Fortnite’s Android vulnerability leads to Google/Epic Games spat

Epic Games

Epic Games’ popular shooter Fortnite has been out on Android for just a few weeks, and already there are concrete examples of some of the security fears brought about by the game’s unique distribution method. Google disclosed a vulnerability in the Fortnite Installer that could trick the installer into installing something other than Fortnite.

Fortnite is one of the rare Android apps that isn’t distributed on the Google Play Store. Epic, in an effort to avoid Google’s 30-percent cut of in-app purchases, is distributing the game itself on Android. Users who want Fortnite must go to Epic’s website and download an app called the “Fortnite Installer,” which will then download and install the Fortnite game and keep it up to date. This distribution method opens up users to a number of potential security risks. Getting the installer means users must allow “unknown sources” installation through the browser, and they have to make sure they’re actually downloading Fortnite from Epic Games and not just a website claiming to be Epic Games.