You’ll have to disable a recommended Android security setting to install Fortnite

Maximising profits is Epic Games’ incentive for skipping Google Play.

You'll have to disable a recommended Android security setting to install Fortnite

The Verge has confirmed reports that Android users wanting to play the hit game “Fortnite” won’t be able to get it from the official Google Play store:

“Epic Games announced today that it will not distribute its massively popular game Fortnite on Android through Google’s Play Store marketplace. Instead, the company plans to directly distribute the software to players through the official Fortnite website, where Android users can download a Fortnite Installer program to install the game on compatible devices.”

I can understand Epic Games feeling mightily miffed that Google tries to take a 30% cut from any sales in its online store, but encouraging Android users to download apps from non-official sources is not a good idea.

Sign up to our free newsletter.
Security news, advice, and tips.

Fortnite is already available for the Sony PlayStation 4, Xbox One, Nintendo Switch, iPads and iPhones from their respective official online stores.

But Android offers users an easy route for getting apps from stores that have perhaps not been so careful in vetting their wares.

If you dig into your Android’s settings, you’ll find an option to install programs from “unknown sources”.

Unknown sources setting

If you enable that option, Google is good enough to display a loud warning message:

Android warning

“Your phone and personal data are more vulnerable to attack by apps from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these apps.”

Interestingly, Epic Games founder Tim Sweeney tweets that things will work slightly differently if you’re one of the (small percentage) of Android users that is running the latest version of the operating system:

Tim Sweeney tweets

“A “download” button is coming to . On the latest Android Oreo devices, this goes directly to a download link which installs the game following user acceptance of several security prompts – no “unknown sources” involved.”

“On earlier Android versions, the button goes to a page with instructions on enabling “unknown sources” followed by a download button, which only works once that’s enabled.”

I don’t know if this workaround for Android Oreo users is supposed to reassure me or not. The truth is that anything that makes it easier to install apps from unapproved sources actually makes me feel more uneasy.

Google’s policing of the official Android marketplace has often fallen short, but there is no doubt that installing apps from unofficial sources exposes your Android device to greater risks.

I’m not trying to suggest that I think it’s likely Epic Games will goof up and distribute a malicious version of their hit game.

But I do worry that some users might be so desperate to play Fortnite that they might forget to disable the “unknown sources” after installation, or that this will encourage more users to take a more laissez-faire attitude as to whether it’s wise to install apps regardless of their source in future.

And there will, inevitably, be online criminals who will try to trick Android users into thinking they are downloading the real Android edition of Fortnite, but instead installing malware.

Listen to more discussion about this topic in this episode of the “Smashing Security” podcast:

Smashing Security #090: 'Fortnite for Android, and the FCC's DDoS BS'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “You’ll have to disable a recommended Android security setting to install Fortnite”

  1. Vog Bedrog

    I can't wait for all the malware authors out there to figure out this 'download link' workaround, maybe even squeeze it into a drive-by…

    Thanks, mobile gaming. This is why we can't have nice things.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.