Epic Games, the maker of Fortnite, the world’s most popular shooting game, announced Android OS users would finally get access to the game. The kicker: users would have to go to Epic’s own website and download Fortnite android version using a proprietary installer that works best by disabling an Android security setting to install it.
But Google’s researchers discovered a security vulnerability in Fortnite’s installer. The tool, found Google, would allow any app on the phone to be hijacked by other apps attempting to download files to an Android phone without the user’s knowledge.
Google reported the problem privately to Epic on 15 Aug, and the makers of Fortnite patched the vulnerability. But then, Google went on to publicly report the vulnerability, even though Epic had requested that it wait 90 days to do so.
Is this a case of revenge?
Epic has purposely avoided Google’s Play Store, possibly to avoid it’s the customary 30% fee Google charges developers selling apps or offering in-app purchases through its Play Store.
There are big bucks at stake. Since the game’s release in September 2017, Fortnite is estimated to have earned more than $1bn in revenue from in-app purchases.
The game is free to download and play; players only pay if they want to customise their avatar. This freemium monetisation model has helped Fortnite become incredibly popular; more than 125 million people have downloaded the game. And that’s a lot of revenue that Google stands to lose.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
However, Google still has a reputation to uphold.
A security hole in the proprietary installer is a potential black eye for Android as a whole.
Moreover, Google followed its own established protocols for reporting a vulnerability. Its rules dictate that Google will reveal the details of vulnerabilities 90 days after reporting them to software developers if they have not been addressed.
However, if a patch has been made, then it waits just seven days thereafter. When Epic released the patch, Google began its countdown. Epic wanted Google to wait 90 days because not all installations of the Fortnite would have received the update.
That’s because the game is only updated when the user runs the game. Had the game been offered in the Google Play Store, the vulnerable code would have been updated automatically.
In the end, however, this episode does not besmirch Epic.
The game has a rabid following of users—many of whom are young users—who will download the game despite any security risk. It will continue to be Google’s job to protect Android users, even if it is getting no revenue in return.