Posted on August 7, 2018 by staff

‘Fortnite on Android will make hacking easier’ says expert


Epic Games’ decision not to use the Google’s Play Store for its soon-to-be-released Fortnite game could open the door for hackers to take advantage of its players.

That’s the view of David Rogers, a mobile security specialist who has advised the UK Home Office and international law enforcement agencies on mobile phone security.

Epic Games’ chief executive confirmed this week it will require users to install the game directly to their device, a decision fuelled by ‘disproportionate’ fees to host the game on Google’s app store.

But Rogers, who also teaches a Mobile Systems Security course at the University of Oxford, believes that while the game itself will likely be harmless, the process of installing apps directly to a device could be dangerous.

“The danger isn’t from the Fortnite app itself, it’s from malware pretending to be the Fortnite app – distributed through lookalike sites, adverts etc,” he told BusinessCloud from DefCon, the world’s largest underground hacking conference.

“Within the app store submission process, apps are triaged and checked for various forms of maliciousness. Users are protected by these and other mechanisms and it creates a generally clean application ecosystem that people can trust.

“This changes when you ask people to side-load applications. It’s confusing to users who’ve been conditioned to not side-load apps because it is dangerous behaviour.

“It’s the main route for users to become infected with malware.”

Addressing similar concerns, Epic Games’ chief executive Tim Sweeney said that it was the job of modern mobile operating systems to protect users from malicious software, rather than one ‘monopoly’ of pre-approved apps.

“Fortnite’s creators are right to take a stand against a stock 30 per cent cut that all the appstores settled on in the early days,” said Rogers.

“My issue with this is that there is absolutely no meaningful competition in the market between app stores. This means that developers don’t get properly paid for their efforts.”