We’ve got a pretty big discussion on Fortnite for Android and the decisions Epic Games made that affect user security. I talk about it in the show, we talked about it in Chit Chat Across the Pond with Robb Dunewood and Bart and I talk about it during Security Bits. I’ve got a review of Archisketch for iPad, and then Bart Busschots is back with another installment of Security Bits. We talk about a zero-day exploit on macOS, how Facebook is rating their users’ trustworthiness, how Facebook’s VPN was tracking users, how Google was tracking you even when you told html to stop and how a teenager hacked into Apple’s servers and stole (encrypted) data.
Hi, this is Allison Sheridan of the NosillaCast Apple Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Sunday, August 26, 2018, and this is show number 694. I’d like to give a little shout out to Janet, who wrote to me for the first time this week after listening to the show since 2005. Isn’t that incredible?
The next live show (Labor Day weekend in the US), will be on Monday not Sunday night. It will still be at 5pm Pacific Time, just on Monday. We have the opportunity to spend the evening with Lindsay, Nolan, Forbes, Kyle and Nikki. I love the live audience, but that’s tough competition. Hope you can still make it on Monday!
Chit Chat Across the Pond Lite with Robb Dunewood
With the NosillaCast, I have self-imposed pressure to never miss a show because I don’t want to ruin my 13 year streak. Chit Chat Across the Pond doesn’t have the same pressure, which allows me to very occasionally miss a show, or in this week’s case, publish the shows out of order. I’ve already recorded the latest Programming By Stealth with Bart but I’m holding it till early next week so that I can slot in a time-sensitive episode of Chit Chat Across the Pond Lite.
This Chit Chat is what could best be described as an “accidental episode. Recently Epic Games announced that they were going to port their insanely popular game Fortnite over to Android. It’s currently making $2M/day via in-app purchases on iOS and of course they have to give 30% of that to Apple. Epic figured they had an opportunity to make even more money if they didn’t put Fortnite in the Google Play Store where Google would take 30%.
Unlike the walled garden with iOS, you can do this on Android, but it means you users have to disable security features to side load from unknown sources. I was curious about how this works and how dangerous it could be, so I called up my buddy Robb Dunewood of the SMR Podcast to ask him how exactly this works and to get his feel for whether this is dangerous. I realized after a few minutes that this would make a great Chit Chat so we recorded on the spot. In the conversation Robb did a great job of explaining the repercussions and dangers as well as the protections you’d still have.
That discussion with Robb about Fortnite and sideloading became Chit Chat Across the Pond Lite episode #560.
Then on Friday Bart and I recorded Security Bits which you’ll hear in this episode. Bart had listened to Robb and my conversation and had some more interesting input on the subject.
But then, right after Bart and I recorded, Robb sent me the news that Google uncovered a pretty major flaw in the official Fortnite installer. According to the article in Android Central, the installer itself (not Fortnite) was easily exploitable.
The installer would allow malware that’s already on your phone to take over the installer and then download any app it wanted with full permissions to your phone. You would never know that it wasn’t installing Fortnite, and you wouldn’t get prompted for permissions such as access to location or the camera.
Note that this requires you to already have a malicious app on your phone for this vulnerability to be exploited. The good news is that Google let Epic know about it and Epic has fixed the installer. The two companies are definitely at odds on how it was handled though. Epic’s CEO has publicly said that they think Google was irresponsible in their public disclosure and that they should have waited their standard 90 days. Google has responded back that since it was zero-day exploit, it fit within their policy of making it public after 7 days.
Google is incentivized in this case to make Epic look bad, because they left the compound and took their money with them. That doesn’t mean Google is wrong. Epic wants to make as much money as possible, and who can blame them, so they’re incentivized to blame Google for this. In my view, the greed between these two corporations is putting users at higher risk. I think we could easily call this an “epic fail”.
We’ve only got one piece of content from me but a lot of fun in Security Bits so let’s get into it.
Patreon and Amazon
This week we had THREE new people contribute financially to the success fo the podcast. Ian and April both took the time to go to podfeet.com/patreon and elected to pledge a dollar amount per NosillaCast episode to help support the production of the shows.
It always humbles me when I see people contributing in this way because it shows that they’re getting true value out of the shows.
As a public service announcement, please pay close attention when you pledge on Patreon of how the producer has chosen to charge. Frank pledged last week to the NosillaCast, and all of the other shows he supports charge monthly so he put in the amount he wanted to pledge to the NosillaCast per month. Luckily I questioned his sanity because I charge essentially per week, not per month! We caught it before he had to go on food stamps, so just pay close attention when you sign up to how the individual producers choose to charge!
If you’ve got subscription fatigue but still want a way to contribute, you could choose to make a one-time donation via PayPal like Janet did this week. That’s easy to find too – just go to podfeet.com/paypal. Thank you to all of you who contribute in whatever way you can.
Security Bits – Zero-Day on macOS, Facebook Rates User Trustworthiness, Facebook’s VPN Was Tracking Users, Excessive Google Tracking, Teenager Hacks Apple
That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at firstname.lastname@example.org, follow me on twitter @podfeet. Remember, everything good starts with podfeet.com/. podfeet.com/patreon, podfeet.com/facebook, podfeet.com/googleplus, podfeet.com/chat, podfeet.com/amazon! And if you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.