Google was basically beaten when Epic Games, the developer of the super-popular Fortnite decided to make the game not accessible through the Play Store but via its own app
Google Epic warned that this might expose Android users to a greater security risk, but the game developer prevented it from going off alone for several reasons – including the fact that Google did not have to generate direct in-app revenue and use open platforms. "
Well, now the worst has happened, and although Google was under no obligation to do so, it recently discovered an exploit inside the Fortnite installer app, which allowed malicious apps on the Android phone to run Download process so that the game did not need to be downloaded from Epic's server could download and install something completely different, potentially leaving the device open for attacks.
Here's a quick rundown of what happened: [1
It gets a bit ugly here, though Epic quickly gets a pa tch for the installer app, Google asked Google to post the details of the exploit after 90 days. Not only would users have more time to update their installer apps, hackers could not use the bug.
However, the Google Bugs Policy explicitly states:
"This bug is subject to a 90-day period of grace, and after 90 days or after a patch has been made available, the bug report – including all comments and attachments – visible to the public. "
Despite Epic's request to Google, wait the full 90 days before disclosing the exploit, Google adhered to its own guidelines and provided the details.
Per a Google Rep post in an issue tracker thread on the bug report:
"… now the patched version of Fortnite Installer has been made available for 7 days. We will be consistent with this issue Google's Standard Disclosure Practices. "
Of course, Fortnite developer was not happy at all about Google's decision. Epic provided the following commentary from CEO Tim Sweeney to Mashable:
"Epic has sincerely appreciated Google's efforts to conduct a detailed security audit of Fortnite immediately after our release on Android and the results with Epic We were quick to release an update to fix the bug they discovered.
However, it was irresponsible of Google to publicly announce the technical details of the bug so quickly, and many installations have not yet been updated still vulnerable] An Epic security engineer has asked Google, at my request, to delay Google's release for the typical 90 days so that the update can be timely installed, and Google declined to do so at https: // issuetracker .google.com / issues / 112630336
Google Security Analyzes w earth appreciated and benefit from the Android platform. However, a company as powerful as Google should have a more responsible publishing timing than this and not end users practicing as part of their counter-PR efforts against Epic's Fortnite distribution outside of Google Play.
Ultimately, who is right and who is wrong? Honestly, neither company.
Google is right that Epic's decision not to release Fortnite via the Play Store, As my colleague, tech tech reporter Matt Binder, previously pointed out, Android users must disable certain Android security permissions to install Fortnite and there is no guarantee that they will Putting Them Back Later
Maybe Google is really shying away from earning money from the massively popular game (apps listed on Google Play are paying part of their revenue to Google), as Sweeney pointed out, but the Android gatekeeper claims that its quick disclosure of the exploit was in the name of user security.
According to Sweeney, Google responded to Mashable's request for comment only to the following "User safety is our top priority, and as part of our proactive monitoring of malware, we have a vulnerability in Fortnite installer. We immediately notified Epic Games and they fixed the problem. And it's true that Google is responsible for making users secure, otherwise third-party developers could give the entire platform an even worse reputation.
However, if Google is really interested in protecting its users in the first place, It should have been more flexible when it comes to bugs disclosure ] not Hackers hack so fast, so Epic has been asking for 90 days.
The differences between Google and Epic should not be overlooked. Google may not want to deal with Fortnite after it was shunned by Epic Games, but their paths will inevitably cross because of the Android platform.
It's possible that Google will have vulnerabilities in future releases the […] Fortnite installer or even other app installers from other companies who follow in Epic's footsteps and her Do not offer apps in the Play Store. Does Google have to monitor and perform all these security checks to protect Android users? Hard to say, but it will be interesting to watch from the sidelines.
If someone laughs at this turn of events, it's Apple. The company's closed platform means all apps need to be published through the App Store. Since Apple does not allow apps to be officially published in any other way, Apple has protected itself against the problem Google is facing now.
With additional coverage by Adam Rosenberg.