In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite.
Google’s public disclosure of a vulnerability in the Android version of Epic Games Inc.’s popular title “Fortnite Battle Royale” sparked a feud between the two companies.
Earlier this summer, Epic Games announced it would sell the Android version of Fortnite directly to customers instead of offering it through the Google Play Store, which led several infosec experts to express concerns about sideloading apps on the platform. However, a Fortnite flaw was discovered by a Google employee soon after the Android version officially launched.
Epic quickly patched the Fortnite flaw and requested that Google withhold the vulnerability disclosure for 90 days so that customers could have more time to update their apps. However, Google declined and cited its official disclosure policy, which states that a vulnerability will be made public seven days after a patch is released.
Google’s decision led to heavy criticism from Epic CEO Tim Sweeney, while others in the technology industry accused Google researchers of targeting Fortnite because its owner had shunned the Google Play Store.
Should Google have given Epic more time before disclosing the Fortnite flaw? Was Epic right to bypass the Google Play Store? Should Epic have taken more responsibility for launching a flawed Fortnite installer in the first place? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.