Android Users Face ‘Epic’ Security Threats After Exclusive Fortnite Release

Fortnite, the hugely popular online video game, recently confirmed rumours that it would be made available to Android device users, but with a catch. Already available on desktop, Playstation 4, Xbox One, Nintendo Switch and recently iOS, the free-to-play Battle Royale game will not be made available for players to download via the official Google Play Store but rather the website of the game’s developer, Epic Games. This decision has raised numerous concerns regarding the security implications that this will have on Android devices. Furthermore, there is talk of the impact it could have on the distribution of other apps and games in the future.

Fortnite

Fortnite Battle Royale is the latest game developed by Epic Games which allows up to 100 players at a time to battle each other online in order to be crowned last one standing. Since its release in 2017, the game has drawn in over 125 million users worldwide and reportedly earned over $126 million in revenue in February of this year alone. The game is currently free to download and play on all platforms, with all revenue coming from the in-app purchase of ‘V-bucks’, the in-game currency that can be used to buy character outfits, tools or weapons to enhance performance and gaming experience.

It was recently announced that Fortnite would be made available exclusively to Samsung users for a limited time before being released to all Android users. However, it would not be through the Google Play Store, as expected. Instead, Android users will have to go to Epic Games’ official website, sideload an APK (Android Package File) onto their device and then install the Fortnite app. To allow the installation of this software, the user must enable the ‘Unknown Sources’ setting on their Android device.

It is this setting that raises concerns for security experts regarding the safety of mobile devices. Tim Sweeney, CEO of Epic Games, has explained the two reasons why they have decided not to use Google Play. He claims the main reason is the company’s desire to have a “direct relationship with [their] customers on all platforms…now that physical storefronts and middlemen distributors are no longer required.”

However, it seems that the actual reason for the change is much more financially motivated. Currently, both Apple and Google charge a 30% ‘store tax’ for all apps downloaded from their respective stores, but Sweeney believes that this fee is “disproportionate to the cost of the services these stores perform, such as payment processing, download bandwidth, and customer service.” Bypassing the Google Play Store will therefore allow Epic Games to retain one hundred percent of the revenue they earn from in-app purchases, even at the cost of the security of customers.

Security Risks

Following the announcement of Epic’s plans, there have been numerous concerns expressed by security experts regarding the safety of Android devices, as side-loading software onto a device can be an extremely dangerous practice. APKs and apps can come from any source and be posted by anyone. This  makes it easy to side-load malicious apps or software onto a device. Unlike Apple devices which do not allow the download of apps from third-party sites without jail-breaking the phone, Android devices can easily be taken advantage of by fake apps or websites created to look like official Fortnite products that then install malware onto the device or attempt to steal user data.

‘Unknown Sources’ setting

Enabling the ‘Unknown Sources’ setting on Android devices could also have severe consequences for users as it will open up the device to malicious apps that could be downloaded or installed without their knowledge. The main concern is that Fortnite players, may forget to change the setting back after the initial download. There is also the issue of how game updates, usually handled by the Play Store, will be installed. In response to this concern, Epic Games says it believes their users are “savvy enough to use the third party applications download feature safely.”  

Implications for Play Store

Epic’s decision to bypass the Play Store may also have significant repercussions on the future of the Play Store. It is estimated that Google will lose over $50 million in platform fees this year as a result of the move and depending on the success of this strategy, may see even greater losses as other popular games and apps follow suit. Most apps depend on the official App and Play Stores in order to reach potential users. However, if Epic succeed in distributing the game independently and users accept this new method of side-loading APKs, other game developers may decide that sacrificing potential customers and their security is worth retaining the 30% revenue that Google would otherwise claim.

Implications for business

Epic’s decision to independently distribute Fortnite and the security threats it could bring could have serious implications for organizations, as employees increasingly use mobile devices for business as well as personal matters. Fans of Fortnite, or people with young children who play the game, could put their Android device and any corporate data contained on the device in danger should they decide to side-load the app. Failing to disable the ‘Unknown Sources’ could result in the download of malicious apps or software on the device. The employee may not become aware of before it is too late.

To prevent a situation like this, in the case of desktop devices, many companies install anti-virus software. Another approach is limiting employee access to certain sites and downloads. Generally, employees understand that work laptops or desktop computers are specifically for work purposes. Therefore, they accept restrictions and security controls that could interfere with the employee’s freedom. However, when it comes to mobile devices, employees tend to have a different set of expectations. As inherently personal devices, mobile phones generally have no physical indication of being a corporate tool. Therefore, employees are less inclined to permit the enforcement of access restrictions, especially while outside of the office.

To protect employee devices, companies may not be able to simply block access to Epic Games’ website. There also may be legitimate reasons that employees may need to enable the ‘Unknown Sources’ setting of their phone preventing organizations from outright blocking this action on all mobile devices. Companies need a solution that gives employees download freedom but still provides protection from potential threats.

Corrata’s solution

Corrata’s Internet Security solution permits the side-loading of legitimate apps from third party sources. However, it blocks and alerts the user of any malicious material that attempts to gain access to the device. Android users can enable their ‘Unknown Sources’ setting to download Fortnite and any other apps they may require from third-party sources and continue using their mobile device as they please, however with Corrata, the organization can also have peace of mind that the device and the sensitive data it may hold will be protected. So although Fortnite’s release may not have such dire effects for players as initially thought, it may just signal the end of the game for the Google Play Store as we know it.

To find out more, visit www.corrata.com or email us at info@corrata.com.