Epic Games has patched a critical man-in-the-disk (MiTD) flaw for the Android version of the wildly popular game called Fortnite – although controversy has swirled after Google decided to ignore a 90-day disclosure request from the gaming company.

The issue exists in the Fortnite Installer, which downloads the Fortnite APK to external storage on an Android device. According to the Google team that reported the flaw, any app with the WRITE_EXTERNAL_STORAGE permission can substitute a malicious APK immediately after the download is completed and the fingerprint is verified.

Here are a few tips that are easy to follow:

  • Install applications only from official stores such as Google Play. Malware does creep in, but it is far rarer — and removed on a regular basis.
  • Disable the installation of applications from third-party sources in your smartphone or tablet settings; those are the most dangerous sources. To do that, select Settings -> Security and uncheck Unknown sources.
  • Choose applications by verified developers. Check the application rating and read the reviews. Avoid installing anything that looks fishy.
  • Do not install anything you do not need. The fewer apps you have on your smartphone, the better.
  • Remember to remove applications you no longer need.
  • Use a reliable mobile antivirus application that will give you a timely notification if a malicious app is trying to penetrate your device.


Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

About the author

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.

Related Articles