Experts have discovered a serious hazard in Fortnite for Android

2

Специалисты обнаружили серьезную опасность в Fortnite для AndroidEpic Games released the game to bypass the Google Play.

In early August, popular shooter Fortnite still made it to Android devices, but the company Epic Games decided not to share the profit with Google, and therefore released the game to bypass the Google Play. To access it users had to download a special installer program, which, as it turned out, included a critical vulnerability.

To bypass Google Play Fortnite authors had to create their own app-loader which performs the downloading and installation of games. This decision immediately caused users concern, but Epic Games has assured the reliability of this approach.

However, the developer of Google said that any app with permission SYSTEM_ALERT_WINDOW is able to replace the APK immediately after downloading and verifying a fingerprint that is easy to implement using the FileObserver. Therefore, Fortnite, the installer will continue the installation of fake the APK file instead of the game.

On Samsung devices Fortnite Installer automatically installs the APK using private API’s Galaxy Apps store. These APIs check that you have installed the APK has a package name of com.epicgames.fortnite. Consequently, thus can be installed and fake APK with the appropriate name – said the developer of Google.

In addition, if fake APK-file is specified targetSdkVersion 22 or below, he will automatically be granted all the permission requests during installation as if it was a game Fortnite. Which means attackers could obtain access to all data on the device.

Fortunately, the vulnerability was only present in the first version of Fortnite Installer, after which Epic Games with Google quickly releasing an update to fix a flaw. If you have the first version of Fortnite Installer, it is necessary to remove it or urgently update.

LEAVE A REPLY

Please enter your comment!
Please enter your name here