In 2017, epic games released a video game; Fortnite. A first person shooter-style, users parachute to an island and fight until only one is left standing. Over the last year, it’s popularity has grown exponentially, and it has become a worldwide phenomenon. Played across all demographics (young, old, even Red Sox Pitcher David Price is in on it!), it’s available on various gaming platforms, and brings in roughly $300 million a month. It is currently, by far, the most popular video game in the world. You may be wondering why though, from a security standpoint, Fortnite is a pertinent topic for this blog. Recently, Epic Games rolled out a mobile platform for the game, and in doing so, created a host of potential security threats. If you’ve got employees using android devices, you’ll want to pay close attention.
Google Play Store, the marketplace through which all Android apps are typically offered, charges developers a fee each time a user downloads their app. Epic Games, in an effort to avoid paying 30% of each sale to Google, decided to circumvent the Google Play Store entirely, and offer Fortnite via their own site, in a process called “sideloading.” Shortly following its mobile release, Google identified within Fortnite a serious security threat that could allow hackers to create a legitimate seeming fake version of the game, and use it maliciously to mine data. Because the app is purchased offsite, outside the Play Store, Google had no concrete means by which to enforce an update, or even to notify users of the risk. Epic games eventually released a patch, however, the patch install could only occur when the app was launched, which left people who weren’t or hadn’t been playing the game at high risk, all while even more new security threats continued to arise. Most troubling of all, because the game is so immensely popular, millions of users have now downloaded an app outside of a trusted source, and may now see the process of sideloading as normal, or even safe. This is a unique issue to Android devices, as they’re one of the only manufacturers who don’t require apps to be loaded exclusively via the trusted, proprietary marketplace (re: Apple/iTunes/AppStore)
Obviously, this puts personal data at great risk, but the implications of these types of programs being sideloaded onto work equipment could be catastrophic.
If you’re providing employees with Android devices, it’s critical to have in place an explicit rule that content may only be downloaded via the Google Play Store. In fact, though your employees may not love it, it makes sense to implement and enforce a “Work Equipment for Work Purposes” policy, which will help to keep sensitive data as protected as possible.
Of late, many businesses are adopting a “BYOD” (bring your own device) policy. Although this may seem like a practical, cost effective route, it might not be the safest one. When employees own their devices, even when there is a comingling of personal and secure data, there is a sense of personal ownership and entitlement over the ways in which that device is used, as well as the content it may contain. If you’re employing people who are using their personal mobile devices for work purposes, it may make sense to consider a shift in policy of providing them with equipment that can be secured and regularly monitored. There is a saying about mixing business with pleasure, and it certainly applies in this scenario.
If you suspect you may be vulnerable to threat via mobile device, or are concerned that sideloading could be harmful for your business, North Shore Data Services can help you implement processes and protocol to keep your devices secure. And if you’re looking to discuss Fortnite strategies, we recommend you call David Price’s agent, but not before you give us a call first. (979) 988-0201, or writing us at firstname.lastname@example.org.