Apps are everywhere, on desktops, smartphones, laptops, tablets, netbooks and soon to be in cars and TVs as well. So many apps on so many devices lead to a lot of loose ends for enterprises and consumers alike. But the number of zombie apps is on the rise. By that I mean abandoned mobile apps that are still active and therefore a security threat and a resource drain. Will a Buffy the Zombie App Slayer ever materialize or will the zombies have to be slain and uninstalled one tedious app at a time?
There are application usage management solutions available already but they typically ignore abandoned mobile apps entirely and focus instead on managing enterprise apps or enabling enterprises to create their own app stores and apps (which inevitably ends in more zombie apps).
Pam Baker has written hundreds of articles in leading technology, business and finance publications. She has also authored several analytical studies on technology, eight books and an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG). She can be reached at [email protected] and on Twitter at @bakercom1.
Granted application management providers such as Flexera Software are working on solutions to manage zombie apps now, but nothing is ready at the moment.
Meanwhile the app graveyard is woefully under-tended and the zombies are growing both in numbers and in strength.
Sprawl as security threat
Zombie app sprawl presents new security threats in two ways: abandoned apps can still carry and spread malware and, if they are set on automatic update, they can grant themselves continuous access to information. Since zombie apps are abandoned apps and the updates are automatic, no one is aware that the apps are running in the background, much less what they’re doing back there. The consumerization of IT fuels the problem since IT no longer knows what apps are on employees’ devices in the first place.
Flexera Software says continual application readiness is in order to control such risks. “Managing the applications that have been deployed, and making sure the enterprise is efficiently managing the application estate, making sure applications are deployed and up to date, and making sure unused applications are removed from the system, should be priorities,” says Randy Littleson, vice president of Product Management at Flexera.
Application management software makers are not the only ones sounding an alarm. Symantec is already warning enterprises “that the majority of the malicious code for mobile devices we see today are Trojanized legitimate apps.” Imagine an army of those on any number of devices eating away at company information. “So, in terms of enterprise concerns, this should be a big one,” says Khoi Nguyen, senior product manager of the Enterprise Mobility Group at Symantec.
Brains, zombie apps want brains, as we told you web apps are wont to do in an earlier post. If you don’t want your company data to fill that appetite, something must be done to actively zap the threat. But for the moment, that entails one uninstall at a time and a diligent policy and education program to make sure your employees know when and how to pull the trigger