50% of fake Fortnite apps on Android contain malware, spyware or adware – report

Many of the Fortnite APKs and installers available online for Android have some sort of issue, according to a new report.

Top10vpn has tested 32 Fortnite Android apps, and found that over half of them contain some sort of spyware, malware, or adware.

These were just a few of the many results that pop up when you type “download Fortnite APK” in Google, or in the search bar for third-party Android app stores like Amazon’s, APK Here, and Mobango. Of the 32 tested apps, eight had adware, seven asked for excessive permissions, and four were complete scams full of malware.

An adware is an app whose sole purpose is to serve ads to users. In this case, these apps try to look as legit as possible, using official art and icons. By the time the user realises the scam, they’ll have already clicked through a few ads, which in turn allows the developer to make a small profit. The numbers add up, especially for something as popular as Fortnite.

The privacy issue is perhaps more important, however, because the apps that ask for these excessive app permissions end up getting access to quite a bit of the phone’s features, such as the camera, GPS location, contacts, call data and more. Some even ask for permissions to modify phone settings, and make phone calls without going through the dial UI.

The legitimate Fortnite APK doesn’t ask for these permissions, and the fake apps can have up to 24 permissions the user must agree to in order to install them. If the user doesn’t read these prompts, they’ll inevitably allow these apps access to much of the sensitive and personal information stored on their phone.

Two of the apps tested were simple click farms, which often have surveys for the user to answer, with the promise that a link to download Fortnite will be offered upon completion.

Of the apps tested for malware, Fortnite Mobile APK, and Fortnite APK were the worst offenders. The former installs a possible trojan, and is mostly designed to refer users to other apps. It even has videos of Fortnite loading screens, which always stop at a certain point and refer the user to other apps to download.

The latter, on the other hand, is seemingly designed to harvest email addresses by fooling the user into thinking their device isn’t compatible with the game. The app then asks the user to type in their email details to be notified when their handset becomes supported.

The full report, available at the link above, goes into great detail about the sort of permissions offending apps trigger, their names, the names of the developers, the stores where they’re found and more.

But the general idea is that it’s pretty simple to fall for at least one of these in your searches, in large part because these apps appear first in search results. It also helps that many have on-point branding designed to fool users into thinking they’re downloading the real thing.

For future refrence, the only official way of downloading Fortnite on Android is through the Epic Games website. The Android version is still in beta, but will be going live for all this month.