Timesdelhi.com

October 19, 2018
Category archive

fortnite

Fortnite’s Android installer shipped with an Epic security flaw

in Android/Apps/Delhi/epic games/fortnite/Gaming/Google/India/mobile/Politics/Security by

Google has clapped back in tremendous fashion at Epic Games, which earlier this month decided to make the phenomenally popular Fortnite available for Android via its own website instead of Google’s Play Store. Unfortunately, the installer had a phenomenally dangerous security flaw in it that would allow a malicious actor to essentially install any software they wanted. Google wasted exactly zero time pointing out this egregious mistake.

By way of a short explanation why this was even happening, Epic explained when it announced its plan that it would be good to have “competition among software sources on Android,” and that the best would “succeed based on merit.” Everyone of course understood that what he meant was that Epic didn’t want to share the revenue from its cash cow with Google, which takes 30 percent of in-app purchases.

Many warned that this was a security risk for several reasons, for example that users would have to enable app installations from unknown sources — something most users have no reason to do. And the Play Store has other protections and features, visible and otherwise, that are useful for users.

Google, understandably, was not amused with Epic’s play, which no doubt played a part in the decision to scrutinize the download and installation process — though I’m sure the safety of its users was also a motivating factor. And wouldn’t you know it, they found a whopper right off the bat.

In a thread posted a week after the Fortnite downloader went live, a Google engineer by the name of Edward explained that the installer basically would allow an attacker to install anything they want using it.

The Fortnite installer basically downloads an APK (the package for Android apps), stores it locally, then launches it. But because it was stored on shared external storage, a bad guy could swap in a new file for it to launch, in what’s called a “man in the disk” attack.

And because the installer only checked that the name of the APK is right, as long as the attacker’s file is called “com.epicgames.fortnite,” it would be installed! Silently, and with lots of extra permissions too, if they want, because of how the unknown sources installation policies work. Not good!

Edward pointed out this could be fixed easily and in a magnificently low-key bit of shade-throwing helpfully linked to a page on the Android developer site outlining the basic feature Epic should have used.

To Epic’s credit, its engineers jumped on the problem immediately and had a fix in the works by that very afternoon and deployed by the next one. Epic InfoSec then requested Google to wait 90 days before publishing the information.

As you can see, Google was not feeling generous. One week later (that’s today) and the flaw has been published on the Google Issue Tracker site in all its… well, not glory exactly. Really, the opposite of glory. This seems to have been Google’s way of warning any would-be Play Store mutineers that they would not be given gentle handling.

Epic Games CEO Tim Sweeney was likewise unamused. In a comment provided to Android Central — which, by the way, predicted that this exact thing would happen — he took the company to task for its “irresponsible” decision to “endanger users.”

Epic genuinely appreciated Google’s effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered.

However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.

An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused. You can read it all at https://issuetracker.google.com/issues/112630336

Google’s security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic’s distribution of Fortnite outside of Google Play.

Indeed, companies really should try not to endanger their users for selfish reasons.

News Source = techcrunch.com

Google will lose $50 million or more in 2018 from Fortnite bypassing the Play Store

in Android/android apps/Android games/Apps/Delhi/epic games/fortnite/games/Gaming/India/mobile/play store/Politics/sensor tower by

When Fortnite Battle Royale launched on Android, it made an unusual choice: it bypassed Google Play in favor of offering the game directly from Epic Games’ own website. Most apps and games don’t have the luxury of making this choice – the built-in distribution Google Play offers is critical to their business. But Epic Games believes its game is popular enough and has a strong enough draw to bring players to its website for the Android download instead. In the process, it’s costing Google around $50 million this year in platform fees, according to a new report.

As of its Android launch date, Fortnite had grossed over $180 million on iOS devices, where it had been exclusively available since launching as an invite-only beta on March 15th, before later expanding to all App Store customers.

