'Fortnite' developer had sharp words for Google after a scary Android exploit was discovered

Google essentially got slapped in the face when Epic Games, the developer of the super popular Fortnite, decided not to make the game available through the Play Store, but via its own app.

Google warned Epic that doing so could potentially put Android users at greater security risk, but the game developer brushed it off, insisting on going it alone for several reasons — including not having to give Google a cut in-app revenue and "embracing open platforms."

Well, now the worst has happened. Despite having no obligation to do so, Google recently discovered an exploit within the Fortnite installer app that allowed malicious apps installed on one's Android phone to hijack the download process so that instead of downloading the game from Epic's server, it could download and install something entirely different, which could potentially leave the device open to attacks.

SEE ALSO: What You Should Know About 'Fortnite' Addiction

Here's a quick run-down of what happened:

Google first discovered the vulnerability inside of the Fortnite installer app on Aug. 15 and immediately notified Epic. Details for the exploit weren't public yet. Within 48 hours, Epic patched the Fortnite installer and deployed it to all Android users who installed the app. 

Here's where things get a little ugly. Even though Epic quickly released a patch for the installer app, it asked Google not to disclose the details of the exploit until after 90 days. Not only would there be more time for users to update their installer apps, but hackers also wouldn't be able to take advantage of the bug.

However, Google's bug disclosure guidelines explicitly states the following:

Despite Epic's request for Google to wait the full 90 days before disclosing the exploit, Google abided by its own guidelines and shared the details.

Per a Google rep posting to an Issue Tracker thread on the bug report:

Naturally, the Fortnite developer wasn't happy about Google's decision at all. Epic provided Mashable the following comment from CEO Tim Sweeney:

Ultimately, who's in the right and who's in the wrong? Honestly, neither company is. 

Google is right that Epic's decision to not release Fortnite through the Play Store leaves the app more vulnerable. As my colleague, Mashable tech reporter Matt Binder, previously made clear: Android users need to disable certain Android security permissions in order to install Fortnite and there's no guarantee they'll remember to turn them back on after doing so.

Maybe Google really is upset at the idea of not getting any revenue from the massively popular game (apps listed on Google Play pay a share of their sales to Google), as Sweeney implied. But the Android gatekeeper maintains that its speedy disclosure of the exploit was done in the name of user security.  

Following Sweeney's statement, Google had only this to say in response to Mashable's request for comment: "User security is our top priority, and as part of our proactive monitoring for malware we identified a vulnerability in the Fortnite installer. We immediately notified Epic Games and they fixed the issue."

And it's true, Google does have a responsibility to ensure that users are safe. Otherwise, third-party developers could give the entire platform an even worse reputation.

That said, if Google truly cares about protecting its users first and foremost, it should have been more flexible on its bug disclosure deadline so as to not tip off hackers so quickly. That's why Epic asked for 90 days to begin with.

The disagreements between Google and Epic should not be overlooked. Google may wish to have nothing to do with Fortnite after being shunned by Epic Games, but their paths will inevitably cross because of the Android platform.

It's possible Google will discover vulnerabilities in future versions of the Fortnite installerm or even other app installers from other companies that decide to follow in Epic's footsteps and not offer their apps in the Play Store. Will Google have to monitor and perform security audits on all of those as well in order to protect Android users? Hard to say, but it's sure gonna be interesting to watch from the sidelines.

If anyone's laughing at this turn of events, it's Apple. The company's closed platform means all apps must be released through the App Store. By not allowing apps to be officially released in any other way, Apple has guarded itself against the issue Google's now facing.

With additional reporting by Adam Rosenberg. 

WATCH: Is the Samsung Galaxy Note 9 worth $1,000?