Epic made waves when it announced that it will be releasing the mega popular Fortnite: Battle Royale Android version through its own launcher, ditching the Google Play Store. The launch would have been a success had it not been for the revelation that there was a serious security vulnerability in the Fortnite Android launcher that has since been patched. But it turns out Epic boss Tim Sweeney isn't too happy with the way Google revealed information about the security vulnerability.
It began last Friday when Google published a report regarding the Fortnite launcher for Android. Google's security team discovered a vulnerability in the launcher that could potentially allow unauthorized third-parties install apps to Android phones through the Fortnite launcher, without needing permission.
Epic decided to release a launcher instead of releasing Fortnite Battle Royale directly on the Google Play Store to avoid paying the 30 percent fee to Google on in-game purchases. A move Epic defends as necessary since Google's store tax cuts into funds that could be used towards development.
Google disclosed to Epic the vulnerability on August 15 and has a policy to publicly disclose vulnerabilities seven days after the initial disclosure, so users can patch their apps in time. Epic however apparently wanted 90 days before Google publicly disclosed the vulnerability and called Google's decision "irresponsible."
In a series of tweets, Epic boss Tim Sweeney wrote, "We asked Google to hold the disclosure until the update was more widely installed. They refused, creating an unnecessary risk for Android users in order to score cheap PR points."
We asked Google to hold the disclosure until the update was more widely installed. They refused, creating an unnecessary risk for Android users in order to score cheap PR points.— Tim Sweeney (@TimSweeneyEpic) August 25, 2018
Sweeney argues that since the launcher only updates when users run the launcher or game, 90 days is a bigger window for users to have a chance to open the launcher and have their software updated. With a smaller window, it becomes more vulnerable to hackers who learned about the hack through Google's public statement.
Fortnite has encountered problems with potential hacks before. Due to its large and young playerbase, Fortnite is often the lure used for scams, and Epic accounts are quite vulnerable to hacks. So much so Epic recently rewarded players for two-factor authenticating their Epic accounts with a free emote.