What began as a seemingly simple bug fix has developed into an all-out feud between Fortnite publisher Epic Games and tech giant Google. The spat comes on the heels of Fortnite’s recent debut on Android platforms.
On the heels of Fortnite’s August 15 launch for Android, Google ran a seemingly routine security check on Fortnite’s installer software, which uncovered a major design flaw that could potentially allow the install process to be hijacked by spyware, malware, or other malicious programs. The Google issue tracker page can be viewed here.
10 Chrome extensions that will make your life better
Read Now ►After being made aware of the issue, Epic Games quickly issued a patch the next day, six days after the initial Android launch. Android Fortnite players need not worry; anybody who has played since the release of the patch has already had it automatically installed. However, it’s when looking at the circumstances surrounding the bug and subsequent patch that things begin to get interesting.
After releasing the patch, Epic Games requested that Google delay publication of the issue report for 90 days. This 90-day delay is standard practice for such issues, but Google released the issue report a mere 7 days after the release of the patch, seemingly ignoring Epic’s delay request entirely.
Google’s own guidelines state that “After 90 days elapse or a patch has been made broadly available, the bug report – including any comments and attachments – will become visible to the public.” Since the patch was made “broadly available,” Google is technically adhering to its own guidelines by releasing the issue report early. Google also asserts that by not offering Fortnite as a download through the secure Play Store platform, Epic would be driving users towards potentially unsafe third party downloads. Epic Games CEO Tim Sweeney had other ideas regarding the report’s abrupt release.
8 tricks to boost your security on Google Chrome
Boost your security now ►Despite releasing Fortnite on Android, Epic Games made the well-publicized decision to circumvent Google’s Play Store. Not offering the game on the Play Store was a very public snub to Google’s omnipresent Android market. Sweeney was candid about the reasoning behind the decision, stating directly that he didn’t want to pay Google the 30% cut it requires of all apps being offered on the Play Store. You can download the game safely through Softonic:
Sweeney stated “The developer pays all the costs of developing the game, operating it, marketing it, acquiring users and everything else. We’re trying to make our software available to users in as economically efficient a way as possible. That means distributing the software directly to them, taking payment through Mastercard, Visa, Paypal, and other options, and not having a store take 30 percent.”
With Fortnite raking in billions of dollars worldwide, the decision likely cost Google a significant amount of potential revenue. Sweeney asserts that his decision to circumvent the Play Store was what drove Google to both seek out the security flaw and release the issue report early. He implied as much in a series of tweets earlier this week, chastising Google for the decision.
Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update.
The only irresponsible thing here is Google’s rapid public release of technical details.
— Tim Sweeney (@TimSweeneyEpic) August 25, 2018
Wouldn’t it be safer to disclose the technical details of vulnerabilities based on adoption rate of updates rather than mere availability?
Of course the PR about the existence of a vulnerability and importance of updating could go ahead without disclosing the technical details.
— Tim Sweeney (@TimSweeneyEpic) August 27, 2018
Case in point: This sort of policy would be disastrous if Google applied it to to security flaws they discovered in their own software, given the Google/IHV/carrier bottlenecks in pushing Android OS updates.
— Tim Sweeney (@TimSweeneyEpic) August 27, 2018
The exchange has led to egg on the face of both parties, and Sweeney’s response could potentially be interpreted as lashing out to direct attention away from what was undeniably an extremely dangerous security flaw– one that existed undetected for several days before being patched. Sweeney asserts that the decision was Google’s public revenge, while Google asserts that it was simply due diligence. It’s become a very public feud, and one that is still developing. It seems likely that the rift between Epic Games and Google won’t be closing any time soon.