Fortnite’s Android debut highlights a big security problem
By now, you’ve probably hit at least one headline about the wildly popular Fortnite. Just in case you haven’t, it’s an extremely popular game in the “battle royale” genre where 100 gamers are dropped (virtually) in an environment where they build, but above all fight until only one player is left. It’s cartoonish, it’s free to play, but still wildly successful thanks to developer Epic Games making a variety of cosmetic items, such as outfits and even dances available to buy as add-ons. Its wild popularity has also made it substantial tabloid fodder, in almost exactly the same way that previous popular games have been. Then again, that’s a story that’s also been told about everything from Dungeons & Dragons to Elvis Presley, so some things clearly never change.
Fortnite is pretty clearly the game of 2018, but up until now it’s not been available for users of Android phones or tablets.
That’s set to change with Fortnite heading to Android, but not quite the way you might imagine. Specifically, Epic games has stated that it won’t make Fortnite available on the Google Play app store, but instead for direct download.
Now, Epic’s reasoning behind this is largely financial. If it distributes through Google, then Google gets a cut of revenues, which are currently substantial. The same is true on the Apple side of the fence, where developers who deploy to iOS devices such as iPhones or iPads have to give a 30% cut to Apple.
Fortnite’s already available there, but Apple gives developers no real choice. If you want to deploy to an iOS device, the only reliable way for consumers to install it is through the Apple App store. There are app stores for so-called “jailbroken” devices, but they’re rather wild-west style establishments where you’re taking some genuine security risks installing anything. That’s not the route Epic Games went down, but it’s where it’s going with Android.
That’s because while Google prefers users to utilise its Google Play App environment, it doesn’t actually make it compulsory. You can install Android apps from any source you like as long as you enable the ability to install from third party sources. The first time you download any Android app (typically in .apk format) your device will warn you, and usually ask you to switch over installation for those sources. On some phones you can do so on an app-by-app basis, but for most it’s quite binary. You switch it on or off, and it stays that way until you remember to switch it off.
That’s the issue with what Epic Games is doing. You might not care about games per se, but it’s using the popularity of its app to encourage users to disable what is a pretty important security feature. There’s the risk of fake “Fortnite” apps being mis-downloaded, but also of phones where the third party app install has been enabled being compromised simply because a keen user forgot to switch it off once they’d installed Fortnite. Indeed, without leaving it disabled, it’s not assured you’d even be able to update it over time.
So what’s the takeaway value? In some ways, it’s to the credit of Google that it’s got a very open ecosystem, because it means it can’t censor or control what you do with your own hardware. At the same time, that brings with it considerable risks if you do install apps outside that precise ecosystem.
Google spends plenty of money scanning, checking and intermittently throwing out misbehaving apps on the Google Play App store, but all you’ve got to go on outside that is the word of the developers as to what it’s doing on your device. Above and beyond that, if there’s a solid reason to install a third-party app, it’s very wise to make sure that you disable the installation of other third-party apps once the installation is done.
It’s a simple lock to keep your device secure, but a very important one.