Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
Powered by cricketnext logo
News18 » Tech
4-min read

Epic Games Response is Exactly Why Fortnite Should Have Been on The Google Play Store

The game developer wanted Google to hide the vulnerability from Android users, after Google discovered the massive security flaw in the very installation file. This, after Epic Games had sidelined Google for the Android version of Fortnite.

Vishal Mathur | News18.com@vishalmathur85

Updated:August 27, 2018, 9:27 AM IST
facebookTwitter Pocket whatsapp
Epic Games Response is Exactly Why Fortnite Should Have Been on The Google Play Store
The game developer wanted Google to hide the vulnerability from Android users, after Google discovered the massive security flaw in the very installation file. This, after Epic Games had sidelined Google for the Android version of Fortnite.

It has been rumbling for a while, but Epic Games’ decision to bypass the Google Play Store and distribute the Fortnite game as a download from its website is perhaps not as good an idea as initially thought. Google has revealed the exact details of the security flaw, as well as the fact that game developer Epic Games wanted Google to keep quiet about it for a while.

Google did detail the exact flaw in the Fortnite installation process for Android and showed how the very first installation file shared by Epic Games for the Fortnite game installation on Android phones (these files have the .apk extension), allowed hackers to basically push any malicious app to the devices. The Android device user would certainly not know about any malicious background activities or apps running under the disguise of the Fortnite installer.

Google details the flaw in the Issue Tracker published by the company—“Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK. On Samsung devices, the Fortnite Installer performs the APK install silently via a private Galaxy Apps API. This API checks that the APK being installed has the package name com.epicgames.fortnite. Consequently the fake APK with a matching package name can be silently installed. If the fake APK has a targetSdkVersion of 22 or lower, it will be granted all permissions it requests at install-time. This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure.”

Google shared this update with Epic Games on 15 August, and while the game developer acknowledged the issue and got down to fixing it, on 16 August, they asked Google something that should worry all Android phone users— “We would like to request the full 90 days before disclosing this issue so our users have time to patch their devices.” On 24 August, Google responded with, “Now the patched version of Fortnite Installer has been available for 7 days we will proceed to unrestrict this issue in line with Google's standard disclosure practices.”

“There’s a technical detail here that’s important. The Fortnite installer only updates when you run it or run the game. So if a user only runs it every N days, then the update won’t be installed for N days. We felt N=90 would be much safer than N=7,” posted Tim Sweeney, CEO, Epic Games, on Twitter. However, as Android users, we don’t really buy that at all.

The worst part about this whole episode is that the installation file, the .apk file in question here, is pretty much the first step to getting the Fortnite game. For a game developer that is trying to set a new trend by bypassing the Google Play Store and asking millions of Android phone users to download the .apk file from their own website, so as to not have to pay Google a share of the earnings from the in-app purchases made by gamers—the fact that the installation file itself had a vulnerability is a huge embarrassment.

The Play Store is the official application store for Android phones, and this is usually preloaded on Android smartphones that you buy. The way the app store arithmetic works is that whenever a user does a purchase on the Play Store, a share of that purchase amount goes to Google. A lot of apps and games now offer in-game purchases as well, and a cut from that also goes to Google, which is about 30 percent cut. Apple also takes a similar share for any purchases routed through the Apple App Store. Incidentally, Fortnite for iOS is available exclusively through the App Store, and Epic Games pays Apple the necessary share of the earnings.

The unfortunate reality of Epic Games trying to show the world that they can do without Google and the Play Store, is that it has put the user at risk. Had the game been distributed via the Play Store on Android devices, there would have been no vulnerable installation file to open your device to, and invite subsequent malware too. We do suspect that the company which would perhaps be smiling at this turn of events is Apple. For all the criticisms that it faces for being a “walled garden” and a “closed platform”, the apps and games being distributed on the App Store for iOS devices have to go through mandatory security checks and there is no option to bypass it.

Also read: Fortnite Bypassing Play Store Could Cost Google More Than $50 Million This year

Also read: Fortnite Bypassing Google Play Store is a Good And Bad Thing

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results