Attackers first had to get you to install an app designed to look for the flaw that would not have been difficult if players could search for cheats and "free V-Bux" apps. If present, the app hijacked the installation process to get its own code without noticing that malware came on the market. You did not need to turn on Android Install Unknown Sources after downloading the installer Fortnite and Samsung device owners did not even have to worry about it (since they were downloaded from Samsung's own Galaxy) Apps]
Epic said Android Central that the update was delivered within 48 hours of receiving the message from Google, and it is not clear that someone breached the security in the few days in which it existed exploited. However, the developer is not happy with how Google approached the situation. He accused Google of being "irresponsible" to publicly announce the bug before many people had the opportunity to update their installers, claiming that Google "refused" to wait for more players to update. This is not necessarily the case (Google seems to have followed its disclosure guidelines), but it is reasonable to assume that some Fortnite fans did not diligently update before the vulnerability became public knowledge.