Light Dark
May 3, 2015 By Douglas Bonderud 2 min read

They’re coming. Dead apps are apps that once lived on large-scale app stores such as iTunes and Google but have been removed and are unsupported and no longer useful. However, according an Infosecurity Magazine article on a recent mobile threat report from security vendor Appthority, these apps have a kind of perverse second life. Many enterprise users keep applications on their phones and tablets long after they’ve been removed from stores, putting network infrastructure at risk.

Night of the Living App?

What’s the greatest threat to enterprises when it comes to mobile security? Experts often point to the challenges of bring-your-own-device compliance, the risk of malware through phishing emails and users downloading malicious third-party apps. Dead apps, however, present a unique and growing threat vector. Removed from official app stores, these programs still work on mobile devices but aren’t supported, aren’t secured and aren’t the responsibility of Google, Apple or even the app creators to maintain and secure. This means inherent flaws that were never corrected — and may have been the reason for the app store removal — could compromise both corporate data and personal information.

According to Appthority’s Q1 mobile threat report, 5.2 percent of iOS apps and 3.9 percent of Android apps are dead and have been removed from app stores. However, these companies are under no obligation to notify users that apps have been pulled or that they’ll no longer be updated. Stale apps — apps that are still active on app stores but go for long periods without any updates or bug fixes — are also a problem.

Appthority said that users can also be responsible for outdated apps since they don’t always update to the latest version, even though newer versions may have fixed bugs, patched vulnerabilities or addressed security concerns. In some cases, users are still running apps that are several versions old, presenting a threat. The numbers are also much higher, with 37.3 percent of iOS and 31.8 percent of Android apps considered stale.

Brains… Brains…!

While dead apps won’t claw their way out of mobile devices to turn users into the living dead, these so-called zombie apps do present a real risk to employees. The first issue is baked-in malware. If an app is found to contain malware, both Apple and Google pull it from store shelves but don’t always tell users, according to CSO Online. Domingo Guerra, president of Appthority, said he wants to “see more transparency from the app stores, similar to what we see in other product recalls.” There is also the issue of hijacking. If malicious actors discover dead apps are no longer being updated, it’s possible for them to hack the update mechanism and deliver malware through what appears to be an approved software upgrade.

The mobile threat report recommends two courses of action: more oversight from IT administrators and better training for employees. IT professionals must be diligent about seeking out possible dead apps and removing them from devices, while users must be educated on the necessity of regular updates and searching their devices for applications that are no longer supported or offered in major app stores.

Dead apps won’t go down without a fight, and enterprises need to ensure they have the right weapons to put these apps back in the ground.

Image Source: iStock

 |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature