'Irresponsible' Google Refused Fortnite's Request To Delay Vulnerability Disclosure To Score Cheap PR Points, Says Epic's Chief

The leader of the firm behind the hit game Fortnite has accused Google of being "irresponsible" in the way it revealed a flaw affecting the Android version of the title. BBC, with additional input from Slashdot staff: On Friday, Google made public that hackers could hijack the game's installation software to load malware. The installer is needed because Epic Games has bypassed Google's app store to avoid giving it a cut of sales. Epic's chief executive said Google should have delayed sharing the news. "Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update. The only irresponsible thing here is Google's rapid public release of technical details," he said. "We asked Google to hold the disclosure until the update was more widely installed," tweeted Tim Sweeney. "They refused, creating an unnecessary risk for Android users in order to score cheap PR points."

Hmmmm

I guess what Google is really saying here is if you find any zero-days in Android, publish them right away. Never mind this silly 'responsible disclosure' that companies like Google make noises about supporting.

Re:Hard to care about either party...

[drinkypoo]

It's not clear what level of ownership Google should be expected to take on this. It seems to me that they technically did more than I'd feel obligated to in their shoes.

That is in fact the nature of Epic's objection. Google did more than they were obligated to do, and the thing they did put users at risk, it did not protect them.

Epic appears to have been responsible for the bug, Google appears to have found it for them. Honestly I think they already went the extra mile right there.

And that's where they should have stopped. If Epic were not addressing the bug, then full and immediate disclosure would have been warranted, but that was not the situation.

Of course if Epic used the app store, then I'd expect a more appropriate arrangement of identification, fix and announcement.

Nice bug you've got there. Shame if someone announced it unnecessarily while you were fixing it. Guess you should have paid the protection money, eh?