Skip to main content

Why Installing Fortnite on Android Will Be a Security Nightmare

Fortnite is finally coming to Android, but it's arriving in the riskiest way possible. Epic Games is bypassing the Google Play Store and distributing the game itself, which creates a serious security vulnerability.

According to a Toucharcade interview with Fortnite publisher Epic Games' Tim Sweeney, users will be directed to the Fortnite website to "sideload" an APK file (an Android package file) called Fortnite Installer, which then in turn installs Fortnite. The interview glosses over a major issue, though: You need to enable a setting called Unknown Sources that allows Androids to run APK files from sources other than Google Play.

Once you enable Unknown Sources, you open up your device to malicious applications that websites will try to push onto your device. Malicious apps can quickly get free rein to steal your data, and possibly hijack your phone.

Will the Fortnite Installer require that you permanently enable Unknown Sources after you first use it? We've reached out to Epic for comment, but unless Fortnite Installer never needs updates, it's possible that you'll have to keep this dangerous setting activated all the time. If so, there's no way that Android malware distributors won't try to take advantage of this opportunity.

MORE: Fortnite for Dummies: Why It's Taking Over the World (And How to Jump In)

In the interview, Sweeney outlined what he said were two reasons for Epic's decision, even though they're really the same reason.

The first is to "have a direct relationship with our customers on all platforms ... now that physical storefronts and middlemen distributors are no longer required."

In other words, Epic wants to sell Fortnite's in-game purchases directly to you, without having to go through Google (or Steam). But, of course, you can't do this with the iOS app store. Unlike Google, Apple provides no sideloading option, and Epic would have to ask users to jailbreak their iPhones, which is much harder than it used to be.

The other reason, Sweeney admitted, is Epic's bottom line: "We're motivated by economic efficiency. The 30 percent [Apple and Google] store tax [really a cut of the retail price] is a high cost in a world where game developers' 70 percent must cover all the cost of developing, operating and supporting their games."

Sweeney argues that a profit-sharing process (i.e., Microsoft or Nintendo's cut of Fortnite in-game purchases) is OK on consoles "where there’s enormous investment in hardware, often sold below cost, and marketing campaigns in broad partnership with publishers."

But he says that Google's 30 percent cut is "disproportionate to the cost of the services these stores perform, such as payment processing, download bandwidth, and customer service."

That might be seen as disingenuous. Like Apple, Microsoft and Nintendo don't let players download games from anywhere other than their official game stores. It could be argued that Epic is doing this on Android only because it can.

Fortnite — the most popular game on Earth right now — has only grown in popularity since it launched on iOS this past April and the Switch in June. Sadly, Sony has yet to give crossplay capabilities to PS4 owners.

  • nickebrenner
    Wow. That's just...wow. Really, EPIC, greed over security?

    Also wow, is, 30%...really Google? 30%? That's ridiculous.

    Why is there not a program that does percentages based off of volume. I can see where 30% might be okay for an entry level that Google supports in their ecosystem, but something with the volume that would be Fortnite or your Clash of Clans type magnitude, I imagine they should be able to drop off sharply as volume quickly picked up.
    Reply
  • franki.hauptle
    Apple charges 30% too. Google created the operating system including the app store and spends a ton of money on the ecosystem. I dislike the 30 too.. But don't single Google out.. They all suck in this regard.
    Reply
  • cledbetter68
    I think one of the items that almost makes this point about side-loading apps a little bit like the "Fake News" is that almost every phone that is able to run the Fortnite App is already on Android Oreo which as we all know allows which does not require a user to allow side-loaded apps. When an APK is downloaded the system then asks the user if they would like to allow the APK to open. This would apply to items such as the Fortnite APK as will as any malicious APK downloaded unknowingly by the user. The system is still going to require the user to grant permission prior to running any APK. If I am understanding correctly even if Fortnite did push down updates automatically Android Oreo or higher attempts to launch APK the stops for user permission prior to executing.

    I cannot speak to the fees charged by either vendor but as far as this being a large security risk I take exception to the author of this article framing it as large security risk since side-loading is no longer either off or on. It is always on but requires user intervention to execute the APK. Side-loading not the risk users not reading the permissions message before clicking to allow is the risk.
    Reply
  • glennquagmire911
    Sideloading is not much more dangerous than doing it on a Linux or Windows-based PC. (Probably Apple, too.)
    One can simply turn on or off that feature as needed. Windows, and DOS before that did not require one to go through the Microsoft Play Store. Smart users would run an anti-virus/malware protection module which they should probably do now anyway. Avast and other manufacturers make some good security software to protect your mobile device.

    In conclusion, I think hyping up the supposed security dangers of side-loaded apps is ridiculous and unnecessary. Encouraging safe practices like we do on PC's would be plausible instead of ringing the alarm bell and possibly harming the business of the creators of Fortnite and similar games. Bad move on the editors and authors of Tom's guide.
    Reply
  • eakidwell7
    Thanks that was very helpful. Beth K
    Reply