a "valid PR strategy," but criticised Google's decision to publicise it a week after the patch had been issued.
Epic originally requested Google refrain from revealing the problem for a period of 90 days rather than Google's usual seven days "so users have time to patch their devices". According to Sweeney, this is because Fortnite updates on Android are downloaded only when the game is launched. Interestingly, as security expert Graham Cluley notes, this would not have been an issue on Google Play where updates happen automatically.
Despite the fact Google stuck to its standard disclosure policies, in Sweeney's opinion, the move has done "nothing but give hackers a chance to target unpatched users". Today, Sweeney even hinted he felt "the word punishment is very appropriate here". Some have suggested this might have been payback for Fortnite avoiding the Google Play store - and thus Google's cut of sales generated by the game.
In any case, Fortnite's decision to avoid the Google Play store seems to have come at a cost. Although Epic has avoided paying out 30 per cent to Google, the downside is Fortnite on Android carries the perception of an increased vulnerability to security problems. Related, Fortnite recently encouraged users to add additional security measures to their accounts, such as two-factor authentication (which will land you a sweet boogie emote).