Zombie Apps are a growing threat in mobility. Find out how they work and how to defend against them.
I'm a huge fan of the AMC television series "The Walking Dead," which depicts a zombie apocalypse and the sociological results thereof (though the word "zombie" is never actually mentioned on the show, as far as I know). Unfortunately, the program is on hiatus but I've been reading up on a different kind of zombie as of late: the zombie app.
What is a Zombie App?
This new phrase as it applies to mobility threats is not to be confused with the same term which, as TechCrunch explained last January, refers to "apps can only be discovered [in an online store] by searching for a specific type of app, or by searching for the app's name directly" - in other words, those which do not appear in any category lists or ranks.
This kind of zombie app is much more sinister. When a program is removed from an app store (say, because it's defunct or no longer supported or was revoked from the app store because of a security issue that was missed in the pre-release checks), it might still remain on user mobile devices but will no longer be updated. If it contains vulnerabilities it might be susceptible to exploitation by third parties, such as through an unrelated app which can take control of the vulnerable one. Worse, hackers and would-be thieves might offer fake app updates to take advantage of these bugs which can put user information and data at risk. For instance, they may register domain names once associated with the defunct apps and push "drive by downloads" upon unsuspecting users.
The problem is compounded by the fact that app stores such as Google Play and Apple iTunes are not required by any regulation to do any kind of product recall let alone notify users who have downloaded an app that an App was revoked from the store.
How can I combat Zombie Apps?
The first and most obvious answer is to keep an eye on any outdated apps and remove them if you don't need them. If you're an Android user, you can install utilities such as Notification History or App Install History to keep track of when apps were last updated. On iOS 8, you can simply swipe from the top of your screen and tap "Notifications" to review your app update history. If you need an app for the functions it provides but its old and outdated it may be worth finding an alternative that is more recent and performs the same function.
However, if you support multiple mobile devices, such as in an enterprise environment, you may need a better solution. Centralized mobile device management which provides the ability to analyze apps and find risks can come in handy. One such example of a solution is Appthority.
Appthority offers enterprise mobile risk management solutions. They recently released an Enterprise Mobile Threat report for Q1 of 2015 which indicates that "close to 80 percent of mobile apps exhibit hidden behaviors that put sensitive corporate data at risk." As a result, they've developed a mobile app to manage this risk. Their policy management engine works in conjunction with "a database of millions of analyzed public and enterprise mobile apps to speed app review and approval and enforcement of custom use policies for thousands of employees within minutes."
How does this work?
Appthority is able to identify Zombie Apps which are no longer in the Google or Apple online app stores and they attempt to establish the circumstance surrounding the removal of the app (for instance, the use of private APIs, malicious code/URLs, or previous cases of signatures that would identify an app being investigated as malicious). Additionally, they check to see if the developer/service behind the app is still active or was revoked from the store and scan the URLs associated with the app to see if they are still live or have expired and could therefore be subjected to hijacking. Their technique "employs deep dynamic and behavioral analysis to immediately discover the hidden actions of apps."
"This year, we'll likely see the first corporate breach traced back to a mobile app," said Domingo Guerra, president and co-founder, Appthority. "The enterprise is experiencing a massive influx of new end-user devices and apps that offer new ways to perform workday tasks. To help our customers protect themselves against mobile app threats, we've developed new on-device features that allow enterprises to tailor their mobile security policies and immediately detect and manage risky apps. Using the new Appthority mobile app, employees can be proactive and search for apps and learn about any possible risks before they install apps on their devices. Further, our new Mobile Threat Team enables companies to stay one step ahead of the latest mobile threats and will give them actionable insight to protect their organizations from malware and hidden risky mobile app behaviors."
"Our engines have identified a high number of Zombie Apps in enterprise environments," added Irfan Asrar, Lead Researcher at Appthority. "As many as 5.2% of apps on iOS devices and 3.9% of apps on Android devices are Zombie Apps which have been previously removed from iTunes and Google Play."
Appthority also provides tools such as malware detection, customizable risk management policies, compliance monitoring, whitelist browsing, and a dashboard showing the status of apps, devices and policies.
The mobile landscape got something of a pass for a while in terms of security threats; hackers and virus writers were more focused on juicier targets in the form of desktops and servers. With the growing ubiquity of mobility, however, the bad guys have rushed to fill the void, much the same as water will always flow to the lowest possible place. Zombie survival strategies on "The Walking Dead" generally involve barricades, but that doesn't work in the mobility realm where constant ongoing interaction with others is by definition the essence of mobility. Companies that wish to come out ahead of the zombie horde will need to stay aware of the risks, formulate clear-cut security strategies, and leverage available tools to remain in the running.