Light Dark
May 3, 2015 By Douglas Bonderud 2 min read

They’re coming. Dead apps are apps that once lived on large-scale app stores such as iTunes and Google but have been removed and are unsupported and no longer useful. However, according an Infosecurity Magazine article on a recent mobile threat report from security vendor Appthority, these apps have a kind of perverse second life. Many enterprise users keep applications on their phones and tablets long after they’ve been removed from stores, putting network infrastructure at risk.

Night of the Living App?

What’s the greatest threat to enterprises when it comes to mobile security? Experts often point to the challenges of bring-your-own-device compliance, the risk of malware through phishing emails and users downloading malicious third-party apps. Dead apps, however, present a unique and growing threat vector. Removed from official app stores, these programs still work on mobile devices but aren’t supported, aren’t secured and aren’t the responsibility of Google, Apple or even the app creators to maintain and secure. This means inherent flaws that were never corrected — and may have been the reason for the app store removal — could compromise both corporate data and personal information.

According to Appthority’s Q1 mobile threat report, 5.2 percent of iOS apps and 3.9 percent of Android apps are dead and have been removed from app stores. However, these companies are under no obligation to notify users that apps have been pulled or that they’ll no longer be updated. Stale apps — apps that are still active on app stores but go for long periods without any updates or bug fixes — are also a problem.

Appthority said that users can also be responsible for outdated apps since they don’t always update to the latest version, even though newer versions may have fixed bugs, patched vulnerabilities or addressed security concerns. In some cases, users are still running apps that are several versions old, presenting a threat. The numbers are also much higher, with 37.3 percent of iOS and 31.8 percent of Android apps considered stale.

Brains… Brains…!

While dead apps won’t claw their way out of mobile devices to turn users into the living dead, these so-called zombie apps do present a real risk to employees. The first issue is baked-in malware. If an app is found to contain malware, both Apple and Google pull it from store shelves but don’t always tell users, according to CSO Online. Domingo Guerra, president of Appthority, said he wants to “see more transparency from the app stores, similar to what we see in other product recalls.” There is also the issue of hijacking. If malicious actors discover dead apps are no longer being updated, it’s possible for them to hack the update mechanism and deliver malware through what appears to be an approved software upgrade.

The mobile threat report recommends two courses of action: more oversight from IT administrators and better training for employees. IT professionals must be diligent about seeking out possible dead apps and removing them from devices, while users must be educated on the necessity of regular updates and searching their devices for applications that are no longer supported or offered in major app stores.

Dead apps won’t go down without a fight, and enterprises need to ensure they have the right weapons to put these apps back in the ground.

Image Source: iStock

 |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature