Fortnite, the hugely popular online video game, recently confirmed rumours that it would be made available to Android device users, but with a catch. Already available on desktop, Playstation 4, Xbox One, Nintendo Switch and recently iOS, the free-to-play Battle Royale game will not be made available for players to download via the official Google Play Store but rather the website of the game’s developer, Epic Games. This decision has raised numerous concerns regarding the security implications that this will have on Android devices and the impact it could have on the distribution of other apps and games in the future.
Fortnite Battle Royale is the latest game developed by Epic Games which allows up to 100 players at a time to battle each other online in order to be crowned last one standing. Since its release in 2017, the game has drawn in over 125 million users worldwide and reportedly earned over $126 million in revenue in February of this year alone. The game is currently free to download and play on all platforms, with all revenue coming from the in-app purchase of ‘V-bucks’, the in-game currency that can be used to buy character outfits, tools or weapons to enhance performance and gaming experience.
It was recently announced that Fortnite would be made available exclusively to Samsung users for a limited time before being released to all Android users, however not through the Google Play Store as expected. Instead, Android users will have to go to Epic Games’ official website, sideload an APK (Android Package File) onto their device and then install the Fortnite app. In order to allow the installation of this software, as downloaded from a source other than the Play Store, the user will then have to enable the ‘Unknown Sources’ setting on their Android device. It is this setting that raises concerns for security experts regarding the safety of mobile devices. Tim Sweeney, CEO of Epic Games, has explained the two reasons why the company have decided not to follow the usual app distribution route via Google Play, and instead require direct downloads from their website. He claims the main reason is the company’s desire to have a “direct relationship with [their] customers on all platforms…now that physical storefronts and middlemen distributors are no longer required.” However, it seems that the actual reason for the change is much more financially motivated. Currently, both Apple and Google charge a 30% ‘store tax’ for all apps downloaded from their respective stores, but Sweeney believes that this fee is “disproportionate to the cost of the services these stores perform, such as payment processing, download bandwidth, and customer service.” Bypassing the Google Play Store will therefore allow Epic Games to retain one hundred percent of the revenue they earn from in-app purchases, even at the cost of the security of customers.
Following the announcement of Epic’s plans, there have been numerous concerns expressed by security experts regarding the safety of Android devices, as side-loading software onto a device can be an extremely dangerous practice. APKs and apps can come from any source and be posted by anyone, which makes it easy to side-load malicious apps or software onto a device. Unlike Apple devices which do not allow the download of apps from third-party sites without jail-breaking the phone, Android devices can easily be taken advantage of by fake apps or websites created to look like official Fortnite products that then install malware onto the device or attempt to steal user data.
Enabling the ‘Unknown Sources’ setting on Android devices could also have severe consequences for users as it will open up the device to malicious apps that could be downloaded or installed without their knowledge. The main concern in this instance is that Fortnite players, many of whom are young children or teenagers, may forget or may not know to change the setting back after the initial download. There is also the issue of how game updates, usually handled by the Play Store, will be installed and whether this will require the permanent enablement of the the ‘Unknown Sources’ setting. However in response to this concern, Epic Games says it believes their users are “savvy enough to use the third party applications download feature safely.”
Epic’s decision to bypass the Play Store may also have significant repercussions on the future of the Play Store as a whole. It is estimated that Google will lose over $50 million in platform fees this year as a result of the move and depending on the success of this strategy, may see even greater losses as other popular games and apps follow suit. Most apps depend on the official App and Play Stores in order to reach potential users, however if Epic succeed in distributing the game independently and users accept this new method of side-loading APKs, other game developers may decide that sacrificing potential customers and their security is worth retaining the 30% revenue that Google would otherwise claim.
Implications for business
Epic’s decision to independently distribute Fortnite and the security threats it could bring could have serious implications for organizations, as employees increasingly use mobile devices for business as well as personal matters. Fans of Fortnite, or people with young children who play the game, could put their Android device and any corporate data contained on the device in danger should they decide to side-load the app. Enabling the ‘Unknown Sources’ setting and failing to disable it again could result in the download of malicious apps or software on the device that the employee may not become aware of before it is too late.
To prevent a situation like this, in the case of desktop devices, many companies install anti-virus software or limit employee access to certain sites and downloads. Generally employees understand that work laptops or desktop computers are specifically for work purposes and will therefore have restrictions and security controls that could interfere with the employee’s freedom. However when it comes to mobile devices, employees tend to have a different set of expectations. As inherently personal devices, mobile phones generally have no physical indication of being a corporate tool and therefore employees are less inclined to permit the enforcement of access restrictions, especially while outside of the office. Therefore to protect employee devices, companies may not be able to simply block access to Epic Games’ website or prohibit the sideloading of apps. There also may be legitimate reasons that employees may need to enable the ‘Unknown Sources’ setting of their phone preventing organizations from outright blocking this action on all mobile devices. Companies need a solution that allows employees their freedom to download and access materials as they please but still provides protection from potential threats.
Corrata’s Internet Security solution permits the side-loading of legitimate apps from third party sources but blocks and alerts the user of any malicious material that attempts to gain access to the device. Android users can enable their ‘Unknown Sources’ setting to download Fortnite and any other apps they may require from third-party sources and continue using their mobile device as they please, however with Corrata, the organization can also have peace of mind that the device and the sensitive data it may hold will be protected. So although Fortnite’s release may not have such dire effects for players as initially thought, it may just signal the end of the game for the Google Play Store as we know it.
To find out more about how Corrata’s solution could help protect your organization’s mobile devices from side-loading, malicious downloads, and other security threats visit www.corrata.com or email us at firstname.lastname@example.org.