The living dead Apps are coming! These are apps that used to live on app stores but have since been removed and are no longer supported by the companies who created them. According to the Info Security magazine these have a kind of perverse second life, putting network infrastructure at risk.
What’s the greatest threat to enterprises when it comes to mobile security? Experts often point to the challenges of bring-your-own-device compliance, the risk of malware through phishing emails and users downloading malicious third-party apps. Dead apps, however, present a unique and growing threat vector. Removed from official app stores, these programs still work on mobile devices but aren’t supported, aren’t secured and aren’t the responsibility of Google, Apple or even the app creators to maintain and secure. This means inherent flaws that were never corrected — and may have been the reason for the app store removal — could compromise both corporate data and personal information.
Appthority said that users can also be responsible for outdated apps since they don’t always update to the latest version, even though newer versions may have fixed bugs, patched vulnerabilities or addressed security concerns. In some cases, users are still running apps that are several versions old, presenting a threat. The numbers are also much higher, with 37.3 percent of iOS and 31.8 percent of Android apps considered stale.
These so-called zombie apps do present a real risk to employees. The first issue is baked-in malware. If an app is found to contain malware, both Apple and Google pull it from store shelves but don’t always tell users, according to CSO Online. Domingo Guerra, president of Appthority, said he wants to “see more transparency from the app stores, similar to what we see in other product recalls.” There is also the issue of hijacking. If malicious actors discover dead apps are no longer being updated, it’s possible for them to hack the update mechanism and deliver malware through what appears to be an approved software upgrade.
The mobile threat report recommends two courses of action: more oversight from IT administrators and better training for employees. IT professionals must be diligent about seeking out possible dead apps and removing them from devices, while users must be educated on the necessity of regular updates and searching their devices for applications that are no longer supported or offered in major app stores.
Dead apps won’t go down without a fight, and enterprises need to ensure they have the right weapons to put these apps back in the ground.