The developer of the super popular Fornite decided to withdraw its app from Google Play Store and instead make it available through its own app. This was because the game developer insisted on going it alone, and one of the reasons is not having to share the app-revenue with Google. This was an essential slap in the face of Google.
The Epic’s move obviously was going to hurt Google, and they warned the Gamers that by going alone could put Android users at greater risk. Now, that the worst has happened, Google found a bug within the Fortnite installer app, which allows malicious apps to download on one’s Android phone. The malicious app will hijack the downloading process, so instead of downloading the game from Epic server, it could download something entirely different, and thus putting the device open to attack.
Well, it was on August 15, that Google first discovered the vulnerability inside of the Fortnite installer, and Epic was notified immediately. Google didn’t make the details of the exploit, and Epic immediately sprang into action and released a patch within 48-hours.
So, where did it go wrong? Even though Epic released the patch quickly, it asked Google not to disclose the details of the exploit until after 90-days as per the standard 90-days disclosure deadline. This will give the users ample time to update their apps, and hackers will also not be able to take much advantage of the bug. This 90-days disclosure deadline explicitly states the following:
“This bug is subject to a 90-day disclosure deadline. After 90 days elapse or a patch has been made broadly available, the bug report – including any comments and attachments – will become visible to the public.”
Though Epic made this request to wait the full 90 days before disclosing the exploit, but Google went ahead and shared the details, which reads.
“The patched version of Fortnite Installer has been available for 7 days we will proceed to un-restrict this issue in line with Google’s standard disclosure practices”.
Obviously, the Fortnite developers were not happy with Google’s take. The Epic’s CEO Tim Sweeney’s statement to Mashable:
“Epic genuinely appreciated Google’s effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered.
However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.
An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed.
Google’s security analysis efforts are appreciated and benefit the Android platform, however, a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play.”
Ultimately, who’s in the right and who’s in the wrong? Honestly, neither company is.
Anyway, either of them are right in their own ways and we cannot blame one company for their decision. Looking at the larger pictures, Google is right that if the app is downloaded from other sources will leave the app more vulnerable. Or you can say that Google was not happy with Epic’s pulling out, which means a huge loss in revenue from the popular game.
Finally, Google has this one standard statement and it’s true and you cannot blame them for that as they say that “User security is our top priority, and as part of our proactive monitoring for malware we identified a vulnerability in the Fortnite installer. We immediately notified Epic Games and they fixed the issue.”
- Packet Fingerprinting with Wireshark and Detecting NMap Scans cvv sites, cvv store
- Кандидат в президенты США рассказал о своем хакерском прошлом cvvstore, valid cc shop
- Ransomware Attacks Targeting Unpatched EOL SonicWall SMA 100 VPN Appliances buy cvv, feshop cc
- European Banking Authority victim in Microsoft Exchange Server hack dump shop, buying cvv
- Starting an InfoSec Career – The Megamix – Chapter 6 cvv dump, credit card dumps
Recent CommentsNo comments to show.