Conference Coverage

Browse Sections
This content is part of the Conference Coverage: RSA Conference 2015 special coverage: News, analysis and video
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Stale, dead apps emerging as serious mobile security risks

While there's plenty of information available today pertaining to enterprise cybersecurity risks and mitigation strategies, there is a lack of data specifically focused on the mobile security risks of employee devices and apps.

To remedy this, Appthority Inc. created its Enterprise Mobile Threat Team -- a group of researchers that looks at the mobile threat landscape and translates it into risks enterprises may encounter. Appthority also releases a quarterly "Enterprise Mobility Threat Report" to convey the team's findings.

Domingo Guerra, president and co-founder of Appthority, sat down with SearchSecurity's Sharon Shea at RSA Conference 2015 to discuss some of the key points in the company's Q1 Enterprise Mobile Threat Report.

Stale apps -- apps on employee devices that are no longer the version offered in the app store -- and dead apps -- apps no longer offered in app stores but downloaded on employee devices -- are two major security issues today, Guerra said.

"Both can be risky because they don't have the latest security patches or vulnerability fixes from the developer," Guerra said. "Or, in the case of dead apps, it's apps that could have been pulled from the app store by Google or Apple because the apps had malware or other privacy risks, or the apps didn't comply with terms and conditions advertised to users. Yet users are never notified about those; those apps are particularly worrisome because they remain on people's devices indefinitely, even if they are no longer supported or offered in app stores."

This, Guerra said, can be tricky, as malware authors may publish fake versions of legitimate apps in the app store, leading to malware infection and data exfiltration. Guerra also warned that dead apps, which account for 5% of apps on devices, are not just a BYOD issue; they are also found on corporate-owned devices with bring your own app policies.

To sum things up, Guerra also discusses enterprise mobile security strategies, the recent Google Android Security Report, and the latest techniques malware authors are using to infect mobile devices.

View All Videos