Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic’s first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background, including apps with full permissions granted, without the user’s knowledge. Google’s security team first disclosed the vulnerability privately to Epic Games on August 15, and has since released the information publicly following confirmation from Epic that the vulnerability was patched.
In short, this was exactly the kind of exploit that Android Central, and others, had feared would occur with this sort of installation system.
Everybody rang the alarm bells about Epic distributing its Fortnite game outside of the Play Store, asking users to enable installation from untrusted sources, and here we are – the warnings were justified. Incredible.
Don’t install this garbage unless you know what you’re doing. It’s clear Epic cares more about its bottom line than its – often very young – players.