Google Discovers Security Hole in Fortnite Android Installer

[Guest]

Google discovered and publicly disclosed a security vulnerability in Epic Games' "Fortnite" for Android installer that could enable "man-in-the-disk attacks."

Google Discovers Security Hole in Fortnite Android Installer : Read more

 

[Dosflores]

"The problem starts with the fact that Fortnite isn't available through Google's official Play Store."

No. The problem starts with the fact that microSD card access on Android isn't secure. External researchers found this, and were able to perform man-in-the-disk attacks on apps developed by Google. Google has now adopted the best practices given by those researchers, and told Epic Games to do it too.

Don't try to make it look as though Google are the good ones. They didn't discover any security hole. They created an OS with a security hole which was discovered by a third party.

 

[shrapnel_indie]

Epic released a fix on August 16. The company requested that Google maintain its standard of waiting 90 days before publicly disclosing the vulnerability, however, so people would have a chance to update their devices.

Google decided not to wait. "As mentioned via email," Edward said, "now the patched version of Fortnite Installer has been available for seven days we will proceed to unrestrict this issue in line with Google's standard disclosure practices."

Don't kid yourself. Google wanted to make an example of Epic. The threat may have been real, and now mitigated... but the fear of such issues makes for good pressure to push apps into the Google App store where, in addition to such added "security" Google DOES get a cut of the profits. It's easy to hide real intent behind the security issue because security is so important... and also take advantage of it for your own benefit. Google isn't a saint although they've tried to play the part. Remember that they've modified their internal mantra so it doesn't include not doing harm/wrong. Also, going by this, Google has changed their policy... or at least has a different one internally than what they tell others.

 

[valeman2012]

Epic released a fix on August 16. The company requested that Google maintain its standard of waiting 90 days before publicly disclosing the vulnerability, however, so people would have a chance to update their devices.

Google decided not to wait. "As mentioned via email," Edward said, "now the patched version of Fortnite Installer has been available for seven days we will proceed to unrestrict this issue in line with Google's standard disclosure practices."

Don't kid yourself. Google wanted to make an example of Epic. The threat may have been real, and now mitigated... but the fear of such issues makes for good pressure to push apps into the Google App store where, in addition to such added "security" Google DOES get a cut of the profits. It's easy to hide real intent behind the security issue because security is so important... and also take advantage of it for your own benefit. Google isn't a saint although they've tried to play the part. Remember that they've modified their internal mantra so it doesn't include not doing harm/wrong. Also, going by this, Google has changed their policy... or at least has a different one internally than what they tell others.

Doesn`t matter. Fortnite wants to bully PUBG now? Now Fortnite/Epic Games want to bully Google by not going through the playstore.... Epic Game tries to prevent the public knowing that there a security flaw in their Mobile Game or else it will not able complete against PUBG Mobile..

Now we know thhey dont really care about user security, how secured is the PC Version client?

 

[shrapnel_indie]

Epic released a fix on August 16. The company requested that Google maintain its standard of waiting 90 days before publicly disclosing the vulnerability, however, so people would have a chance to update their devices.

Google decided not to wait. "As mentioned via email," Edward said, "now the patched version of Fortnite Installer has been available for seven days we will proceed to unrestrict this issue in line with Google's standard disclosure practices."

Don't kid yourself. Google wanted to make an example of Epic. The threat may have been real, and now mitigated... but the fear of such issues makes for good pressure to push apps into the Google App store where, in addition to such added "security" Google DOES get a cut of the profits. It's easy to hide real intent behind the security issue because security is so important... and also take advantage of it for your own benefit. Google isn't a saint although they've tried to play the part. Remember that they've modified their internal mantra so it doesn't include not doing harm/wrong. Also, going by this, Google has changed their policy... or at least has a different one internally than what they tell others.

Doesn`t matter. Fortnite wants to bully PUBG now? Now Fortnite/Epic Games want to bully Google by not going through the playstore.... Epic Game tries to prevent the public knowing that there a security flaw in their Mobile Game or else it will not able complete against PUBG Mobile..

Now we know thhey dont really care about user security, how secured is the PC Version client?

Ummm...

Enter the vulnerability Google discovered on August 15 and publicly disclosed on August 25. {...}

Epic released a fix on August 16. The company requested that Google maintain its standard of waiting 90 days before publicly disclosing the vulnerability, however, so people would have a chance to update their devices.

That doesn't sound like they were really trying to hide it very hard. AND it was fixed by the day after it was discovered. They asked google to follow a standard that was known to developers... but apparently Google had another, different standard they go by other than the one they told others.

 

[valeman2012]

Epic released a fix on August 16. The company requested that Google maintain its standard of waiting 90 days before publicly disclosing the vulnerability, however, so people would have a chance to update their devices.

Google decided not to wait. "As mentioned via email," Edward said, "now the patched version of Fortnite Installer has been available for seven days we will proceed to unrestrict this issue in line with Google's standard disclosure practices."

Don't kid yourself. Google wanted to make an example of Epic. The threat may have been real, and now mitigated... but the fear of such issues makes for good pressure to push apps into the Google App store where, in addition to such added "security" Google DOES get a cut of the profits. It's easy to hide real intent behind the security issue because security is so important... and also take advantage of it for your own benefit. Google isn't a saint although they've tried to play the part. Remember that they've modified their internal mantra so it doesn't include not doing harm/wrong. Also, going by this, Google has changed their policy... or at least has a different one internally than what they tell others.

Doesn`t matter. Fortnite wants to bully PUBG now? Now Fortnite/Epic Games want to bully Google by not going through the playstore.... Epic Game tries to prevent the public knowing that there a security flaw in their Mobile Game or else it will not able complete against PUBG Mobile..

Now we know thhey dont really care about user security, how secured is the PC Version client?

Ummm...

Enter the vulnerability Google discovered on August 15 and publicly disclosed on August 25. {...}

Epic released a fix on August 16. The company requested that Google maintain its standard of waiting 90 days before publicly disclosing the vulnerability, however, so people would have a chance to update their devices.

That doesn't sound like they were really trying to hide it very hard. AND it was fixed by the day after it was discovered. They asked google to follow a standard that was known to developers... but apparently Google had another, different standard they go by other than the one they told others.

They were...epic games were complaining about that "cut" days ago and found way to avoid that "cut"...that probably led Google doing it diffenrtly.

 

[captaincharisma]

epic's back to their greasy ways. if there was a way to sideload apps onto an iphone epic would have done the same to apple.

epic is just another tech company keeping the android OS open to hackers

 

[FFH]

So Google doesn't get a cut from fortnite in app purchases, and they just happened to find a security hole in the installer...

 

[captaincharisma]

So Google doesn't get a cut from fortnite in app purchases, and they just happened to find a security hole in the installer...

lol, its their OS kid they can do whatever they want. especially when a company releases an app where it's required for you to turn off most of your phones security to install it.

 

[alextheblue]

epic's back to their greasy ways. if there was a way to sideload apps onto an iphone epic would have done the same to apple.

epic is just another tech company keeping the android OS open to hackers

"Sideloading" an app is equivalent to downloading and installing a program on Windows 10 instead of installing an app from the Store.