Mobile Threat Blog

  • Mobile
    Security Insights
  • Mobile
    Threat Research
  • Mobile
    Security Tips
Zombie App-ocalypse

It’s Halloween and time for one of our favorite topics – Zombie Apps! Hollywood hasn’t made a movie about them yet but they are a scary reality for enterprises. In fact:

More than 1 in 4 devices in the enterprise (26.95%) have at least one Zombie App installed.

What are Zombie Apps?

Zombie apps (a concept Appthority introduced in 2015) are the living-dead of the app world. These are apps that have been removed from app stores but continue to live, with their vulnerabilities and risky behaviors unaddressed, on millions of employee devices. While malware frightens, Zombie apps pose a more immediate and ongoing risk in enterprise environments. 

Why do Zombie apps keep living on employee devices?

App Stores (Google Play, Apple App Store) do remove apps that are dangerous and they notify the developer but neither are under any obligation or regulatory requirements to notify users when an app is revoked or why. The result is that the apps, removed from app stores for being unsafe, continue to live on employee devices. 

Okay but what are the real risks of a Zombie app-ocalpyse?

While Zombie apps won’t turn employees or even other apps into Zombies, the fact that these apps are no longer available from the respective app stores means they are no longer in a position to be updated for bugs, vulnerabilities, or security fixes. Zombie apps are also in a position to be exploited by third parties, offering fake updates and content or targeting known vulnerabilities that were never patched. Plus, there is no way to know what has happened to the data the Zombie apps collected. When an app is taken off the app store and no longer creates revenue for the developer, who ensures the user data is deleted or is not sold or put to other uses?

What should I do to keep the Zombie’s away?

This Halloween, to keep your enterprise safe, encourage employees to delete apps they don’t use and update the ones they do. Make sure they’ve updated to the latest OS as well so all the security fixes available are installed on their devices. For bonus points, you could give a prize to those who check to see if all the apps they keep are still on the app store. Even without this, however, reducing apps on employee devices to active up to date versions should keep the Zombie’s at bay…for a while.