Fans of Fortnite could be at serious risk as more than 20% of Android apps claiming to be the game contain ways to spy on unwitting users by requiring them to agree to supremely invasive permissions before being able to install them, according to a new report by Virtual Private Network (VPN) comparison service Top10VPN.com.
Ahead of the official launch of the Android version of Fortnite at the end of September, tens of unofficial apps claiming to give early access to the game on your smartphone are now available to download from marketplaces such as Amazon and through searches on Google.
Worryingly, more than 20% of these apps ask users to accept excessive permissions before they can play the game – including allowing access to their contacts, dial a number without their knowledge, installing software silently in the background and monitor when they are making a call and who they are calling.
By assenting to these permissions, gamers are essentially handing a free pass to those who might want to spy on them – which will come as a big concern for parents of Fortnite players, claims the research. Allowing access to the camera, for example, could allow anyone watching to essentially collect images that the camera is seeing at any point, while consenting to location details allows mobile users to be tracked in the real world at any point.
By opting to save costs and not distribute the Android version of the incredibly popular online game on moderated marketplaces such as Google Play, publisher Epic is exposing users to fraudsters and off-brand markets which have created rogue versions of Fortnite, claims Top10VPN.com.
- More than 20% of Fortnite Android apps found through Google and Amazon are fake and require users to agree to invasive permissions that could spy on them
- This includes asking users to allow access to their phone camera, give permission for the game to install software silently in the background and monitor calls they make
- Another 30% of these apps are adware, whose only purpose is to trick Fortnite fans into viewing ads, while more sinisterly, a further 10% of these apps are malware or click scams
While some of these apps do allow gamers to play the game after accepting invasive permissions, Top10VPN’s research found that about 30% of Fortnite ‘apps’ through Google searches were just thinly veiled guides to the game that were actually adware with very little real content – the majority of which can be found on Amazon. More sinisterly, 10% were scams containing no game files or content at all, even raising multiple red flags for trojans and other malware during scans.
Says Simon Migliano, head of research at Top10VPN.com:
“Fortnite is a victim of its own success. It now reportedly has 125 million active users, and while this is great news for the publisher, its success has acted as a blazing beacon to unofficial developers and scammers.
“The long-awaited arrival of the Android version of the game has seen a number of bootleg versions of the game spring up in its absence from the Play store.
“While some of these unofficial apps are well-meaning and otherwise give non-Apple users access to the game on their handsets, a worrying number ask users to accept excessive permissions before they can play the game.
“This means gamers are unwittingly leaving the door open to hackers with more malicious ideas who might want to monitor your calls and even access your phone’s camera.
“With no real knowledge about the people behind these bootleg apps, it’s simply not worth the risk to install them on your device.
“By circumventing official Android marketplaces like Google Play, Epic might be saving itself about 30% a transaction. This discount for the publisher could well come at a cost for gamers who might think they are accessing a bona fide version of the game, but instead be opening themselves up to being spied on.
“As such a high proportion of Fortnite’s user base are children, there’s a real concern that these real-looking versions of the game could be convincing enough to persuade younger users of their authenticity.”