The Fortnite Android installer allowed malware to be installed

Just a few days ago, we heard the news that Fortnite for Android would not be available to download from the Google Play Store, the store official for this operating system. The experts did not take long to question this decision, because it meant exposing users to a series of dangers. As it is to download applications outside the official store.

Today we learned that the Fortnite for Android installer itself had a vulnerability that allowed malware to be installed on phones.Epic Games has just fixed a vulnerability discovered by Google in the original Fortnite Android installer. This flaw would have allowed any attacker to download and install malware on the devices.

The exploit would work via what is known as a man-on-disk attack and would take advantage of a flaw in storage management to intercept download and upload requests fraudulent content.

Google points out vulnerability in Fortnite for Android

Google can't be too happy with the fact that Fortnite for Android won't be available from the Google Play Store. That is why they have surely been extremely vigilant about any application or system that is going to land on Android devices

In this case, we are talking about the Fortnite installer for Android, which would allow any malicious application to work in the background, without the user even noticing. After detecting the threat, the Mountain View company reported this failure to Epic Games, the developer of Fortnite, on August 15 Today the existence of the threat was made public of this vulnerability, after Epic has applied a corrective fix.

But where is the threat really?

Now it has been neutralized. But just a few days ago, the threat was still there. The user could get infected by going to the Epic Games website to download Fortnite for Android What we downloaded when accessing this page is not actually the game , but rather an installer that remotely downloads the APK of the game.

In the end, this vulnerability made the installer completely insecure, because from here you could install any application that, hidden under the title of Fortnite, is any other except the game.

Unfortunately, the installer does not verify the signature of the APK. Yes, the name of the package, but any rogue application can call itself Fortnite. If it happens that we also have a malicious app installed on our mobile device, this may even intercept the installation request to download any content.

Do not lose sight of the fact that in order to download Fortnite for Android you must enable the option to install applications from unknown sources. As you can imagine, this opens the doors to many things: mostly fraudulent.

In the case of Samsung users (who at the moment have exclusive rights to Fortnite for Android) the danger increases even more , because they don't even get the prompt to enable unknown sources.

What should users do?

Well, first of all, make sure you've updated the Fortnite installer. Epic Games gave a solution to this incident in just 48 hours, so you have to check if you actually have version 2.1.0 of it. If you have automatic updates enabled, you most likely already have this edition.

Also, we recommend that you check what applications you have installed in the last few days and make sure that nothing on your phone has signs of being fraudulent.