Skip to main content
If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Google discloses vulnerability in Fortnite launcher that allowed possible malware installation

Epic Games has since fixed the exploit, but CEO Tim Sweeney calls Google disclosure "irresponsible"

Fortnite has skipped the Google Play store for its Android release, but its avoidance of the securities offered by Google Play potentially allowed for a major exploit to make its way into the launcher. On Friday, Google publicly disclosed a bug in the Fortnite launcher that potentially allowed for hackers to install malware onto Android devices.

The exploit, which has since been fixed with version 2.1.0 of the app, was essentially a weakness in the installer app for Fortnite that allowed for other programs already-downloaded onto the device to go through the launcher and install other programs without the knowledge of the user. For the vulnerability to cause a problem, the user would already have to have an app on their phone looking for said vulnerability, but if they did, malware could be installed and launched through the Fortnite app while the user assumed they were installing and launching Fortnite itself.

While the issue was fixed shortly after Google made the information public, Epic CEO Tim Sweeney responded in a comment made to Android Central regarding the company's publication of the issue:

"Epic genuinely appreciated Google's effort to perform an in-depth security audit of Fortnite immediately following our release on Android, and share the results with Epic so we could speedily issue an update to fix the flaw they discovered.

"However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.

"An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused. You can read it all at

"Google's security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic's distribution of Fortnite outside of Google Play."

It's worth noting that whether or not the exploit would have existed in a universe where Fortnite goes through Google Play, Google Play Protect is able to stop apps from being installed when issues such as these present themselves.

Epic Games told earlier this month that it is skipping the Google Play store specifically to avoid the 30% cut of revenue that Google takes from a game's sales.

Read this next

Rebekah Valentine avatar
Rebekah Valentine: Rebekah arrived at GamesIndustry in 2018 after four years of freelance writing and editing across multiple gaming and tech sites. When she's not recreating video game foods in a real life kitchen, she's happily imagining herself as an Animal Crossing character.
Related topics