To explain the security flaw in detail Google provided a video proof alongside the claim.
Google recently discovered a security flaw in Epic Games, Fortnite Android installer. This flaw would allow hackers to install malicious apps onto users smartphones. Responding quickly, Epic Games fixed the flaw by sending out an update to all users.
To explain the security flaw in detail, Google provided a video proof alongside the claim. In the video, it is seen that after the game is downloaded and installed on a Samsung smartphone with the help of the Fortnite Installer, the game when opened would launch a random malicious app instead.
Explaining this, Google said this happened because the installer would only check for the APK name and nothing else, which would allow hackers to replace the APK of the game with some malicious app’s APK files. This kind of attack is also known as the ‘man in the disk’ attack.
Epic Games rolled out version 2.1 update of the installer on August 17, in which they had fixed the security loophole. Google was requested by InfoSec to delay publishing the information by 90 days. However, under its standard disclosure practices, the company went ahead and said that the issue has now been rectified.
Epic Games CEO, Todd Sweeney told Android Central, that they were thankful to Google for pointing out the flaw inside of their app. But at the same time also called them irresponsible, due to the fact that they disclosed the technical details very fast. As of now, many installations are yet to be updated and are still vulnerable to the loophole.