Save up to $800 on Samsung Galaxy Tab S10

Google found that the Fortnite installer could load malicious apps on an Android phone

By
8comments
Google News Follow
Follow us on Google News
Android Software updates Apps Games Google
Google found that the Fortnite installer could load malicious apps on an Android phone
Back on August 15th, Google needed to get in touch with Epic Games, the developer of Fortnite. A serious flaw was discovered with the Fortnite installer for Android that required a patch to be sent out stat. How serious an issue was this? Consider that with the Fortnite installer loaded on an Android handset, a malicioius app could be installed on the device at the direction of a hacker.

Google even provided Epic with a video that showed Fortnite installed on a Samsung handset using the Fortnite installer. When the game was opened, a malicious app would launch instead of the game. According to the Google Issue Tracker, the installer allow these fake APK's to be installed on an Android phone as long as they carried the package name of com.epicgames.fortnite.

On August 17th, Epic pushed out version 2.1 of the Fortnite installer, which fixed the vulnerability by changing the APK storage directory from external to internal. Epic requested a 90 day period before disclosing what had happened behind the scenes. It requested this delay in order to allow all users to update to the new version of the installer. However, Google lifted all restrictions after seven days, which is the company's standard disclosure practice.

"On Samsung devices, the Fortnite Installer performs the APK install silently via a private Galaxy Apps API. This API checks that the APK being installed has the package name com.epicgames.fortnite. Consequently the fake APK with a matching package name can be silently installed...If the fake APK has a targetSdkVersion of 22 or lower, it will be granted all permissions it requests at install-time. This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure."-Google Issue Tracker

Recommended Stories
As we previously told you, in order to save the 30% cut of revenue that it would have to pay Google to have Fortnite listed in the Play Store, Epic has decided to have Android users sideload the app using the installer. Seems to us that Google might have earned the opportunity to list the game after all.

source: Google
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Recommended Stories

Loading Comments...

Popular stories

Three changes coming to Google Messages to kick the texting experience up a notch
Three changes coming to Google Messages to kick the texting experience up a notch
T-Mobile and SpaceX's direct-to-cell service is suddenly so much more exciting
T-Mobile and SpaceX's direct-to-cell service is suddenly so much more exciting
The dream smartphone will finally become reality in 2025
The dream smartphone will finally become reality in 2025
Upcoming T-Mobile Tuesdays gift might be this season's comfiest accessory
Upcoming T-Mobile Tuesdays gift might be this season's comfiest accessory
Best Buy is incredibly selling the Moto G Play (2024) for $9.99 with (almost) no strings attached
Best Buy is incredibly selling the Moto G Play (2024) for $9.99 with (almost) no strings attached
New Google Messages feature to allow users to choose custom images for contacts
New Google Messages feature to allow users to choose custom images for contacts

Latest News

The rugged Garmin Instinct 2S Camo Edition enjoys a huge $120 discount at Amazon
The rugged Garmin Instinct 2S Camo Edition enjoys a huge $120 discount at Amazon
After a massive $130 discount, the sleek Galaxy Watch 6 Classic becomes a real gem on Amazon
After a massive $130 discount, the sleek Galaxy Watch 6 Classic becomes a real gem on Amazon
Destiny: Rising mobile game soft-launched in select countries
Destiny: Rising mobile game soft-launched in select countries
Realme GT 7 Pro debuts packed with power and ready for action with underwater photography
Realme GT 7 Pro debuts packed with power and ready for action with underwater photography
Xiaomi 14T Pro PhoneArena Camera score: Mr. Average
Xiaomi 14T Pro PhoneArena Camera score: Mr. Average
Doorbuster promo at Lenovo lands the Lenovo Tab Plus at its lowest price so far
Doorbuster promo at Lenovo lands the Lenovo Tab Plus at its lowest price so far
FCC OKs Cingular\'s purchase of AT&T Wireless