Google quickly disclosed Fortnite security flaw for “cheap PR points” – Epic CEO

Google recently disclosed a security flaw in the launcher application for Fortnite on Android.

The CEO of Epic Games, Tim Sweeney, said that as a result the company put its users at risk for no reason, Sophos reported.

The security flaw was discovered on 15 August 2018, reported to Epic, and the company was given a week before Google would disclose it.

This is in line with Google’s aggressive disclosure policy, stated the report.

According to the disclosure, the vulnerability allowed an attacker to potentially load a malicious app via the launcher and grant all the permissions that the launcher requests at install time.

Epic requested the full 90-day disclosure period to resolve the issue, so that its users had a chance to install a patch for the security flaw. However, Google didn’t grant the request and made the issue public on 24 August.

“As mentioned via email, now the patched version of Fortnite Installer has been available for 7 days we will proceed to unrestrict this issue in line with Google’s standard disclosure practices,” said Google.

The matter follows Epic Games circumventing the Google Play store for its app, requiring players to “side-load” their launcher application on Android – cutting Google out of the share of the revenue it would have received from in-game transactions.

Google usually takes a 30% fee on sales made through Google Play.

Now read: Fortnite turns Epic Games founder into billionaire

Latest news

Partner Content

Show comments

Recommended

Share this article
Google quickly disclosed Fortnite security flaw for “cheap PR points” – Epic CEO