Epic Games’ popular Fortnite game was beset with a flaw so severe it allowed any app on Android phones to download anything silently in the background.
The issue arose due to the way Epic chose to distribute the game. Had Epic published the game in the Google Play Store the company would have been beholden to the 30% fees charged by Google, thereby eating into its ability to make money. Epic decided to offer the game apart from the Play Store. The process involved downloading and installing a separate installer app that then downloaded the game itself. It was this in-between app, the Fortnite Installer, that introduced the security flaw.
Google’s security team discovered that the Fortnite Installer app could be hijacked by any app on the phone. The apps could then download literally anything to the phone with full permissions granted unbeknownst to the Fortnite Installer and device owner. Google informed Epic Games of the vulnerability on August 15 and a patch has since been issued.
The episode serves to highlight the danger of installing apps that don’t come directly from the Google Play Store. At this time it isĀ unknown if the security hole was exploited.