You’ll have to disable a recommended Android security setting to install Fortnite

Graham Cluley

You'll have to disable a recommended Android security setting to install Fortnite

You'll have to disable a recommended Android security setting to install Fortnite

The Verge has confirmed reports that Android users wanting to play the hit game “Fortnite” won’t be able to get it from the official Google Play store:

“Epic Games announced today that it will not distribute its massively popular game Fortnite on Android through Google’s Play Store marketplace. Instead, the company plans to directly distribute the software to players through the official Fortnite website, where Android users can download a Fortnite Installer program to install the game on compatible devices.”

I can understand Epic Games feeling mightily miffed that Google tries to take a 30% cut from any sales in its online store, but encouraging Android users to download apps from non-official sources is not a good idea.

Fortnite is already available for the Sony PlayStation 4, Xbox One, Nintendo Switch, iPads and iPhones from their respective official online stores.

But Android offers users an easy route for getting apps from stores that have perhaps not been so careful in vetting their wares.

If you dig into your Android’s settings, you’ll find an option to install programs from “unknown sources”.

Unknown sources setting

If you enable that option, Google is good enough to display a loud warning message:

Android warning

“Your phone and personal data are more vulnerable to attack by apps from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these apps.”

Interestingly, Epic Games founder Tim Sweeney tweets that things will work slightly differently if you’re one of the (small percentage) of Android users that is running the latest version of the operating system:

Tim Sweeney tweets

“A “download” button is coming to Fortnite.com . On the latest Android Oreo devices, this goes directly to a download link which installs the game following user acceptance of several security prompts – no “unknown sources” involved.”

“On earlier Android versions, the button goes to a page with instructions on enabling “unknown sources” followed by a download button, which only works once that’s enabled.”

I don’t know if this workaround for Android Oreo users is supposed to reassure me or not. The truth is that anything that makes it easier to install apps from unapproved sources actually makes me feel more uneasy.

Google’s policing of the official Android marketplace has often fallen short, but there is no doubt that installing apps from unofficial sources exposes your Android device to greater risks.

I’m not trying to suggest that I think it’s likely Epic Games will goof up and distribute a malicious version of their hit game.

But I do worry that some users might be so desperate to play Fortnite that they might forget to disable the “unknown sources” after installation, or that this will encourage more users to take a more laissez-faire attitude as to whether it’s wise to install apps regardless of their source in future.

And there will, inevitably, be online criminals who will try to trick Android users into thinking they are downloading the real Android edition of Fortnite, but instead installing malware.

Listen to more discussion about this topic in this episode of the “Smashing Security” podcast:

Smashing Security #90: 'Fortnite for Android, and the FCC's DDoS BS'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “You’ll have to disable a recommended Android security setting to install Fortnite”

  1. I can't wait for all the malware authors out there to figure out this 'download link' workaround, maybe even squeeze it into a drive-by…

    Thanks, mobile gaming. This is why we can't have nice things.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.