Why Macs and iPhones should avoid installing ‘orphan’ apps


Protect Your Access to the Internet

There are many reasons any business with a connected fleet of tech products needs robust security policies in place. But the need to protect the enterprise against vulnerabilities inherited with third-party software must be among the biggest motivators. While I shouldn’t need to convince Computerworld readers to keep things locked down, I want to reprise two recent reports to reinforce the warning.

Half of all macOS malware comes from one app

Elastic Security Labs (via 9to5Mac) recently estimated that half of all macOS malware is installed as a result of poor management of the MacKeeper utility app. The report said almost 50% of Mac malware arrives through its installation.

What the utility does is optimize Mac performance and monitor the internal resources of the computer; the problem is that to do so requires the user give it permission to access critical processes and files. It isn’t the app that’s at fault per se, but those permissions make it an attractive target for adversaries who seek weak points in it to undermine system security.

The impact?

Rather than being protected by all the system-level security settings inherent in Apple’s desktop platform, MacKeeper users find their systems protected only by the inherent security of the app, which seems to be less secure, given how often Elastic Security Labs claims it is used to make an attack. This is the danger of any software granted inherent system privileges, but it is also the risk you take when using any form of third-party software on a Mac, iPhone, PC or iPad that hasn’t been updated for a while.

Millions of apps are orphans

Fresh research from fraud protection firm Pixalate (full report here) claims more than 1.76 million apps currently available on either the Google Play Store or Apple App Store have not been updated in two years or more. The researchers also identified 324,000 apps that have seen no maintenance updates of any kind for more than five years.