With news that Epic Games will create their own installer on Android for Fortnite instead of offering it on Google Play, came the fear of security issues. That fear was then realized when Epic Games and Google confirmed that the first version of the Fortnite Installer came with a major security flaw.
That major flaw allowed hackers and malicious apps to silently install anything on a user’s phone. This includes apps with full permissions. So, here is how it all happened. To download Fortnite you would have to first download the Fortnite Installer, which will then get the game for you. According to Google’s security team, the Fortnite Installer can easily be hijacked and commanded by another APK to install another app despite it thinking it’s still downloading Fortnite.
What the exploit does is that the malicious APK (any with the WRITE_EXTERNAL_STORAGE permission) intercepts the Fortnite Installer’s installation of the legit game and substitutes it with a different APK. The Fortnite Installer will still think that it is downloading Fortnite despite the last minute interception.
It’s even worse with Samsung devices as the Fortnite Installer performs the installation silently via the Galaxy Apps API. The API checks if the APK being installed has the package name “com.epicgames.fortnite” then proceeds with the installation, which means any app with the said package name can be installed silently, even if it’s not Fortnite.
Then according to Google, if the fake APK has a targetSdkVersion of 22 or lower, the app will be granted all the permissions it requests upon installation. All of this will happen without users even having a chance to allow the fake APK’s permission requests because the Fortnite Installer does all the checking. Again, this exploit will only work if you have both a malicious APK and the first Fortnite Installer.
User security is our top priority, and as part of our proactive monitoring for malware we identified a vulnerability in the Fortnite installer. We immediately notified Epic Games and they fixed the issue. — Google Spokesperson
Epic Games though has since fixed the issue with the release of version 2.1.0 of the Installer. The Fortnite Installer will also notify users if they are using an earlier version before proceeding with the download of Fortnite. So, we advise anyone who has downloaded the first version of the Installer to update to version 2.1.0 immediately. Apart from that, we also once again urge readers to only download apps from official and legit sources.
source: Google Issue Tracker
via: Android Central
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
