Don’t look now, but the dead still live among us. Okay, it might not be a horror film, but zombies are everywhere, just not in the way they’re portrayed in the movies or on television.
I’m talking about zombie apps found on people’s smartphones, and they pose a significant problem when it comes to the enterprise, more specifically when companies have adopted a bring your own device (BYOD) policy. These types of policies allow employees to use their personal devices for work, but irresponsible behaviors may lead to serious security concerns, particularly when dealing with zombie apps. Don’t let the clever name fool you; we’re not talking about gaming apps where you shoot up wave after wave of zombies. These apps are far more sinister in nature, and they could put your business at risk.
Of course, the obvious question many people as is, what exactly is a zombie app? Put simply, a zombie app happens when a normal app that’s been installed on a device is removed from the app store and doesn’t receive any more support, yet it still remains on the device. The problem is more prevalent than you might think. In fact, in just the past few years among enterprise employees, it has become more widespread — an outbreak, if you will. A study of employee smartphones from mobile app security company Appthority shows that more than 5 percent of iOS apps and nearly 4 percent of Android apps have become zombified. And in case you think your company has been spared this unfortunate plague, in all the businesses that were part of this study, not a single one was found to be zombie app-free.
So zombie apps are everywhere, but some may see a lack of support from an app store as not that big of a deal. In reality, the danger to business security and corporate data is too large to ignore. Zombie apps can prove risky in several ways. One ties directly into the possible reason the app was removed from the app store in the first place. Many apps are removed because they prove to be insecure or they’re discovered to contain malware, either accidentally or purposely. Due to security standards, app stores will quickly get rid of these apps to avoid the spread of malware on mobile devices. Another way zombie apps can be dangerous is the possibility for criminal third parties to hijack the update process without the user’s knowledge, instead using it to update the app with malware and infect the device. In either case, it’s easy to see how many security experts view zombie apps as a bigger security risk than mobile malware itself.
Part of the difficulty in dealing with zombie apps is the fact that they are so tough to identify. App stores do their due diligence taking insecure apps off their digital shelves, but they don’t bother with immediately removing them from devices that installed them, even though the capability exists. In the case of the Google app store, users need to activate the function on their respective devices. At the same time, if an app is removed, those who installed it aren’t alerted to the fact, nor are they told why the removal happened. This lack of immediate removal and notification leads to the growth and spread of zombie apps on employee smartphones. Some mobile device management companies are trying to create methods in which zombie apps are identified and removed from devices, but more work still needs to be done to make it a common practice on the enterprise level.
Complicating the problem is the general lack of security apps installed on BYOD smartphones. While companies that have implemented a BYOD policy may require employees to install such apps, enforcing the rule is a much different problem. Workers may also have a host of apps that haven’t been updated in some time. Since many updates feature new fixes and security upgrades, having an outdated app is almost as bad as having a zombie app. Employees need to be trained to regularly update their apps if companies want the BYOD security risks to be minimized.
Zombie apps aren’t just a sensational term; they’re a notable problem that BYOD companies will need to tackle before the risks truly reach epidemic proportions. You’ll need to take a “shoot it in the head” approach by educating workers on the risks and ensuring any zombie apps are removed from devices. With the risks dealt with, you’ll be able enjoy the benefits of BYOD without the security worries.
About the Author:
Rick Delgado is a technology commentator and writer.