nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Apple needs silver bullet to slay App Store's escaped undead – study

Zombies should be exorcised from gadgets they infect

By John Leyden, 6 May 2016

Online software bazaars – such as Apple's App Store and Google Play – need to claim responsibility for "dead applications" and notify people when their programs have been revoked or removed, a study by security firm Appthority recommends.

“Dead apps” are those that have been removed from an app store, but remain on devices – if they're not good enough or are harmful for new downloaders, they're probably not good enough for those already running them, to put it bluntly. Dodgy apps on Google Play has been an issue for years but over the past six months or so the issue has also cropped up on he official Apple App Store.

The iGiant's walled garden was once considered a safe haven of calm. However, the unwelcome arrival of six major iOS security vulnerabilities and exploits in the past seven months has, for some, changed that perception right around.

Threats such as Quicksand, JSPatch, XCodeGhost, AceDeceiver, YouMi and MobiSage have shaken assumptions and made mobile security a more important issue for enterprises and casual App Store users alike. More than 960 apps infected with JSPatch were found on enterprise customer devices, Appthority reports.

When these evil programs are found and thrown out of stores, they should be thrown out of devices, too, it's recommended.

The mobile security firm further argues that Google's Verify Apps feature addresses malware, but it can't stop all malicious code from running, especially since security patching on the platform is somewhat lagging. ®

Sign up to our Newsletter

Get IT in your inbox daily

The Register - Independent news and views for the tech sector. Part of Situation Publishing