May 3, 2015 By Douglas Bonderud 2 min read

They’re coming. Dead apps are apps that once lived on large-scale app stores such as iTunes and Google but have been removed and are unsupported and no longer useful. However, according an Infosecurity Magazine article on a recent mobile threat report from security vendor Appthority, these apps have a kind of perverse second life. Many enterprise users keep applications on their phones and tablets long after they’ve been removed from stores, putting network infrastructure at risk.

Night of the Living App?

What’s the greatest threat to enterprises when it comes to mobile security? Experts often point to the challenges of bring-your-own-device compliance, the risk of malware through phishing emails and users downloading malicious third-party apps. Dead apps, however, present a unique and growing threat vector. Removed from official app stores, these programs still work on mobile devices but aren’t supported, aren’t secured and aren’t the responsibility of Google, Apple or even the app creators to maintain and secure. This means inherent flaws that were never corrected — and may have been the reason for the app store removal — could compromise both corporate data and personal information.

According to Appthority’s Q1 mobile threat report, 5.2 percent of iOS apps and 3.9 percent of Android apps are dead and have been removed from app stores. However, these companies are under no obligation to notify users that apps have been pulled or that they’ll no longer be updated. Stale apps — apps that are still active on app stores but go for long periods without any updates or bug fixes — are also a problem.

Appthority said that users can also be responsible for outdated apps since they don’t always update to the latest version, even though newer versions may have fixed bugs, patched vulnerabilities or addressed security concerns. In some cases, users are still running apps that are several versions old, presenting a threat. The numbers are also much higher, with 37.3 percent of iOS and 31.8 percent of Android apps considered stale.

Brains… Brains…!

While dead apps won’t claw their way out of mobile devices to turn users into the living dead, these so-called zombie apps do present a real risk to employees. The first issue is baked-in malware. If an app is found to contain malware, both Apple and Google pull it from store shelves but don’t always tell users, according to CSO Online. Domingo Guerra, president of Appthority, said he wants to “see more transparency from the app stores, similar to what we see in other product recalls.” There is also the issue of hijacking. If malicious actors discover dead apps are no longer being updated, it’s possible for them to hack the update mechanism and deliver malware through what appears to be an approved software upgrade.

The mobile threat report recommends two courses of action: more oversight from IT administrators and better training for employees. IT professionals must be diligent about seeking out possible dead apps and removing them from devices, while users must be educated on the necessity of regular updates and searching their devices for applications that are no longer supported or offered in major app stores.

Dead apps won’t go down without a fight, and enterprises need to ensure they have the right weapons to put these apps back in the ground.

Image Source: iStock

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today