Epic Permainan recently sent out a patch for the Fortnite Mobile installer for Android that fixed an otherwise serious vulnerability discovered by Google. Good Fortnite Apk Mode Gpu Fix Unlocked Data. The vulnerability in question is a Man- in- the- Disk( MitD) exploit that would have enabled a pre- installed malicious app to hijack the Fortnite installer and install malware on Samsung Experience devices.
XDA Developers provides an articulate context of what went wrong with the Fortnite installer. Good Fortnite Apk Mode Gpu Fix Unlocked Data. Generally, Android APKs acquired outside of the Google Play Store require certain permissions from the user to install. Certain first- party apps such as the Google Play Store and similar OEM stores from Samsung, Huawei, and others already have the INSTALL_PACKAGES permission and also grant the needed runtime permissions. Thus, the installation happens silently and nomor user intervention is needed beyond pressing the Install button in the Store.
However, if an app is being installed from third- party sources, the Android Package Manager will prompt the user for the required permissions and thus, does not allow a silent install. OEMs can also customize the Android Package Manager to scan for security issues before requesting the users permission. So what went wrong with the initial version of Fortnite installer?
On Samsung Experience devices such as the Galaxy S8+, Note 9, and the Tab S4, Fortnite is distributed melalui the Samsung Galaxy Apps store. Google discovered that in these devices, the Fortnite installer used a private API in Galaxy Apps to bypass the Android Package Manager user prompts for a silent install. While this itself is not an issue, the Fortnite installer actually downloads the APK into atau sdcard atau Android atau informasi atau com. epicgames. gerbang atau files atau downloads atau instead of an app- specific directory in atau informasi atau informasi. The atau sdcard atau directory is considered external storage and can be modified by any app, which has read and write permissions whereas the app- specific directory in atau informasi atau informasi can be accessed only by the app in question.
This means, if a pre- installed malicious app has the required read and write permissions, it can alat pemantau the directory in which the Fortnite APK is being downloaded and replace it with its own modified APK. Compounding the dilema is the fact that Samsung Galaxy Apps does not verify the package integrity but just checks whether the name of the APK is com. epicgames. fortnite and proceeds to silently install it.
Shortly after Google discovered this flaw, Epic Permainan quickly patched the vulnerability in version 2. 1. 0 of the installer. The fix was rather sederhana actually and changed the unduh location of the APK to atau informasi atau informasi instead of atau sdcard atau Android atau. However, much to Epic Permainan chagrin, Google disclosed the vulnerability within 7 days of its discovery without heeding to Epic Permainan request for the usual 90 day window. Speaking to Android Central, Epic Permainan CEO Regu Sweeney said,