First Version Of Fortnite Installer Had Security Issues


Epic Games distributes its popular Fortnite Battle Royale game in mobile form via its own installer, and it has come to light that the initial version of this installer had no real security checks in place as to what it was installing, so a savvy app or hack with the right permissions could hijack that process to install whatever it wanted. It boils down to the fact that permissions are a bit different between installing and moving files on the internal and external storage of a device. The bug was fixed in an update to the installer a little while ago. If you have installed the game, even if you used Galaxy Apps, you may have been the victim of a drive-by download. Update the installer if you haven't already, and if you installed the game before the installer updated, consider a factory reset of your device.

Fortnite's first installer was made to fetch files from the external storage, and in that domain, it would have been all too easy for any app with the same permission to put a decoy APK file where the Fortnite installer looks for the Fortnite game APK. The Fortnite installer version distributed through Samsung's Galaxy Apps store adds in a file name check, but that's extremely easy to spoof. Essentially, because external storage permissions allow apps to write anything they want to any part of external storage, a malicious app could easily monitor a device's processes using the permissions it was granted at install, then figure out when the Fortnite installer is running and inject its own APK file instead of the game. Epic fixed the issue by disabling the installer's ability to install the game onto external storage, a move that may irk users whose devices have limited internal space supplemented by a larger MicroSD card.

This is not the first time that Fortnite has been involved in controversy in the mobile gaming world by any stretch. The game skipped the Play Store altogether in order to avoid handing over 30% of in-game profits to Google, a move that actually made this exploit possible. The Google Play Store has strict security requirements that make it harder for malicious apps to get the resources and privileges they want, even if some slip through from time to time.

Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments