In the fight between Epic and Google, there are no 'good guys'

Epic Games is suing Google again along with Samsung, claiming that unfair practices make it hard to get exposure to its third-party software offerings. In this claim, Epic takes issue with Samsung's Auto Blocker feature, which stops the installation of software that is not from official trusted sources. Specifically, Epic claims that it's anti-competitive that auto-blocker is on by default and that Google strong-armed Samsung into making it that way.

This feels very much like the last time Epic sued Google, claiming the company was anti-competitive and abusing monopoly power. That's a lawsuit Epic won , even if it didn't have the results Epic had hoped for. What's not being mentioned is that this all stems from the fact that Epic doesn't want to pay Google (or Apple) fees to process payments and transactions.

I don't blame Epic for not wanting to pay 30% of the mountain of money it makes from players when it thinks it could find a way to keep that cash for itself. I also want companies to hold Google accountable and challenge all of its policies anytime there is even a hint of anti-competitive behavior.

I'm just tired of this particular case because one side is as bad as the other.

Google says it had nothing to do with Samsung's decision to build and deploy the auto-blocker feature. I've reached out to see if Google has more to say but in a statement posted to X Google Security and privacy team member David Kleidermacher says:

"Epic’s latest lawsuit is a meritless and dangerous move. Google did not request that Samsung create their Auto Blocker feature.

While Android allows sideloading, Google and the security community have warned users for years about the real risks associated with downloading apps directly from the web. In the U.S., federal agencies, NGOs, and fintech associations have guidance underscoring this issue.

Governments around the world have requested additional solutions to help further protect users from the fraud, theft, and abuse from sideloaded apps that are causing real harm to people’s lives. That’s why Google offers its own safety features such as Google Play Protect, which checks for harmful apps on a user’s device, regardless of where the app was downloaded.

Android device makers are free to innovate and design additional safety features for their devices. To make this about access to a game is deliberately misleading; this is about user safety. And Epic’s lawsuit puts their corporate interests above user protections."

Epic Games CEO Tim Sweeny replied:

"The 21 steps required to install Epic Games Store on new Samsung Android devices are full of intentional dead ends and misleading scare screens characterizing Epic as an “unknown” source (y’all know us) and our software as dangerous (y’all know it’s not).

Windows and MacOS demonstrate multiple successful and proportionate approaches to blocking malware. None involve blocking safe software from reputable companies or portraying known software as unknown as Google and Samsung are doing. Google’s scheme is dishonest and misleading."

Obviously, social media is no place for meaningful discourse, and this is just another back-and-forth of two companies trying to one-up with each other.

I have no idea if Google asked Samsung to implement the Auto Blocker feature. I do know that Google allows phone makers to implement security solutions if they want to do so.

Saying the steps to disable the Auto Blocker feature are difficult is subjective. Trying to claim Epic is a trusted source in the security sense is absurd (Samsung can not verify Epic's code), and claiming that Windows and macOS don't block "safe" companies from installing unsigned system-level code without user interaction is even more absurd.

I can't take either statement as proof of anything and neither should you. That's because every company involved has shown it will do and say anything to sway public opinion.

So here's what we actually know.

• Having trust doesn't mean "y'all know us." It means being able to verify in-house that the code is doing exactly what it claims to do and nothing more. Instances of software overstepping and allowing potentially problematic behavior happen every day and even happened to Epic with this very same application . No company can call another company a trusted source without a clear and specific arrangement.
• There are a lot of good reasons to want to install software on your phone that didn't come from Google's Play Store. Doing so shouldn't be automatic but it can be confusing if you aren't willing to follow the right steps.
• Samsung is allowed to add extra software security features to Android and there is nothing wrong with the Auto Blocker feature. Not enabling it by default would mean that to be protected would require a process " full of intentional dead ends and misleading scare screens " so making it enabled by default is a fair decision.
• None of this would be an issue if the Epic Games transactions went through Google Play, but Epic would be forced to pay money to Google for every transaction.

None of the companies involved want to infect your phone with malware or wish any ill will on you in any way. They want you to be happy with your purchase (whether that be a phone or an app) and be willing to buy again.

Mobile operating systems are not like the ones you might use on a desktop, and anyone trying to equate them is being silly. You can install an "app store" on your Windows computer because that app store isn't doing anything critical with system files; if it wants even rudimentary access to certain folders it requires you to approve it. MacOS is the same, and Linux distributions are even worse/better when it comes to permissions. What works on Windows does not work on Android, and it's time we all stopped thinking like that.

Tools are needed to keep users safe because most users aren't interested in how this all works. You might want to know all about sideloading and file system permissions, and I might want to know about them, but not everyone cares. We all deserve some level of protection. Balancing that is difficult, but it's generally best to lean to the side of "security," even if it means an extra step when it comes to disabling those tools.

Epic might win this lawsuit and Google will appeal again. We might even see a few changes to the way things are done when all the dust settles. But Epic is never going to get the validation it seems to desperately want and the company is not on your side.

It's on Epic's side.