In Google vs. Fortnite, Everyone Loses (Premium)

When Epic Games announced that it would bypass the Play Store to release Fornite on Android, it probably didn’t realize it had declared war on Google. But it did. And the resulting fallout between these two companies is damaging to anyone who uses Android.

It’s also yet another example of Google’s holier-than-thou attitude when it comes to releasing security disclosures. And for all the privacy and data gathering controversies that surround this online giant, it is this behavior that bothers me most.

That Fortnite is an unprecedented success is inarguable: The game is a blockbuster on every platform it hits, and it has so thoroughly changed the industry that even the makers of stalwarts like Call of Duty are changing future titles to adopt the battle royale gameplay that Fortnite has popularized. One iOS alone, Fortnite generated $100 million in revenues in its first 90 days of availability.

Many were naturally curious about Epic’s plans to bring Fornite to the more popular—but stingier—Android platform. In early April, Epic’s Tim Sweeney, who is no stranger to controversy, finally admitted that the rumors were true: Fortnite would forego the Google Play Store, which like other mobile app stores guarantees the security and reliability of the apps it provides, and it would ship via its own installer.

Why do this?

Well, for one, Mr. Sweeney is a sociopath who has repeatedly spoken out against the proprietary online stores for games that his company needs to deal with.

In 2016, he started a campaign against Microsoft and its UWP games platform. But despite his complaints being easily dispensed with by Microsoft, he kept up his ranting, complaining that UWP should simply morph into Win32. And again, Microsoft responded respectfully, noting that UWP was “a fully open ecosystem.” A few months later, Sweeney was back at it, complaining anew about a non-threat to his gaming revenues. As I wrote at the time, he has a “deranged view of the world.” He is a nutjob.

He is also the founder of Epic Games, the company that created Fortnite. And this year, he turned his attention to Google, which of course controls the Play Store on Android.

And he has a serious problem with the 30 percent “vig” that most online stores take from developers. So Sweeney said in early August that Fornite would not come to the Google Play Store specifically for this reason.

“The 30 percent store tax is a high cost in a world where game developers’ 70 percent must cover all the cost of developing, operating, and supporting their games,” he said. “There’s a rationale for this on console[s] where there’s enormous investment in hardware, often sold below cost, and marketing campaigns in broad partnership with publishers.”

This complaint isn’t new. It was at the heart of his complaints about Microsoft and UWP in 2016. And it was a complaint he leveled against Steam in 2017 too. (Oddly, Epic’s success with Fornite on iOS has come despite it being available via Apple’s App Store, which does impose a 30 percent tax as well. Apparently, this model is acceptable on some platforms but not others. Again, he is a crazy person.)

A week later, Sweeney came through on his threat when Samsung announced that Fornite would temporarily launch exclusively on the newly-announced Note 9. That exclusivity was short-lived, however, and within days various Android devices had access.

And that’s where Google comes into the story.

See, Google isn’t the innocent victim here. Instead, the online giant has been up to some familiar tricks when it comes to responding to Mr. Sweeney and Fornite. By which I mean, Google quickly announced that Epic’s Fortnite installer had a security vulnerability and it did so before Epic could fix it. Indeed, Google somehow found this vulnerability just days after Fortnite started being made available to multiple handset types.

In doing so, it gave Mr. Sweeney a rare gift. It made him the victim.

“We asked Google to hold the disclosure until the update was more widely installed,” Sweeney tweeted. “They refused, creating an unnecessary risk for Android users in order to score cheap PR points.”

Well, sorry, Tim. But this is a classic ploy from the Google playbook. Just ask Microsoft, which has suffered from this kind of baloney for years.

You see, Google adopted a policy of disclosing unpatched security vulnerabilities that are being exploited back in 2013. And Microsoft has been its primary victim.

“Google’s decision to disclose vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Microsoft’s Terry Myerson complained in 2016. “We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure.”

But Google has done it again and again.

Microsoft was able to turn the tables on Google at least once: In October 2017, the software giant disclosed a security vulnerability in Chrome that Google was slow to fix. But this behavior doesn’t actually help users. It’s just PR.

It’s also hypocritical. When Google found out about the Meltdown and Spectre processor flaws, it actually held that information secret for several months. The reason? It impacted their own platforms too, and the fixes were slow in coming. Intel emerged from this fiasco looking bad, for sure. But I feel that Google’s behavior is equally suspicious.

In any event, the issue with the Fortnite installer has been fixed, Epic says. And there are no known exploits that I’ve heard of.

Still, the combined stupidity of Google and Epic continues to boggle the mind.

“Epic Games’ decision to bypass the Google app store shows that when security conflicts with commercial interests, often the commercial interests win but at the cost of the public’s safety online,” University College London professor Steven Murdoch told the BBC. “Security is no longer just the result of people making good technical decisions, but also that the complex commercial structures in place work for, and not against, better online security.”

In other words, good security requires all interested parties to work in the best interests of their collective customers. And not simply and mindlessly against each other.

What a concept.