5 Fortnite security tips

August 31, 2018

The popularity of Fortnite Battle Royale, a multiplayer video game developed by Epic Games, continues to snowball, especially with the release of the Android version. But unlike the vast majority of developers, Epic has taken the bold step of not making the mobile game available on Google Play. Google has even issued a special statement on that:

Here we explain why this might be dangerous and how to protect your smartphone, Epic Games account, and money.

1. Download Fortnite for Android only from the official site

Fortnite for Android can be downloaded from the official game site. That’s an easy way to avoid fake sites offering Trojans disguised as Fortnite Launchers.

After downloading the game, you must enable the “Allow installation from third-party sources” check box in your smartphone settings. To do so, go to Settings -> Security -> Third-party sources:

2. Don’t forget to reset the block on third-party installations

Once you’ve installed Fortnite on your Android smartphone or tablet, don’t forget to deselect the “Third-party sources” option in Android’s settings.

Allowing installation from third-party sources automatically makes the smartphone less secure, because then anything can be installed from anywhere. This setting is exploited by many cybercriminals seeking to cash in on the popularity of Fortnite and other mass-multiplayer games, which involve considerable money streams.

3. On Android, use Fortnite Launcher 2.1.0 or higher

Researchers at Google found that Fortnite Launcher for Android is susceptible to Man-in-the-Disk attacks. In lay terms, that means the installer could basically install any app it was given, including malicious ones, without raising eyebrows.

The developer, Epic Games, has already patched the vulnerability, so Fortnite Launcher 2.1.0 and higher are immune to this kind of attack. That’s why you should use the latest version of the installer.

If you installed the game on your smartphone or tablet using an earlier version, we advise you to remove Fortnite and Fortnite Launcher and then reinstall the game using the new version of the installer. We also recommend scanning the system with an antivirus to check whether this type of attack has been used to install a malicious application on your Android device.

4. Change your Epic Games account password

According to online rumors, a data leak in March 2018 put Epic Games account logins and passwords into the hands of cybercriminals, who promptly made use of them. Forums are full of threads about how Fortnite accounts were stolen and how scammers used them to buy in-game codes, reselling them afterwards on the cheap.

If you created an Epic Games account before March 2018 and didn’t change the password, do it now. Here’s the link you need.

5. Enable two-factor authentication

Even if your password is leaked, cybercriminals won’t be able to access your account without a second factor in the form of a short, one-time-use code. For two-factor authentication (2FA), Epic Games recommends Google Authenticator, and we concur. Alternatively, you could try Microsoft Authenticator, LastPass Authenticator, or Authy. For details on how to opt in to 2FA, see this support page.