Google found that the Fortnite installer could load malicious apps on an Android phone
Back on August 15th, Google needed to get in touch with Epic Games, the developer of Fortnite. A serious flaw was discovered with the Fortnite installer for Android that required a patch to be sent out stat. How serious an issue was this? Consider that with the Fortnite installer loaded on an Android handset, a malicioius app could be installed on the device at the direction of a hacker.
Google even provided Epic with a video that showed Fortnite installed on a Samsung handset using the Fortnite installer. When the game was opened, a malicious app would launch instead of the game. According to the Google Issue Tracker, the installer allow these fake APK's to be installed on an Android phone as long as they carried the package name of com.epicgames.fortnite.
On August 17th, Epic pushed out version 2.1 of the Fortnite installer, which fixed the vulnerability by changing the APK storage directory from external to internal. Epic requested a 90 day period before disclosing what had happened behind the scenes. It requested this delay in order to allow all users to update to the new version of the installer. However, Google lifted all restrictions after seven days, which is the company's standard disclosure practice.
As we previously told you, in order to save the 30% cut of revenue that it would have to pay Google to have Fortnite listed in the Play Store, Epic has decided to have Android users sideload the app using the installer. Seems to us that Google might have earned the opportunity to list the game after all.