Conference Coverage

Browse Sections
This content is part of the Conference Coverage: RSA Conference 2015 special coverage: News, analysis and video
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Stale, dead apps emerging as serious mobile security risks

While there's plenty of information available today pertaining to enterprise cybersecurity risks and mitigation strategies, there is a lack of data specifically focused on the mobile security risks of employee devices and apps.

To remedy this, Appthority Inc. created its Enterprise Mobile Threat Team -- a group of researchers that looks at the mobile threat landscape and translates it into risks enterprises may encounter. Appthority also releases a quarterly "Enterprise Mobility Threat Report" to convey the team's findings.

Domingo Guerra, president and co-founder of Appthority, sat down with SearchSecurity's Sharon Shea at RSA Conference 2015 to discuss some of the key points in the company's Q1 Enterprise Mobile Threat Report.

Stale apps -- apps on employee devices that are no longer the version offered in the app store -- and dead apps -- apps no longer offered in app stores but downloaded on employee devices -- are two major security issues today, Guerra said.

"Both can be risky because they don't have the latest security patches or vulnerability fixes from the developer," Guerra said. "Or, in the case of dead apps, it's apps that could have been pulled from the app store by Google or Apple because the apps had malware or other privacy risks, or the apps didn't comply with terms and conditions advertised to users. Yet users are never notified about those; those apps are particularly worrisome because they remain on people's devices indefinitely, even if they are no longer supported or offered in app stores."

This, Guerra said, can be tricky, as malware authors may publish fake versions of legitimate apps in the app store, leading to malware infection and data exfiltration. Guerra also warned that dead apps, which account for 5% of apps on devices, are not just a BYOD issue; they are also found on corporate-owned devices with bring your own app policies.

To sum things up, Guerra also discusses enterprise mobile security strategies, the recent Google Android Security Report, and the latest techniques malware authors are using to infect mobile devices.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I can certainly see how stale and dead apps pose a potentially severe security risk. It’s easy to see, as the article points out, that dead apps account for 5% of apps on devices. I suspect that refers to only primary devices, and that there are many devices out there that have a much larger number. One example is when someone gets a new phone, and converts their old phone into a dedicated MP3 player or dash cam. I’m willing to bet that there are a lot of devices used for those purposes, and that they have a much higher percentage of stale and/or dead apps on them.
Well said. The growth of the Internet and increase in adoption of devices and apps has brought a new set of security challenges. One needs to be extra careful while downloading an app.

With BYOD, IoT, Mobile banking and m-commerce trending worldwide, the need of hour is to be aware and proactive towards mobile security. It's a priority for us at Appknox (

We offer peace of mind to brand owners and the developers who create and maintain apps by doing regular security audits of their work, and alerting them to new vulnerabilities as they arise.