According to data from app store intelligence firm Sensor Tower, the game has earned Apple more than $54 million thanks to its 30 percent cut of all the in-app spending that takes place on apps distributed in its store.

That’s money Epic Games isn’t apparently willing to give up to Google, when there’s another way.

Unlike Apple, which only allows apps to be downloaded from its own storefront, Google’s platform is more open. There’s a way to adjust an Android device’s settings to download apps and games from anywhere on the web. Of course, by doing so, users are exposed to more security risks, malware infections, and other malicious attacks.

For those reasons, security researchers are saying that Epic Games’ decision sets a dangerous precedent by encouraging people to remove the default security protections from their devices. They’re also concerned that users who look for the game on Google Play could be fooled into downloading suspicious copycat apps that may be trying to take advantage of Fortnite’s absence to scam mobile users.

Google seems to be worried about that, too.

For the first time ever, the company is informing Google Play users that a game is not available for download.

Now, when users search for things like “Fortnite” or “Fortnite Battle Royale,” Google Play will respond that the app is “not available on Google Play.” (One has to wonder if Google’s misspelling of “Royale” as “Royal” in its message was a little eff u to the gamemakers, or just a bit of incompetence.)

In any event, it’s an unusual response on Google’s part – and one it can believably claim was done to serve users as well as protect them from any potential scam apps.

However, the message could lead to some pressure on Epic Games, too. It could encourage consumer complaints from those who want to more easily (or more safely) download the game, as well as from those who don’t understand there’s an alternative method or are confused about how that method works.

In addition, Google is serving up the also hugely popular PUBG Mobile at the top of Fortnite search results followed by other games. In doing so, it’s sending users to another game that can easily eat up users’ time and attention.

For Google, the move by Epic Games is likely troubling, as it could prompt other large games to do the same. While one odd move by Epic Games won’t be a make or break situation for Google Play revenue (which always lags iOS), if it became the norm, Google’s losses could climb.

At present, Google is missing out on millions that will now go directly to the game publisher itself.

Over the rest of 2018, Sensor Tower believes Fortnite will have gained at least $50 million in revenues that would otherwise have been paid out to Google.

The firm expects that when Fortnite rolls out to all supported Android devices, its launch revenue on the platform will closely resemble the first several months of Apple App Store player spending.

It may even surpass it, given the game’s popularity continues growing and the standalone download allows it to reach players in countries where Google Play isn’t available.

Meanwhile, there have been concerns that the download makes it more difficult on users with older Android devices to access the game, because the process for sideloading apps isn’t as straightforward. But Sensor Tower says this will not have a large enough impact to affect Fortnite’s revenue potential in the long run.

 

News Source = techcrunch.com

Google isn’t sure how to spell “Fortnite Battle Royale”

in Android/Apps/Delhi/fortnite/Gaming/Google/India/Politics/Startups/TC by

The launch of Fortnite Battle Royale has left Google in a slight predicament. While Google is in no way hard up for cash, Fortnite Battle Royale for Android certainly represented the potential for a relatively big revenue stream for an app. That is, until Epic Games decided it would launch Fortnite for Android from its own website, circumventing the Play Store.

But revenue aside, there’s also the matter of Google probably not liking the idea of huge titles circumventing the Play Store as a precedent. Plus, the lack of Fortnite Battle Royale within the Play Store poses a slight security risk to users, as there are quite a few V-bucks scams and malicious clones looking to capitalize on the popularity of Fortnite.

That’s why the Google Play store now displays a message to users in response to searches for “Fortnite,” “Fortnite Battle Royale,” and other similar search queries.

“Fortnite Battle Royal by Epic Games, Inc is not available on Google Play,” reads the message.

That’s right. Google mispelled the “Royale” in Battle Royale. It was likely an honest mistake, but given the fact that Epic Games is making upwards of $300 million in revenue a month, which Google is not getting a cut of, it makes for some fun back-and-forth for us spectators.

Google lists PUBG Mobile, Fortnite’s biggest competitor, at the top of all Fortnite Battle Royale queries, but doesn’t include anything in its message around how to actually find the real Fortnite Battle Royale for Android .

While Google Play’s app review process should catch the vast majority of malicious clones, the message is at least moderately helpful for folks hearing about the Android version of Battle Royale without knowing the details around Epic’s launcher.

For what it’s worth, Fortnite for Android isn’t yet available to everyone. The game launched yesterday as a Samsung exclusive for folks with a Galaxy S 7 or higher, and will become available to all Android phone owners on August 12.

[via 9to5Google]

News Source = techcrunch.com

Fornite for Android launches as a Samsung Galaxy exclusive today

in Delhi/epic games/fortnite/Gaming/India/Politics/Samsung/TC by

It’s true, Fortnite is coming to Android this summer. We’ve known that for sure since May. There is, however, one key caveat (aside from that whole no Google Play bit): The obscenely popular sandbox survival game will launch on Google’s mobile OS as a Samsung exclusive.

The Epic title will be available for Galaxy users with an S7 or higher (Note 9,  S9, Note 8, S8, S7,S7 Edge). Those with a Galaxy Tab S4 and S3 will get a crack it it, as well).  That, naturally, includes the new Note 9, which the company is positioning as something of a mobile gaming powerhouse.

The specs are certainly impressive, and the 6.4-inch screen should lend itself well to portable gaming. There’s also a new Water Carbon Cooling system on board, to help keep the handset from overheating from more resource-intensive tasks. The new tech improves the liquid cooling system the company has had on-board its Galaxy devices since the S7.

Starting today, the title will appear on Galaxy devices’ game launcher, remaining an Android exclusive until the 12th — at which point, one imagines, it will become more widely available for the rest of Android users. As with the rest of the versions of the title (the PS4’s issues aside), the game will support multi-platform crossplay. 

To celebrate the deal, those who pre-order the Note 9 will be able to choose between free AKG noise cancelling headphones or a device with a 15,000 V-bucks — the in-game equivalent to to $150 of our regular people dollars. All Note 9 and Tab S4 users will also get access to a Fortnite Galaxy skin (see: above), which is unique to those devices. 

News Source = techcrunch.com

Epic hid an Easter egg in Fortnite to acknowledge the game’s greatest failed rescue

in Delhi/epic/fortnite/India/Politics/TC by

For being in charge of what is probably the biggest game in the world right now and all the responsibilities that come with that, Epic is proving itself quite capable of changing things up on the fly.

Case in point: last week, a video went viral showing one player making a valiant effort to save another player — a competitor, no less! — who had found themselves in a more or less inescapable section of the map… only to have things go wonderfully, hilariously wrong at the last second. Today, a tombstone marking the mishap appeared in game.

Here’s the video of the original rescue mission, as streamed by would-be hero Muselk (wait for the end):

The whole thing is like an unintentional lesson in comedic timing.

Today, this tombstone showed up in the same location for anyone who dare wander down there themselves:

(Photo via redditor StoreBrandEnigma)

For those unfamiliar with the game’s mechanics: Fortnite lets you build structures to defend your position or reach new heights… assuming you’ve scrounged up enough materials (wood, brick, or metal.) Muselk had enough materials to reach the stranded player… only to hit the build limit (the outer-most regions of the map where building is disabled) with the rescue target just out of reach. Thats where things go extra wrong.

It’s just a cute little nod, sure — but it shows just how damned agile Epic has gotten at making changes to this game. They add a new gun and it seems to be throwing off the game’s balance? It’s gone. Glitches discovered in a new map element? They’re patched. A video blows up demonstrating a hilarious outcome all set in motion by seemingly inconsequential design decisions? Bam, it’s memorialized in game within days.

The best part: if you go down there to check out the tombstone out… you might not make it out alive yourself.

News Source = techcrunch.com

Go to Top