The vulnerability is tracked as CVE-2018-20250 and exists in the library ‘unacev2.dll‘, library used to extract the old and rarely used ACE archive format. The trial is currently scheduled for October 17, 2022. A Critical 19 year old remote code execution vulnerability has been identified in the WinRAR which is currently being actively exploited in the wild. "We'll continue to fight Epic's claims in court," Google concluded. Safety and security are our top priorities, so of course we took steps to warn our users about this security flaw, in accordance with our app security policy." In response to the filing, Google insisted the vulnerability could "compromise consumers' data.
Despite Google personnel internally calling "not a critical (or even high) vulnerability," the search company called it "an extremely serious security flaw" in a blog post and conducted a media campaign about it.Īn internal email is cited, with Google's head of security for Android characterizing the warnings as "inappropriately dire for many of the kinds of (vulnerabilities) we're seeing from other developers." The task force found a vulnerability in the Fortnite installer, which was used to scare users into sticking to the Play Store for downloads and updates, Epic said.
Google apparently worried that more developers would follow the same path and offer their Android apps away from the Play Store, and that it would lose revenue. The team was created after "Fortnite" became available as a direct download in August 2018, as well as being distributed through the Samsung Galaxy Store. The ability to sideload apps onto an Android device was more theoretical than in reality, it is alleged, in part due to Google's creation of that task force. It calls home to check if its registered (duh). If intercepted, a malicious actor could do something bad which they dont explain. In doing so, Epic says this helped Google secure transaction fees, but simultaneously worked against the idea of Android being an "open" platform. TLDR: winrar uses webviews (over IE) and sends data over http/s which can be intercepted (duh). The filing from Epic reported by the Financial Times claims Google set up an internal task force to try and dissuade "Fortnite" players from downloading the game from sources other than the Play Store. While the argument is similar to the Apple-Epic courtroom battle, a court filing made public on Monday claims Google has been dealing with more issues, due to Android allowing app sideloading. The lawsuit between Epic Games and Google largely centers around Google's store policies and Epic's desires to do things differently with its products.