Epic Calls Google ‘Irresponsible’ for Disclosing Serious Security Flaw in Fortnite

Epic Calls Google ‘Irresponsible’ for Disclosing Serious Security Flaw in Fortnite

Epic Games is riding high on the success of Fortnite, which is available on desktop, game consoles, and even mobile devices. The company took the unusual step of skipping the Play Store for Android distribution, which brings the potential for security issues. Sure enough, the first version of Fortnite on Android contained a bug that could have allowed malware to sneak onto your phone. Rather than accept the responsibility for making a mistake, an Epic founder Tim Sweeney says Google was “irresponsible” to release the bug details after it was fixed.

Because Epic Games decided to distribute the game with device restrictions via its own website, installing Fortnite on Android is a two-step process. You have to download the installer APK and grant it permission on your phone (this by itself is a security risk). Then, the installer verifies your phone is supported and downloads the actual game.

According to a Google bug report from earlier this month, the first version of the installer had a vulnerability that other apps could exploit to install anything they wanted. This is a version of the “man in the disk” attack recently uncovered in some other apps. Epic Games worked quickly to deploy a fix, and after confirming, Google disclosed the details of the bug via the public issue tracker. That’s par for the course with open source projects like Android.

However, Tim Sweeny has taken to Twitter to object to the way Google handled the situation. He contends Google disclosed the bug too quickly in order to score PR points. The implication is that Google is upset about not having Fortnite in the Play Store, which deprives it of the usual 30 percent cut of in-app purchases. Sweeny says Google should have waited until the patch was more widely distributed.

Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update.

The only irresponsible thing here is Google’s rapid public release of technical details.

— Tim Sweeney (@TimSweeneyEpic) August 25, 2018

There are several things wrong with this line of reasoning. First, it’s not normal to hold bug reports for an arbitrary length of time after a fix. Android is open source, and this is just the way it works. The idea that Google’s dev team is being used by PR or executives to embarrass Epic Games is also rather silly. If Google really wanted to embarrass Epic at the expense of its users, it could have ignored the bug and waited for it to blow up in Epic’s face.

Sweeney is most likely worried because the company didn’t build a mechanism to get users to update their installer client. This is the sort of thing companies need to think about when distributing apps outside the Play Store. For most, it’s not worth the hassle. Epic made its bed, though, and now it has to lie in it.

Continue reading

Nvidia Unveils ‘Grace’ Deep-Learning CPU for Supercomputing Applications
Nvidia Unveils ‘Grace’ Deep-Learning CPU for Supercomputing Applications

Nvidia is already capitalizing on its ARM acquisition with a massively powerful new CPU-plus-GPU combination that it claims will speed up the training of large machine-learning models by a factor of 10.

Apple Is Working on CPUs With 32 High-Performance Cores: Report
Apple Is Working on CPUs With 32 High-Performance Cores: Report

Once the M1 hit a few weeks back, it was clear that the diminutive processor was but a sign of things to come. Reports suggest that Apple will be upping the competitive ante in short order.

Report: Apple Ignored its Partners’ Repeated Violations of Chinese Labor Laws
Report: Apple Ignored its Partners’ Repeated Violations of Chinese Labor Laws

Apple has reportedly turned a blind eye to repeated violations of Chinese labor law in its partners' factories over the past six years.

Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera

According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.