A court injunction in the long fight between Fortnite publisher Epic Games and Google could have “catastrophic results for the nation’s security” and “risks creating massive cybersecurity vulnerabilities in the online ecosystem,” a group of former top government officials said in a filing Monday.
At issue, they wrote, is a district court injunction requiring Google to work with Epic Games to establish a technical committee on the Google Play Store. This committee would review disputes over the store’s business practices and regulations. The former officials filed an amicus curiae brief siding with Google, which lost in the latest legal salvo, saying that any such committee would sorely lack the ability to mediate the myriad cybersecurity threats presented to users through the store.
“The district court and the Technical Committee are woefully ill-equipped to manage the complex, numerous, and dynamic cybersecurity threats to millions of Android users that will result from allowing countless new apps to flood the Google Play Store and third-party app stores,” they wrote.
Rather, they contend, “Google, with state-of-the-art cybersecurity practices and a trusted app ecosystem, is best positioned to manage those security risks, but the injunction would hamstring Google’s ability to secure its platforms by requiring it to allow developers to provide links directly to users, to distribute third-party app stores, and to allow third-party app stores access to the Google Play Store catalog.”
And “even one mis-clicked link or one nefarious downloaded app can have catastrophic results, allowing malicious actors to access Android devices and data,” they contend.
Signing onto the filing were Tatyana Bolton, former cyber policy lead at the Cybersecurity and Infrastructure Security Agency; Joel Brenner, former inspector general and senior counsel at the National Security Agency and counterintelligence head in the Office of the Director of National Intelligence; Paul Lekas, former deputy general counsel at the Defense Department; John Shanahan, former DoD director at the Joint Artificial Intelligence Center; Joseph Anderson, a former Army official; Steven Bellovin, former chief technologist at the Federal Trade Commission; David Shedd, former deputy director of the Defense Intelligence Agency and a former National Security Council official; and Gene Tsudik, a computer science professor at the University of California, Irvine.
The brief is tied to a ruling in a 2020 case where Epic leveled allegations of monopolistic practices against Google over in-app purchase fees. Epic Games has won antitrust rulings against Google, most recently on July 31. Google itself has been arguing that the rulings will raise privacy and security risks, as have others who are siding with Google on the debate.
The Google Play Store is one of the most popular ad marketplaces in existence, with the company claiming it’s used by more than 2.5 billion monthly users across 190 markets worldwide.
It differs from its main competitor, Apple, by allowing users to download apps from third-party sources. In contrast, Apple’s App Store operates within a closed ecosystem, strictly controlling the installation of apps and prohibiting third-party stores. Additionally, Google typically enforces a less stringent app review process compared to Apple’s often rigorous approval standards, giving developers a faster and more accessible route to publishing their apps on Android devices.
Due to the differences, malicious or fraudulent apps are constantly found on Google’s store.
The latest court ruling disputed the extent of any security woes that would arise.
“Though Google may decry the inconvenience of having to design ‘new protocols’ to address the security risks of carrying app stores, its own expert conceded that Google would be able to meet these difficulties with the same technological criteria it uses for other third-party software applications already on the Play Store,” the U.S. Court of Appeals for the Ninth Circuit ruling reads.
The officials who signed on to Monday’s include those who have notable current or past industry ties; Bolton, for instance, worked for Google from 2022 to 2024.
The potential interplays between monopolistic practices and cybersecurity have been a source of debate amid the rise of U.S. tech giants.
You can read the brief below.
Greg Otto contributed reporting to this story.
Source link
