You’ll have to disable a recommended Android security setting to install Fortnite

Maximising profits is Epic Games' incentive for skipping Google Play.

You'll have to disable a recommended Android security setting to install Fortnite

The Verge has confirmed reports that Android users wanting to play the hit game “Fortnite” won’t be able to get it from the official Google Play store:

Epic Games announced today that it will not distribute its massively popular game Fortnite on Android through Google’s Play Store marketplace. Instead, the company plans to directly distribute the software to players through the official Fortnite website, where Android users can download a Fortnite Installer program to install the game on compatible devices.”

I can understand Epic Games feeling mightily miffed that Google tries to take a 30% cut from any sales in its online store, but encouraging Android users to download apps from non-official sources is not a good idea.

Fortnite is already available for the Sony PlayStation 4, Xbox One, Nintendo Switch, iPads and iPhones from their respective official online stores.

But Android offers users an easy route for getting apps from stores that have perhaps not been so careful in vetting their wares.

If you dig into your Android’s settings, you’ll find an option to install programs from “unknown sources”.

Unknown sources setting

If you enable that option, Google is good enough to display a loud warning message:

Android warning

Your phone and personal data are more vulnerable to attack by apps from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these apps.”

Interestingly, Epic Games founder Tim Sweeney tweets that things will work slightly differently if you’re one of the (small percentage) of Android users that is running the latest version of the operating system:

Tim Sweeney tweets

A “download” button is coming to Fortnite.com . On the latest Android Oreo devices, this goes directly to a download link which installs the game following user acceptance of several security prompts - no “unknown sources” involved.”

On earlier Android versions, the button goes to a page with instructions on enabling “unknown sources” followed by a download button, which only works once that’s enabled.”

I don’t know if this workaround for Android Oreo users is supposed to reassure me or not. The truth is that anything that makes it easier to install apps from unapproved sources actually makes me feel more uneasy.

Google’s policing of the official Android marketplace has often fallen short, but there is no doubt that installing apps from unofficial sources exposes your Android device to greater risks.

I’m not trying to suggest that I think it’s likely Epic Games will goof up and distribute a malicious version of their hit game.

But I do worry that some users might be so desperate to play Fortnite that they might forget to disable the “unknown sources” after installation, or that this will encourage more users to take a more laissez-faire attitude as to whether it’s wise to install apps regardless of their source in future.

And there will, inevitably, be online criminals who will try to trick Android users into thinking they are downloading the real Android edition of Fortnite, but instead installing malware.

Listen to more discussion about this topic in this episode of the “Smashing Security” podcast:

Smashing Security #90: ‘Fortnite for Android, and the FCC’s DDoS BS

Listen on Apple Podcasts | Google Podcasts | Other… | RSS for you nerds.

Tags: , , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

One Response

  1. Vog Bedrog

    August 7, 2018 at 7:59 am #

    I can’t wait for all the malware authors out there to figure out this ‘download link’ workaround, maybe even squeeze it into a drive-by…

    Thanks, mobile gaming. This is why we can’t have nice things.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.