Fortnite has skipped the Google Play store for its Android release, but its avoidance of the securities offered by Google Play potentially allowed for a major exploit to make its way into the launcher. On Friday, Google publicly disclosed a bug in the Fortnite launcher that potentially allowed for hackers to install malware onto Android devices.
The exploit, which has since been fixed with version 2.1.0 of the app, was essentially a weakness in the installer app for Fortnite that allowed for other programs already-downloaded onto the device to go through the launcher and install other programs without the knowledge of the user. For the vulnerability to cause a problem, the user would already have to have an app on their phone looking for said vulnerability, but if they did, malware could be installed and launched through the Fortnite app while the user assumed they were installing and launching Fortnite itself.
While the issue was fixed shortly after Google made the information public, Epic CEO Tim Sweeney responded in a comment made to Android Central regarding the company's publication of the issue:
"Epic genuinely appreciated Google's effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered.
"However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.
"An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused. You can read it all at https://issuetracker.google.com/issues/112630336

https://www.gamesindustry.biz/articl...e-installation