Do you enjoy video games or have someone in your household who does? If so, it’s more than likely you’ve heard of Fortnite. It’s unavoidable in the gaming scene. Fortnite is currently one of the most popular games in the world, a genuine media sensation, and it’s free to install and play meaning just about anyone can get in on the action!
Unfortunately, this also includes malicious hackers eager to seize on a popular fad to spread their malware.
Part of what has made Fortnite such a hit is that you can play it on just about any major system. Whether you own a PS4, XboxOne, Nintendo Switch, or PC, you can download the game and start building and shooting with everyone else. In fact, the game is so ubiquitous that it is even available on mobile! Higher end mobile devices can run the game, so you can play Fortnite while on the bus, your lunch break, or under your desk at work or school (don’t worry, we won’t tell).
This is where our cybersecurity concerns begin. Unlike on iOS, Android users are free to step outside of the Google Play portal and install apps from any source. Epic, the company behind Fortnite, have decided to use this to their advantage and only offer their game through their own site and download option. By going outside of the Google Play environment, that don’t have to pay Google their service fees and can keep the profits from the game’s many optional microtransactions (small items, costumes, and customization options like dances you can purchase with real money inside the game) to themselves.
Pretty sweet for Epic, but unfortunately, operating outside of the Google Play environment means opening the door to scammers and hackers. Google Play is a curated environment where apps are tested and scanned for viruses and malware, and look-alike and clone apps are routinely removed. Outside of this environment, it’s the wild west. You could be downloading anything.
Because Fortnite is so popular, and your only option is to go to an outside site to download it, the opportunists have descended on the community in full force. Searching for the game on mobile will direct to you a plethora of fake downloads and clones that exist to infect your mobile device with malware.
These phishing attempts range from the laughable to the sophisticated. Some are easy to spot, either misspelling the title of the game and hoping you won’t notice, or residing on suspicious looking sites with .ru domain names that most users would be wary of visiting let alone downloading and installing anything. But, there are also very convincing clones out there. Some try to mimic the look of the Google Play storefront while others clone Epic’s own site design to try and bait you into downloading the wrong thing.
The malicious code hackers are trying to get you to download are most often trojans designed to compromise the security of your phone. Once installed, the hacker can browse your files, read your text conversations, and even begin removing other applications. In extreme cases, some trojans can “brick” your phone, leaving it inoperable. It all depends on the goal of the hacker, if they are looking to collect info (presumably for identity theft schemes) or just play a nasty prank by costing strangers hundreds of dollars just for wanting to play a popular game. Which of these is worse is a matter of perspective.
On one hand, losing the use of a several hundred-dollar device you rely on every day is no laughing matter, but identity theft can be even worse. There is almost no limit on the damage fraud can do to your finances. While most large-scale phishing operations like this are not sophisticated enough to fully leverage the data stolen from a phone, preferring instead to rely on cheap turn around scams, the potential for real harm does exist. This is a lot of risk all for the sake of playing a game.
This threat only exists due to Epic’s refusal to use the Google Play Store, so it’s very easy to blame them for subjecting their would-be users to this risk. However, the situation isn’t quite so clear cut. Google Play takes a full 30% cut for every transaction processed through an app available on their store. That is a lot of money to ask just for the privilege of being on a storefront.
There is certainly an argument to be made that Google is abusing its defacto monopoly as thetrustworthy Android storefront by demanding such high returns. It’s only natural that such a high rate would push a business into other alternatives. Nobody would sell fruit at a farmer’s market that demanded thirty cents on the dollar, so why is it a given that mobile developers should be fine with it? Of course, that metaphor breaks down when you think of a farmer’s market where there is one guy selling real fruit, while dozens of other stalls hawk poisonous facsimiles of that same fruit and it’s up to the customer to “use caution” and avoid accidentally biting down on something that will kill them.
Ultimately, it’s a situation that is bound to create friction, and one without a clear solution. It’s irresponsible of Epic to put its users and fans in a position where they can be so easily duped. But, one can see their point that the Google Play price tag is just too steep and there are no real alternatives to help drive that cost down. Of course, now that Epic has set the trend for the most successful and popular games to avoid Google Play, we can expect future titles to follow a similar route which will be plagued by the same kinds of scams. It’s likely to get worse before it gets better.
Unfortunately, it really is going to be on the consumer to be careful and look out for themselves in this environment. If you want to play Fortnite on your Android device, be sure you are going to https://www.epicgames.com/ and following the instructions from there. When it comes to future big games that decide not to appear on Google Play, be smart. Search for the official company website and use links from there to direct you to a download, don’t just search for the game directly or use a third-party site to download the file. Always take the extra time to confirm exactly what you’re downloading before you hit that install button.