Epic Games has taken the decision to not use the Google Play store for the Android version of Fortnite. The company is saying it made the decision based on what it calls the Google “store tax”. Google, like Apple and other platforms takes 30% of the sale price for anything sold through the Google Play store.
Epic Games CEO, Tim Sweeney has railed about this in the past despite overlooking the fact that his company did the same through the Unreal Engine Marketplace. Three weeks ago, Epic decided to take the high ground and lowered its charge to 12%. It is also backdating this to 2014 when the store launched. However, developers won’t get any compensation for lost interest over that period.
How will users get hold of Fortnite?
It’s simple. They go to the Epic Games website where it will be available for download as an Android APK. Once downloaded, users will just click on the file, grant it security access to the device and it will install. It is a simple and easy process called sideloading.
In effect anyone with an Android device can download it. Whether they can run it is a bigger question. Fortnite will require a high-end Android phone and that will restrict sales initially. At the moment, the expectation is that it will be available first for the Samsung Galaxy Note 9 this week. On the 23rd September the exclusive launch deal with Samsung will expire and it will be available on over 40 other smartphones from a range of different companies.
The big question for users come 23rd August will be can Epic Games servers handle the load. Niantic knows only too well how this can go badly. Their servers crashed, gamers looked for alternative sources and ended up with malware infected devices. Epic believes that Amazon and its cloud providers will mean that it can handle the load without any issues.
Is there a security risk to users here?
Android users have already been scammed over the last few months by fake Fortnite downloads. There is nothing here that will stop that happening. In fact, there is every likelihood that this will continue. Sweeney is completely unconcerned by this. He believes that it is the responsibility of the user to detect scams and only download from safe sites.
In a remarkable comment in an FAQ Tim Sweeney, CEO, Epic Games said: “Gamers have proven able to adopt safe software practices.” It is a comment that has caused much merriment among security experts that Enterprise Times has spoken to. There is absolutely no evidence that gamers, like other device users, are adept at spotting scams and fake code. In fact, spend any time in a Security Operations Centre (SOC) looking at attacks and the opposite is true.
Sweeney also believes that the security setting on the device will keep users safe. The problem here is that users have to allow Epic Games to sideload Fortnite onto their devices. This means giving the download engine permission to install on the device. Despite a request for what permissions are required, Epic Games declined to comment.
This is important. If the app requires excessive permissions then any breach will allow attackers complete access to the device. Epic should demonstrate that it has written the game to use the minimum permissions to reduce risk. Niantic set permissions for Pokémon Go to access almost all the user data on the device. It caused a significant backlash. Hopefully Epic has learned from this.
There is also a large ecosystem of developers who will want to offer add-ons to users. How that will be handled is also unclear at the moment.
Security risk not just to gamers
Bring Your Own Device (BYOD) has changed end-user computing inside enterprises. Users now bring their own phones, tablets and laptops to work and use them for both personal and business use. Any malware installed on these devices risks the enterprise. This happened with Pokémon Go and has been repeated with several business applications.
A solution here would be a tool for enterprise IT teams. It could detect any running instances of Fortnite on a company network. Those instances could be checked to make sure that they are from a valid source and are not hacked versions of the software. It could also make sure that downloads only come from official Epic Games services. Users could then be warned of fake or hacked versions.
However, this is unlikely to happen. Epic will not want to run the risk that enterprises will detect people playing Fortnite at work and then blocking it on their networks. This is not just about security. Many organisations and especially universities and schools, suffered significant hits on their networks as a result Pokémon Go usage. They will not want to have a repeat with Fortnite especially as the release comes just as businesses are ramping up for the post summer holiday period.
What does this mean
It is easy to have sympathy for Epic Games. Few platforms deliver any value for the 30% they take from developers. In most cases this is just about paying for access. In the case of Apple it is a closed system so there is no choice. For other operating systems such as Windows and Android developers have alternatives. However, Epic has only recently ceased to be part of the problem by restating its terms and marketplace charges.
The bigger concern here is about security. The attitude of Sweeney is laughable. Spammers will see this as being a real opportunity to go after Android users who are desperate to play Fortnite. It is likely that we will see hacked copies of the game available through torrent sites shortly after its release. This is commonplace with even security companies seeing hacked and free copies of their tools available through torrent sites.
How Epic handles the challenges will be watched keenly by many in the gaming and wider IT industry. If it can meet user demand for downloads without interruption and avoid stories of spammers taking advantage of this approach, it will have achieved something far more notable than having a hit game.