Fortnite Android Installer Had A Dangerous Security Flaw

The phenomenally popular Battle Royale Game – Fortnite was planned to be available for Android. The game has made debuted on Android platform earlier with the launch of Samsung Galaxy Note 9 device. But, as the company said, the game remained exclusively for all Samsung device for few days. Now, as the Epic Games has decided the game is available for all of the other Android devices to download from their official website instead of Google Play Store.

Now, this decision of Epic Games makes us go through the following reasons:

  • Epic Games doesn’t want that Google takes their 30% of in-app purchases cut for using the Google Play Store as a service.
  • Epic Games founder, Tim Sweeney, believes “competition among services gives consumers lots of great choices and enables the best to succeed based on merit.” Further, he also said that if it was possible to make the same process available for iOS, they also would have been doing that.


However, later on, it was found by Google Play investigators that Fortnite Android installer also brings dangerous security flaw in the user’s device. And according to the report, the application was able to allow the developer to install any software they want in user’s device. And that becomes even more easy for the developers when users do the check mark on ‘Allow Unknown Sources’ which breaks all the doors and gives permission to install applications even from the untrusted sources.

Image: TechCrunch

The process was pretty simple to understand for the investigators. As user download the Fornite installer from its official Epic Games’ website, the installer downloads an APK (basically its a package of Android Apps). Once it completes the download, it stores it locally and launches it after some time. The installer only checks whether the APK is right or not and that by its file name which should be “com.epicgames.fortnite”. Because the files are stored in the shared external storage say online server, an attacker could easily replace with the malicious file with the same name of “com.epicgames.fortnite” and the installer will install it.


Indeed, the well-known game developer should not try to attack their users who are eagerly waiting for this game to play on Android devices just for their selfish reasons. Please do let us know what do you think about this in the comment section.