The leader of the successful Fortnite game company accused Google of being “irresponsible” in the way it disclosed a flaw affecting the game's Android version. On Friday, Google made public that hackers could hijack the game's installation software to load malware.
The installer is necessary because Epic Games does not use the Google app store to avoid giving it a share of sales.
Epic's CEO said that Google should have delayed the sharing of the news.
“We asked Google to delay the disclosure of the news until the update was more widely installed”, Tim Sweeney tweeted.
“They refused, creating an unnecessary risk for Android users in order to gain cheap PR points
Google has been criticized in the past by Microsoft for sharing details of vulnerabilities in the Windows manufacturer's products before they were addressed. The Android developer's security team has also acted similarly with Apple and Samsung. But in this case, an independent cybersecurity expert said that Epic was responsible for this situation.
“I'm still surprised that Epic didn't put it on the Play Store, to begin with, and yes, I have the financial incentive”.
Google's terms dictate that Epic should have paid more than 30% of its game fees. However, The developer accepted such terms in Apple's equivalent app store, Since iPhones are not allowed to add software from other sources.
According to Google's documentation, Their security team shared a screenshot with Epic 15 de agosto demostrando una forma de engañar al instalador de Android de los juegos para que cargue malware. Epic respondió dos días después diciendo que estaba distribuyendo una solución después de “trabajar todo el día” para crearla.
“Nos gustaría solicitar los 90 días completos antes de divulgar este problema para que nuestros usuarios tengan tiempo de parchear sus dispositivos “, agregó la compañía de juegos.
Las reglas de divulgación de Google indican que revela detalles de errores al público 90 días después de informarlos a los desarrolladores responsables si no se han abordado, pero solo espera una semana después de que un parche esté “ampliamente disponible”.
Sweeney has said that he is grateful that Google audited his company's software and notified him of the flaw. But he denied that the tech giant acted in the users' interest by refusing to keep the matter private until mid-November.