Google is ir­re­spon­si­ble, claims Fort­nite’s chief in bug row

The Malta Business Weekly - - INTERNATIONAL -

The leader of the firm be­hind the hit game Fort­nite has ac­cused Google of be­ing "ir­re­spon­si­ble" in the way it re­vealed a flaw af­fect­ing the An­droid ver­sion of the ti­tle.

On Fri­day, Google made pub­lic that hack­ers could hi­jack the game's in­stal­la­tion software to load mal­ware.

The in­staller is needed be­cause Epic Games has by­passed Google's app store to avoid giv­ing it a cut of sales.

Epic's chief ex­ec­u­tive said Google should have de­layed shar­ing the news.

"We asked Google to hold the dis­clo­sure un­til the up­date was more widely in­stalled," tweeted Tim Sweeney.

"They re­fused, cre­at­ing an un­nec­es­sary risk for An­droid users in or­der to score cheap PR points."

A spokesman for Google de­clined to com­ment.

Google has been crit­i­cised in the past by Mi­crosoft for shar­ing de­tails of vul­ner­a­bil­i­ties in the Win­dows-maker's prod­ucts be­fore they had been ad­dressed.

The An­droid de­vel­oper's se­cu­rity team has also caught out Ap­ple and Sam­sung in a sim­i­lar man­ner.

But in this case, one in­de­pen­dent cybersecurity ex­pert said Epic was re­spon­si­ble for get­ting into this sit­u­a­tion.

"Peo­ple will ar­gue un­til the cows come home the pe­riod is ei­ther too long or not long enough de­pend­ing on which side you're on," com­mented Troy Hunt.

"I'm still sur­prised Epic didn't put it in the Play Store to be­gin with - and yes, I get the fi­nan­cial in­cen­tive."

Google's terms dic­tate that Epic would have had to have handed over 30% of its ingame fees.

The de­vel­oper has, how­ever, agreed to such terms on Ap­ple's equiv­a­lent app store since iPhones are re­stricted from adding software from else­where.

Ac­cord­ing to Google's doc­u­men­ta­tion, its se­cu­rity team shared a screen record­ing with Epic on 15 Au­gust demon­strat­ing a way to fool the games' An­droid in­staller into load­ing mal­ware.

Epic re­sponded two days later say­ing that it was dis­tribut­ing a fix af­ter "work­ing around the clock" to cre­ate it.

"We would like to re­quest the full 90 days be­fore dis­clos­ing this is­sue so our users have time to patch their de­vices," the games com­pany added.

Google's dis­clo­sure rules state that it re­veals de­tails of bugs to the pub­lic 90 days af­ter re­port­ing them to the de­vel­op­ers re­spon­si­ble if they have not been tack­led, but only waits one week af­ter a patch is made "broadly avail­able".

As such, it re­jected the re­quest. Mr Sweeney has said he is grate­ful that Google au­dited his firm's software and no­ti­fied it of the flaw.

But he de­nied sug­ges­tions that the tech gi­ant had acted in users' in­ter­ests by re­fus­ing to keep the mat­ter pri­vate un­til midNovem­ber.

"Epic Games' de­ci­sion to by­pass the Google app store shows that when se­cu­rity con­flicts with com­mer­cial in­ter­ests, of­ten the com­mer­cial in­ter­ests win but at the cost of the pub­lic's safety on­line," com­mented Pro­fes­sor Steven Mur­doch, a se­cu­rity re­searcher at Univer­sity Col­lege Lon­don.

"Se­cu­rity is no longer just the re­sult of peo­ple mak­ing good tech­ni­cal de­ci­sions, but also that the com­plex com­mer­cial struc­tures in place work for, and not against, bet­ter on­line se­cu­rity."

In a separate de­vel­op­ment, Epic has an­nounced an in­cen­tive for all Fort­nite play­ers to ac­ti­vate two-fac­tor au­then­ti­ca­tion to re­duce the risk of their ac­counts be­ing stolen.

This re­quires gamers to en­ter a code sent to their phone or email ad­dress in ad­di­tion to their pass­word when sign­ing in.

Those that adopt the prac­tice can use the game's Boo­giedown dance moves.

Newspapers in English

Newspapers from Malta

© PressReader. All rights reserved.