1. Comment
  2. Comment
August 30, 2018updated 03 Sep 2018 9:49am

Google irritates Epic Games by revealing Fortnite flaw: is this Google’s revenge?

By GlobalData Technology

Epic Games, the maker of Fortnite, the world’s most popular shooting game, announced Android OS users would finally get access to the game. The kicker: users would have to go to Epic’s own website and download Fortnite android version using a proprietary installer that works best by disabling an Android security setting to install it.

But Google’s researchers discovered a security vulnerability in Fortnite’s installer. The tool, found Google, would allow any app on the phone to be hijacked by other apps attempting to download files to an Android phone without the user’s knowledge.

Google reported the problem privately to Epic on 15 Aug, and the makers of Fortnite patched the vulnerability. But then, Google went on to publicly report the vulnerability, even though Epic had requested that it wait 90 days to do so.

Is this a case of revenge?

Epic has purposely avoided Google’s Play Store, possibly to avoid  it’s the customary 30% fee Google charges developers selling apps or offering in-app purchases through its Play Store.

There are big bucks at stake. Since the game’s release in September 2017, Fortnite is estimated to have earned more than $1bn in revenue from in-app purchases.

The game is free to download and play; players only pay if they want to customise their avatar. This freemium monetisation model has helped Fortnite become incredibly popular; more than 125 million people have downloaded the game. And that’s a lot of revenue that Google stands to lose.

However, Google still has a reputation to uphold.

A security hole in the proprietary installer is a potential black eye for Android as a whole.

Moreover, Google followed its own established protocols for reporting a vulnerability. Its rules dictate that Google will reveal the details of vulnerabilities 90 days after reporting them to software developers if they have not been addressed.

However, if a patch has been made, then it waits just seven days thereafter. When Epic released the patch, Google began its countdown. Epic wanted Google to wait 90 days because not all installations of the Fortnite would have received the update.

That’s because the game is only updated when the user runs the game. Had the game been offered in the Google Play Store, the vulnerable code would have been updated automatically.

In the end, however, this episode does not besmirch Epic.

The game has a rabid following of users—many of whom are young users—who will download the game despite any security risk. It will continue to be Google’s job to protect Android users, even if it is getting no revenue in return.


Verdict deals analysis methodology

This analysis considers only announced and completed artificial intelligence deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,