[0xfffff]

Epic Games provided the following comment from CEO Tim Sweeney:

"Epic genuinely appreciated Google's effort to perform an in-depth security audit [...]

However, it was irresponsible of Google to publicly disclose the technical details of the flaw so quickly, while many installations had not yet been updated and were still vulnerable.

An Epic security engineer, at my urging, requested Google delay public disclosure for the typical 90 days to allow time for the update to be more widely installed. Google refused. You can read it all at https://issuetracker.google.com/issues/112630336

Google's security analysis efforts are appreciated and benefit the Android platform, however a company as powerful as Google should practice more responsible disclosure timing than this, and not endanger users in the course of its counter-PR efforts against Epic's distribution of Fortnite outside of Google Play."

[DannyBee]

I like when "following standard practice, literally listed in the bug report and used 100's of times" is suddenly "counter-pr efforts" I like when "following standard practice, literally listed in the bug report and used 100's of times" is suddenly "counter-pr efforts"

type: vulnerability is new, but if you search the public bug tracker for the phrase "This bug is subject to a 90-day disclosure deadline",

It looks like they have been pretty darn consistent about unrestricting once the patch is available. Usually faster than 7 days! They have also held people to the 90 day requirement, and the 14 day grace extension they offer This is true even when the reporter is a googler or it affects only google software.