Epic Games made news earlier this month when it confirmed that it would not distribute Fortnite for Android through the Play Store, opting instead to offer its own installer. Now news about a security issue related to that decision has come out.
Google has revealed that it found a vulnerability with the Fortnite installer for Android that allowed any app on your phone to download and install anything in the background. The issue was that a malicious party could take over the installer’s request to download Fortnite and instead make it download whatever they wanted. The vulnerability didn’t even require you to allow installation of unknown sources, save for the time that you allow it to enable the Fortnite installer, but you would need a malicious app on your phone looking for a vulnerability like this.
The vulnerability was discovered by Google on August 15th, and Epic confirmed that same day that it was able to reproduce the bug and was working to fix it. The exploit was patched less than 48 hours later and Epic pushed out an updated version of its Fortnite installer, requiring that users update the installer to get the fix. If you’ve got version 2.1.0 of the Fortnite installer, you’ve got the fix.
In response to this news, Epic Games CEO Tim Sweeney thanked Google for discovering the problem, but he also called Google “irresponsible” for disclosing the issue publicly so soon after it was found. “An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused,” Sweeney told Android Central.
The big takeaway here is that if you’ve got the Fortnite installer on your phone but haven’t updated it recently, you should do that as soon as you can.
This is a pretty big security issue, and it’s one of the major criticisms that people had of Epic’s decision not to distribute Fortnite in the Play Store. If it had done so, Google likely would’ve caught the problem while reviewing Fortnite for publishing in the Play Store. The good news is that the vulnerability was patched up fairly quickly by Epic. If you’ve downloaded the Fortnite installer, you should head into it now and check to see if you’re running version 2.1.0.