The maker of super-hit Fortnite has snubbed Google by deciding to release the Android version of the video game through its own website rather than the Google Play app store.
The decision is unusual for an app running on a mobile operating system and raises all sorts of questions, not least of which are whether Google's profit grab will remain unassailable, and what the security implications are of stepping outside the official app store.
Game maker Epic's decision not to go through Google's official app store – which is simple to access through Android phones – is due to Google taking a 30 per cent cut of revenue. Fortnite's success guarantees that the game will bring in enough money that it makes financial sense to sit outside the official channel – saving literally millions of dollars - and its popularity means Epic isn’t reliant on the Google Play store to make people aware of its game.
But some are concerned that the decision may cause a massive security headache as millions of young people look to download Fortnite outside the mostly-safe Google Play store.
It is a virtual certainty that scammer and cybercriminals will use the decision to develop and promote fake versions of the game, in the expectation that unknowing users will download and install their malware.
Although desktop users are used to grabbing software from third-party sources and dealing with the risks of doing so, mobile operating systems have long acted as virtual walled gardens: a model perfected by Apple which controls pretty much everything that runs on its iPhones and iPads and makes a huge amount of money by taking a cut of approved apps in its official store.
Google has a more open philosophy and allows Android users to download and run third-party apps, but its Google Play store is still the main source of apps for user – a fact reflected in the fact it can continue to take a 30 per cent cut of revenue.
Money, money, money
Speaking to GamesBeat this week, Epic CEO Tim Sweeney explained the company's reasoning:
"There are two reasons for what we're doing. First, we want to have a direct relationship with our customers wherever we can. On open platforms like PC and Android, it's possible for them to get the software direct from us. We can be in contact with them and not have a third-party distributor in between.
"The second motivation is the economics of the store ecosystem as it exists right now. There’s typically a 30/70 split, and from the 70 percent, the developer pays all the costs of developing the game, operating it, marketing it, acquiring users and everything else.
"For most developers that eats up the majority of their revenue. We’re trying to make our software available to users in as economically efficient a way as possible. That means distributing the software directly to them, taking payment through Mastercard, Visa, Paypal, and other options, and not having a store take 30 percent."
He noted that smartphone platforms "actually do very little" and not only that but they also make money from selling ads for other apps using the keywords for the most popular apps. "It's just a bad experience. Why not just make the game available direct to users, instead of having the store get between us and our customers and inject all kinds of cruft like that?" argued Sweeney.
Smash-hit game Fortnite is dangerous... for cheaters: Tools found laced with malwareREAD MORE
The fact is that Epic has a choice and it doesn't have to play Google's game (its iOS game on the other hand is only available through Apple's app store thanks to Apple's controlling approach).
Epic's atypical economic approach is what has made Fortnite such a huge success. The game is completely free and runs on pretty much every platform. Considering the huge cost of running millions of constant online games that is a model that shouldn’t make sense but Epic has been quite brilliant in how it makes money from the game: it allows players to buy in-game currency that then allows you to customize how your characters look in the game, and it charges "battle passes" – currently $10 – that open up a wide variety of fun challenges within the game with rewards for their completion.
With people playing the game so regularly due to it being free and time-limited, soon enough players are driven to pay to select their appearance and to carry out different challenges. The rewards are visible to other users and act as social currency within the game. The result, thanks to the vast number of players, is revenue of hundreds of millions of dollars per month.
As just one sign of its enormous financial success, Epic announced earlier this year it would put forward $100m in prize money for people playing competitively in Fortnite tournaments. It's a virtuous circle for the company that encourages people to play the game more, for longer, and so grow ever-more attached to their status within the game.
This economic mindset has also stretched to third-party developers who make most of the "digital assets" that people can buy in-game. Last month, Epic actually cut the amount it was taking from those developers, from 30 per cent to 12 per cent, in order to encourage their growth.
Sweeney told GamesBeat: "The thing to understand about quality indie developers, and also asset creators, is that a large part of their income goes to costs. If they’re making a 10 per cent profit from their business, going from 70 per cent to 88 percent triples that margin."
So with Epic turning the normal economic models upside down, it should come as a surprise that the firm has decided to step outside the Google walled garden. But just how big is the security risk?
It’s significant. For one, unless Epic goes out of its way to heavily promote the fact that the game is only available from its website – epicgames.com – then millions of players are likely to search for the game through a search engine. That provides scammers with a huge opportunity to push their malware to unsuspecting users by taking out ads and embarking on SEO campaigns to appear near the top of search results.
The aim will be to invite netizens to install malware-riddled copies or variants of the game from various websites, exploiting the fact the title is not available from the official Play Store.
To download and install the game, some users may need to change their security settings to allow for third-party downloads. And that opens the door for other malware that would normally be kept off the phone – assuming that users don't immediately put back safety controls once they have downloaded a legit copy of the game. The latest version of Android, version 8, let you side-load applications on a per-app basis, which is somewhat safer.
a) millions of children will install malware by accident, thinking it's the official Fortnite .apk— alex hern (@alexhern) August 3, 2018
b) millions of children who correctly install the official Fortnite .apk will still have a phone in an insecure state and may be tricked into installing other malware
c) basically two things have helped slow malware on Android: Google pushing vendors to quickly pass security patches on to users, and Google managing to better vet the Play Store, while making it harder to install apks from elsewhere. This weakens the latter— alex hern (@alexhern) August 3, 2018
Of course, there is another way of looking at it: it could prove to be a useful "teachable moment" for a generation of users who have grown used to assuming that all software is safe and you can run anything on your device.
The ideal solution is of course would be two-fold: Google scales back its 30 per cent money grab in order to make some money rather than no money; and Epic puts some of its vast profits into a cyber-security educational effort for the young people playing its game. The likelihood of that happening? About the same as you winning a victory royale. ®