Google was mostly hit in the face when Epic Games, the developer of the super popular Fortnite decided not to make the game available through the Play Store, but via his own app.
Google warned Epic to It could potentially put Android users at greater security risk, but the game developer brushed it off and insisted on going alone for several reasons – including not giving Google an income income and "embracing open platforms." "
Well, now it's the worst thing happen. In spite of that, Google recently discovered an exploitation in the installer Fortnite that allowed malicious apps installed on their Android phone to hijack download process, so that instead of downloading the game from Epic's server, download and install something completely different, potentially allowing the device to be open to attack.
Here's a quick download of what which occurred:
Google first detected the vulnerability in the Fortnite app on August 1
Here are the things that get a bit ugly. Although Epic quickly released an update for the installer, it called Goog laugh not to reveal the details of the exploitation until after 90 days. Not only will there be more time for users to update their installers, but hackers would also not be able to take advantage of the error.
However, the Google Guidelines Publish Policy explicitly sets out the following:
"This error is subject to a 90-day termination. After 90 days or a patch has been made widely available, the bug report – including any comments and attachments – Be visible to the public. "
In spite of Epic's request for Google to wait 90 days before revealing its use, Google provided its own guidelines and shared the details.
Per Google Issue Tracker thread on the bug report:
"… now the updated version of Fortnite Installer has been available for 7 days, we will continue to unrestrict this issue in accordance with Google's standardization practices."
Of course, the Fortnite developer was not happy with Google's decision at all. Epic gave Mashable the following comment from CEO Tim Sweeney:
"Epic really uphold Google's efforts to perform a thorough security review of Fortnite immediately after our release on Android and share the results with Epic so we could quickly make an update to fix the mistake they discovered.
However, it was irresponsible for Google to publish the technical details of the error so quickly, while many installations were not updated and still vulnerable.  An epic security engineer, on my request , requested Google to delay publication for the typical 90 days to allow the time of the update to be more widely installed. Google denied. You can read everything at https://issuetracker.google.com/pages/ 112630336
Google's security analysis appreciated and enjoying the Android platform, but a company that is as powerful as Google should practice more proper enlightenment time than this, and do not stop any users during their promotional efforts against Epics distribution of Fortnite outside of Google Play.
Finally, who's Right and Who's Wrong? Honestly, none of the companies.
Google is right that Epic's decision not to free Fortnite through the Play Store, allows The app becomes more vulnerable. As my colleague, Mashable tech reporter Matt Binder, made it clear earlier: Android users must disable certain Android security privileges to install Fortnite and there is no guarantee that they will remember turn them back on after doing it.
Maybe Google really is touched that there is no revenue from the massively popular game (apps listed on Google Play pay part of the sale to Google). Due to the popularity of the game however, the Android gatekeeper remains a responsibility to ensure that the users are safe. Otherwise, the entire platform may end up with an even worse reputation due to third-party developers.
As said, Epic is also right because if Google really care about protecting its users first and foremost, should have been more flexible at its bug disclosure deadline so that not tip hackers so fast.
According to Sweeney's statement, Google had this only in response to Mashable's request for comment: "User Security is our top priority and As part of our proactive malicious software monitoring, we identified a security issue in the installer Fortnite . We reported about instant Epic Games and they solved the problem. "
The disagreements between Google and Epic should not be overlooked. Google may not have anything to do with Fortnite after being lost by Epic Games, but their paths will inevitably cross because of the Android platform.
Google may detect vulnerabilities in future versions of Fortnite installer or other app installers from other companies that decide to follow Epics footsteps and not offer their apps in the Play Store. Will Google monitor and perform security audits on all of these also to protect Android users? Hard to say, but it will surely be interesting to see from the sidelines.
If anyone laughs at this event, it's Apple. The company's closed platform means that all apps may be released through the App Store. By not allowing apps to be officially released in any other way, Apple has been aware of the problem facing Google now.