Google recently disclosed a security flaw in the launcher application for Fortnite on Android.
The CEO of Epic Games, Tim Sweeney, said that as a result the company put its users at risk for no reason, Sophos reported.
The security flaw was discovered on 15 August 2018, reported to Epic, and the company was given a week before Google would disclose it.
This is in line with Google’s aggressive disclosure policy, stated the report.
According to the disclosure, the vulnerability allowed an attacker to potentially load a malicious app via the launcher and grant all the permissions that the launcher requests at install time.
Epic requested the full 90-day disclosure period to resolve the issue, so that its users had a chance to install a patch for the security flaw. However, Google didn’t grant the request and made the issue public on 24 August.
“As mentioned via email, now the patched version of Fortnite Installer has been available for 7 days we will proceed to unrestrict this issue in line with Google’s standard disclosure practices,” said Google.
The matter follows Epic Games circumventing the Google Play store for its app, requiring players to “side-load” their launcher application on Android – cutting Google out of the share of the revenue it would have received from in-game transactions.
Google usually takes a 30% fee on sales made through Google Play.
Google did privately communicate something to the effect that they’re monitoring Fortnite installations on all Android devices(!) and felt that there weren’t many unpatched installs remaining.
— Tim Sweeney (@TimSweeneyEpic) August 25, 2018