Attackers first had to trick you into installing an app designed to look for the flaw, which might not have been difficult when players could be hunting for cheats and "free V-Bux" apps. If present, the app hijacked the install process to grab its own code without even hinting that malware was coming. You didn't need to have Android's "install unknown sources" option enabled beyond when you downloaded the Fortnite installer, and Samsung device owners didn't even have to make that effort (since they downloaded through Samsung's own Galaxy Apps).

Epic told Android Central that it delivered the fix within 48 hours after receiving word from Google, and it's not clear that anyone took advantage of the security hole in the few days where it was present. The developer isn't happy with how Google addressed the situation, however. It accused Google of being "irresponsible" for publicly disclosing the flaw before many people had a chance to update their installers, and claimed Google "refused" to wait until more players had updated. That's not necessarily the case (Google appeared to have honored its disclosure policies), but it's reasonable to presume that some Fortnite fans hadn't been diligent in updating before the vulnerability was public knowledge.