Threat Category: Mobile OS & Vendor Infrastructure
ID: ECO-7
Threat Description: When an application is removed from an app store, the app is not removed from devices that it is installed on. This can present a threat when the removed application is malicious, and therefore allowed to continue running on infected devices. The applications still present on mobile devices are referred to as “zombie applications”.
Threat Origin
The State of the Mobile Ecosystem, Appthority Unveils New Security Research at Black Hat 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
To reduce the time to detection, use app threat intelligence services to detect malicious or vulnerable apps installed on devices.
To reduce the risk of malicious behaviors or exploitation of vulnerable apps, deploy MDM or MAM solutions that successfully enforce policies restricting access to enterprise resources for devices running untrusted and unsupported versions of apps.
Mobile Device UserTo detect malicious or vulnerable apps installed on Android devices, use the Android Verify Apps feature.
References
“The State of the Mobile Ecosystem”, 5 Aug. 2015, https://www.helpnetsecurity.com/2015/08/05/the-state-of-the-mobile-ecosystem/ [accessed 7/27/2022] ↩