Google has just publicly revealed that it has discovered a extremely severe vulnerability in Epic’s first Fortnite installer for Android which allowed any app on your phone to download and install anything in the background, including apps with full permissions granted, without the user’s knowledge. Google’s security team first disclosed the vulnerability privately to Epic Games on August 15, and has since released the information following Epic’s confirmation that the vulnerability has been patched.
In short, this was exactly the kind of exploit that Android Central and others feared would happen with this type of installation system.
Everyone has sounded the alarm bells about Epic distributing its Fortnite game outside of the Play Store, asking users to activate the install from untrusted sources, and here we are – the warnings were justified. Unbelievable.
Do not install this trash can unless you know what you are doing. It’s clear that Epic cares more about their results than their players – often very young.