Tomáš Foltýn for ESET: Why now could be a good time to fortify your Android defenses
“Stop us if you’ve heard this before: avoid installing apps from outside Google Play. But what if you’re itching to battle it out in Fortnite?”
Follow-up article- interview with Lukáš Štefanko, who says I hope other app developers don’t follow Epic‘s example – “After Epic Games shunned Google Play, debates about threats faced by Android users have taken on a whole new tenor. Joining us to add his voice to the mix is ESET Malware Researcher Lukáš Štefanko”
I don’t care for Epic’s sidestepping the Play vetting process/Bouncer/Protect either, but I’m not sure it will have as dramatic an effect in terms of legitimizing or easing the spread of malware as has been predicted by so many people in the security industry. It’s not as though Google has gone nearly as far as it might in terms of discouraging downloads from sources other than Play. Of course it’s worth flagging the risk to forgetful pre-Oreo users: if they switch off the default settings to allow them to download from a (hopefully safe) site other than Play, I suppose they’re a little safer if they remember to switch back to default. But even the post-Oreo permissions, while probably a little safer than that, don’t actually de-legitimize downloading from other sources, and it can be argued that it’s because of Apple’s iron control over where its customers can download apps that iOS has so few issues with malware, unlike Android.
It’s not as though bad guys can’t/don’t set up sites specifically for the download of their dodgy Android apps, though such out-and-out malicious sites probably have short life-cycles. I’m guessing that sources that sidestep Play are likely to be watched (at least as closely as Play is, and probably more) by the security industry.
Here’s a slightly related article from Graham Cluley: Fortnite fury over how Google handled its security hole – “Epic Games isn’t happy about how Google handled the disclosure of the serious security vulnerability in Fortnite.”
*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: https://macviruscom.wordpress.com/2018/08/28/fortnite-and-android-an-epic-disagreement/