Google pulls their favorite irresponsible security stunt with Fornite developer

Avatar
4

Google does this to Microsoft all the time and now they’ve done it to the Fortnite people, seemingly as revenge (Epic Games didn’t want to pay the Google tax). Read all about it on Mashable, the article is titled “‘Fortnite’ developer had sharp words for Google after a scary Android exploit was discovered”

Comments (4)

4 responses to “Google pulls their favorite irresponsible security stunt with Fornite developer”

  1. Avatar

    Bdsrev

    there is a bug where the post is in gigantic bold letters... Can someone look into this?

  2. Avatar

    curtisspendlove

    That Mashable article starts off poorly written and obviously biased against Google. It gets a bit wish-washy toward the middle and backpedals a bit toward the end.


    Regardless.


    Google is absolutely right to point out the security risks of side loading applications. This is not a feature intended for “regular” users. It leaves the phone susceptible to security exploits. Also, as more and more apps choose to go the side-load route, fewer and fewer phones will have those security gates back up (people will forget to put the gates back up or get tired of toggling it for each new game or app that wants to bypass the store).


    An exploit was found in their installler. A patch was issued. Epic themselves should have publicized it to their user base as soon as the patch was ready to go. I don’t know if they did this, but I’m assuming they didn’t if they were mad and wanted google to wait 90 days to publicize it.


    That is flat-out irresponsible for a software publisher. And I’d consider it deceptive and user-hostile.


    Epic is completely within their rights to do whatever they wish to further a “more open platform”, but that means accepting the consequences that coincide.

    • Avatar

      Bdsrev

      In reply to curtisspendlove:

      Oh come on, how do you buy this "installing programs is dangerous" bologna? So that means Chrome for Windows is dangerous and shouldn't be trusted because it's not in the Windows store? Microsoft and Google didn't put those ridiculous switches in their OS's for security reasons, they did so to push people to use their stores. (Windows' is called S mode and it's equally as laughable as the toggle in Android). Installing programs from legitimate, competent companies like Google and Epic Games is not dangerous.

      • Avatar

        curtisspendlove

        In reply to Bdsrev:

        Nope. Totally not dangerous. Epic didn’t just have an exploit in their first android installer that would allow a malicious actor to install their preferred binary with full permissions.


        Oh wait.


        I assume you don’t know the technical ramifications of this little “bug” (security exploit). Please, feel free to go find a technical analysis instead of a Mashable puff piece then come back and make your case for the exploit not being dangerous.


        Regardless any side-load capability reduces the security and integrity of the underlying system. :: shrug ::


        I know you’re being facetious, but yes, the mere installation of Chrome is dangerous and adds multiple attack vectors to an otherwise previously more-secure system.


        That is a fact.


        I trust Google, and I trust Chrome. I don’t trust all of the bad actors that can now exploit Chrome as an attack vector.


        This installer exploit is in the same category of problems.


        I’ll give you a small hint so you don’t have to search so far to figure it out.


        This is an installer package. It was side-loaded with highly-elevated system permissions.


        It dowsnt properly check the security credentials of the binary it is installing onto the system.


        A couple articles out there will help you fill out the rest.


        (This installer package has the potential to be an incredibly dangerous Trojan horse. I would argue the very fact of a company this large encouraging end users to disable some security features and download a software package from the internet directly into the phone is a large, slippery step to “wild west” installations in Andriod. It is an endorsement by a large game creator to run one’s s phone in a compromised state.)


        The majority of my “friends and family” tech support is removing harmful junk they put on their windows systems.


        I’ve already told them I’m not going to do it for their phones. They get a problem, we wipe it.

Leave a Reply