Applications which have been updated or even removed from official app stores without their owner’s knowledge pose the biggest threat to enterprise mobile security today, according to new research from security vendor Appthority.
The firm pointed out in its Q1 mobile threat report that 5.2% of iOS apps and 3.9% of Android apps are ‘dead’ – that is, they’ve been revoked by Apple or Google.
When it comes to ‘stale apps’ – software which has since been upgraded – the figure is a higher 37.3% for iOS and 31.8% on Android.
The report explained:
“A concern with Dead Apps stems from the fact that that unlike other consumer product retailers and manufacturers, App Stores at large (Google Play, Apple App Store, Microsoft Windows Store) are under no obligation or regulatory requirements to notify users when they have revoked an app from their store. The reasons for the revocation can vary from copyright infringements to serious security/privacy concerns discovered after release of the app to the store.”
Not only do these apps have potential security/privacy flaws, but once removed from the app stores, they’re “no longer in a position to be updated for bugs, vulnerabilities, or security fixes,” Appthority said.
Stale apps present a similar risk, the report claimed:
“In many cases, users don’t update their apps to the latest versions, even though newer versions may have fixed bugs, patched vulnerabilities, or addressed security concerns. In some cases, users are still running apps that may be several versions old, which represents similar security concerns to the ones brought up by Dead Apps.”
On the plus side, however, app stores do notify users of new software versions, so it’s easier to spot and upgrade a stale app.
According to the report there are approximately 4000 mobile malware families and variants in the wild today.
Mobile RATs, banking trojans and spyware represent the biggest threats to organizations, Appthority claimed.