Earlier this month, Google’s security engineers found a flaw in the Fortnite for Android installer. As is normal in such cases, the company informed Epic Games about the vulnerability. Epic Games took swift action on the report and by August 17 (according to the Google Issue Tracker), the company had deployed a fix that would secure newer Android devices from being vulnerable to the exploit.
Epic also asked Google to give them the full 90 days before making the issue public so that users have time to update their installers. However, Google, in keeping with its own guidelines of either waiting 90 days or for a patch to be issued before making issues public, did not grant Epic the requested 90 days and opened the thread to the public eye on August 24.
Understandably, Epic Games is unhappy about Google’s decision regarding the issue. Unhappy might be an understatement though, since Epic Games’ CEO Tim Sweeney released a wrathful statement against Google for not allowing Epic enough time to ensure that most users had updated their installers.
Sweeney said, “Epic genuinely appreciated Google’s effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered. However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.”
He even hinted that Google did this purely as a counter-PR move against Epic for not releasing Fortnite through the Play Store, and cutting Google out of the 30% share it would’ve otherwise received with every in-app purchase made on Fortnite Android. “Google’s security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play” Sweeney said.
Google did privately communicate something to the effect that they’re monitoring Fortnite installations on all Android devices(!) and felt that there weren’t many unpatched installs remaining.
— Tim Sweeney (@TimSweeneyEpic) August 25, 2018
Whether Google’s intentions behind making the issue public once the patch had been issued was born as a counter-PR move against Epic is unknown, however Google did inform the company privately about monitoring Fortnite installations, and reckoned most installers were updated. So it might not have been as vengeful as Epic has made it out to be. Or perhaps it was just killing two birds with one stone; we may never find out.
