Fortnite, game arrived through alternate means and since then it has been creating headlines for one reason or another. The developers of the game bypassed the tech giant Google’s application store and have raised serious security concern from the outset.
Initially, it was thought that the problem is in the users but the truth is that apparently, the Epic Games, has a serious security problem. Global tech giant Google was the first to discover the flaw and seems to only affect the South Korean giant Samsung’s smartphones that have this game installed. Installing fake applications seems to be very obvious with this flaw. Even the other Android App Development companies are worries about this issues.
The company decided to make its insanely popular game ‘Fortnite for Android’ available through the Google Play store, but via its own app. The reason behind this decision was, the company did not intend to pay 30% commision fees which they have to pay to the Play Store if they chose to play store as their downloading platform.
The company was warned by many researchers about this approach as it could potentially put Android users at a greater risk, as downloading APKs outside of the Play Store is not recommended and requires to disable some security features on Android devices as well by the users.
After Google itself carried out the thorough evaluation, it has been proven that the Fortnite installer can be bypassed and used to install fake and external applications to this installer.
Google published the proof-of-concept video which stated that researchers demonstrated that their attack takes advantage of a newly introduced “Man-In-The-Disk” attack. In a nutshell, man-in-the-disk attacks allow malicious apps to manipulate the data held in unprotected external storage before they read it, resulting in the installation of undesired apps instead of the legitimate update.
For those unaware, to install Fortnite on Android phone, a user needs to install a ‘Helper’ app that downloads Fortnite to their phone’s storage and installs it on the phone. Google discovered that any unknown app without permission if installed can intercept the installation and replace installation file with another malicious APK, including one with full permission granted like access to the SMS, GPS, call history, or even camera, all without the knowledge of the user.
The first version of the game was exclusively launched on Samsung phones and since then the vulnerabilities only affected the Fortnite installer available through the Galaxy Apps store, and not the version made available for non-Samsung devices.
Epic Games received the reports of vulnerability by Google Itself, which confirmed the existence, and issued a patch report within just 48 hours with the release of version 2.1.0 of the Fortnite installer.
As the world of mobile app development is growing, chances of vulnerabilities are also increasing as there will be some loopholes which the hackers want to exploit. Users are advised to update their installer to the latest version 2.1.0. If the user has already installed the latest version and is still worried about the impact, uninstall and reinstall Fortnite For Android and start again from scratch.
For any queries !! Just fill up the contact form and our experts will get back to you soon.