Fortnite: Stupid, greedy and dangerous

“Fortnite Battle Royale” is currently the most popular video game in the world. And it’s well on its way to becoming the most dangerous video game in the world. 125 million people are already playing the cutest and most colorful shooter of all time, who gets by without blood, corpses and excessive violence.

Although the game is free on all platforms, Epic Games is said to have generated since the launch in September 2017 already 1.2 billion dollars (1 billion euros) of sales – only through in-app purchases, with which the players new clothes You can add tools or cool dances (“emotes”) for your figures.

So far, Fortnite has caused a stir mainly because of its tremendous popularity. Parents are annoyed because they can not get their kids off the PlayStation 4 or Nintendo’s switch console. And teachers complain that schools’ Wi-Fi networks are collapsing because kids are secretly gambling on Fortnite in the classroom on the iPhone. But now it’s over with funny, because the cult game has a massive security problem. LEAD answers the most important questions.

Where does the fortnite problem come from?

So far, the game was in which 100 participants are thrown over an island and there fight against each other, until only one remains, without major security flaws on PS4, Xbox One, Switch, PC and Mac and since April also on iPhone and iPad. But an extremely important platform was still missing: smartphones and tablets with Google’s Android operating system. Because there are so many different devices and software versions on Android, Epic took several months to implement the title, which the business magazine “Forbes” considers the “most important mobile game of all time”.

display

But now the Android Fortnite is at least already available as a beta, for the time being only by invitation. And because Epic does not want to pay the usual 30 percent commission for in-app purchases to Google, it sells the app itself, tearing up a security hole that’s so huge that the magazine Android Central demands, “Stop yours Nonsense! Epic Games’ strategy for the Android version of Fortnite is stupid, greedy and dangerous, and it’s the worst possible idea for the worst possible reasons. “

2 Fortnite Beta
The beta for Android is here! On the Epic website, everything still looks colorful and harmless (Image: Epic Games)

How does Fortnite work on Android?

The manufacturer from North Carolina on the US East Coast offers the beta of Fortnite – and presumably all future versions – not in the usual and official way, so the Google Play Store. Epic boss Tim Sweeney makes no secret of his motives: “We want to avoid the 30 percent ‘store tax’ and do not think intermediaries like Google necessary anymore, which is a bad deal for us.”

Instead, Android users can download the installer as a so-called APK file (Android Package Kit) directly from the Epic server. This installer then triggers the download of the actual game on the smartphone or tablet. Epic bypasses the Play Store, retaining 100 percent of the revenue from in-app purchases that cost between $ 10.99 and $ 109.99 – not just 70 percent. TechCrunch magazine estimates that the game maker will spend $ 54 million (€ 46.5 million) more in the first year alone than the Google Play Store download.

Why is that dangerous?

Android is generally designed so that downloading from the Play Store is the standard way to get apps on the device. The user selects an app, loads it, installs it and launches it – this process is learned and relatively safe. In contrast to iOS, the more open Android system also allows downloading from other sources, for example directly from the server of the game manufacturer. This option makes Epic’s “tax-saving maneuver” possible in the first place. In order for the smartphone or tablet to allow such downloads, in all versions prior to Android 8 – currently around 88 percent of all devices – in the settings, the software installation of “apps from unknown sources” must be allowed.

And here begin the problems. If the often very young Fortnite fans forget to take this permission back after installing the app, the device is then hardly protected from malware. Because using APKs is considered one of Android’s biggest security issues, experts generally advise against installing such programs. In addition, permission to install must be re-issued and retracted for each of the frequent Fortnite updates. With millions of Fortnite downloads expected, it will not be long before hackers try to exploit this hole.

And if the example of Epic makes school, and other manufacturers of successful apps try to save the 30 percent, Android faces a huge security problem.

5 fortnites
Fortnite by Epic Games (Image: Epic Games)

Which risks still exist?

Once a user loads apps outside of the Play Store, there’s a greater risk that they will continue to use such often dubious sources – or get into one of the virus-infested Fortnite clones that are already circulating the web.

Epic’s policy of distributing the Android Beta for now by invitation only, also ensures that users without an invitation get impatient, and on questionable sites looking for the download. Another problem: In the official Play Store credit card purchases are secured by Google, for external downloads is not the case. If children “accidentally” buy the Fortnite currency “V-Bucks”, there is no protection for the Android version. Epic boss Sweeney puts the responsibility on the users, who must take care that they “loaded the app from a safe source”. The conclusion of the experts from Android Central: “Selling this game outside of the Google Play Store is dangerous, and the fact that Epic Games is only doing it to get a few more pennies from its customers makes it all the worse.

Has it already come to attacks?

No one knows that at the moment. The only thing that is certain is that even in the first Fortnite installer for Android, which Epic provided, Google has found a massive security problem. That became known on the 24th of August. The gap made it possible – at least in theory – that after the installation of the installer, a manipulated app “spends” itself as a Fortnite. For this it sufficed that the app is called “com.epicgames.fortnite”. Such a fake app could then control the entire smartphone or tablet, including camera, microphone and GPS tracking.

Epic has immediately closed the gap with the new version 2.1 after being known – and complained about the “irresponsibility” with which Google made the problem public as quickly as it was enjoyable. Android Central is angry: “The very first day has happened exactly what we expected.” Whether hackers have already exploited the gap, is currently unknown – but they are likely to get even more options.

Is the problem also on iPhone and iPad?

No, because unlike Google on Android, Apple does not allow iOS to download anything from any source other than its App Store. Exceptions are hacked devices with a so-called “jailbreak”. But this once widespread phenomenon hardly plays a role in practice today. Because the App Store is the only distribution channel, Epic must grudgingly accept Apple’s 30 percent commission on the iOS version of Fortnite Battle Royale. Therefore, this Fortnite version so far no security problems have become known.

What should Fortnite fans and parents do now?

If you have access to a version other than the Android Fortnite, you should be able to play on these devices whose distribution channels are considered safe. Until the situation has resolved in the Android version, which is currently still struggling with many problems in performance and control, a download is not recommended. And in the future, too, it can happen at any time that a malicious website promotes the Android version of “Fortnite Battle Royale” – and offers malware under this name.

As long as Epic does not give in and still offers the cult game in the Play Store, the happy motto from the trailer for the Android version “Today’s gonna be great, is gonna be a good day” for the balance of manufacturer Epic – but certainly not for the user

Leave a Reply

Your email address will not be published. Required fields are marked *