Development company strongly criticizes Google over the vulnerability response of popular game 'Fort Knight' installer

The Android version of the popular global battle royal action game " Fort Knight " has been released since August 2018 . The Android version "Fort Knight" is delivered with an installer that can be downloaded from the official site without using Google Play. Google announced that this installer was vulnerable on August 15, 2018, and a patch was patched on 17th of the same month. However, Epic Games strongly criticizes Google for its subsequent response.

Epic Games slams Google for sharing Fortnite Android app exploit info
https://mashable.com/2018/08/25/google-epic-games-fortnite-android-app-exploit/

Fortnite Installer downloads are vulnerable to hijacking [112630336] - Visible to Public - Issue Tracker
https://issuetracker.google.com/issues/112630336

Epic games announced that there is no plan to distribute the game on Google Play for the Android version "Fort Knight" release. Tim Sweeney, CEO of Epic Games, explained about why it is not going to be delivered on the Google Play Store "to make close relationships with customers as much as possible" "Avoid the 30% fee charged on intra-game currency or pay plan" Because of it. "

App stores managed by Apple and Google are getting too much commission and application developers' dissatisfaction is solved - GIGAZINE

In order to download the Android version "Fort Knight", you need to download the installer from the official site. Unlike iOS apps that can only be delivered from the App Store, Android apps can be delivered from outside Google Play, but Google does not recommend installing applications that are distributed outside of Google Play.

On August 15, 2018, Google notified Epic Games "We have vulnerabilities permitting intrusion of malware from outside the installer distributed on the official website." At this stage the vulnerability details were not open to the public.

Epic Games applied a fix patch within 48 hours of notice and updated the installer. Epic Games has applied to Google as a grace period until the user applies the update that we want the bug report to be published for 90 days.

However, Google stipulates that the bug reporting guidelines "after 90 days from the problem discovery, or after patches become widely available, bug reports including comments and attached files will be made public," Epic Games The patch was judged to be widely available "according to the correspondence, and the bug report was released 7 days after the update of the application.

Sweeney, interviewed by Mashable from this incident, said, "Google's efforts have made it possible for vulnerabilities to be discovered and update quickly, but even though users are not updating their apps well enough Regardless of the vulnerability, it is irresponsible to disclose the details. "Furthermore," Google should not put the user at risk, because it is harassment to deliver Fort Knight outside Google Play, " We also make comments that interpret Google's measures as a kind of retaliation.