diff --git a/src/apps.js b/src/apps.js
index 3c0a4151d..cd7ad2def 100644
--- a/src/apps.js
+++ b/src/apps.js
@@ -402,8 +402,15 @@ function removeRestrictedFields(app) {
 }
 
 function getIconUrlSync(app) {
-    var iconPath = paths.APP_ICONS_DIR + '/' + app.id + '.png';
-    return fs.existsSync(iconPath) ? '/api/v1/apps/' + app.id + '/icon' : null;
+    const iconUrl = '/api/v1/apps/' + app.id + '/icon';
+
+    const userIconPath = `${paths.APP_ICONS_DIR}/${app.id}.user.png`;
+    if (safe.fs.existsSync(userIconPath)) return iconUrl;
+
+    const appstoreIconPath = `${paths.APP_ICONS_DIR}/${app.id}.png`;
+    if (safe.fs.existsSync(appstoreIconPath)) return iconUrl;
+
+    return null;
 }
 
 function postProcess(app, domainObjectMap) {
diff --git a/src/apptask.js b/src/apptask.js
index 76af9f2a5..637b679c8 100644
--- a/src/apptask.js
+++ b/src/apptask.js
@@ -420,10 +420,15 @@ function removeIcon(app, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    fs.unlink(path.join(paths.APP_ICONS_DIR, app.id + '.png'), function (error) {
-        if (error && error.code !== 'ENOENT') debugApp(app, 'cannot remove icon : %s', error);
-        callback(null);
-    });
+    if (!safe.fs.unlinkSync(path.join(paths.APP_ICONS_DIR, app.id + '.png'))) {
+        if (safe.error.code !== 'ENOENT') debugApp(app, 'cannot remove icon : %s', safe.error);
+    }
+
+    if (!safe.fs.unlinkSync(path.join(paths.APP_ICONS_DIR, app.id + '.user.png'))) {
+        if (safe.error.code !== 'ENOENT') debugApp(app, 'cannot remove user icon : %s', safe.error);
+    }
+
+    callback(null);
 }
 
 function cleanupLogs(app, callback) {
diff --git a/src/routes/apps.js b/src/routes/apps.js
index 283c1eb52..50da3ba61 100644
--- a/src/routes/apps.js
+++ b/src/routes/apps.js
@@ -31,9 +31,7 @@ var apps = require('../apps.js'),
     AppsError = apps.AppsError,
     assert = require('assert'),
     auditSource = require('../auditsource.js'),
-    config = require('../config.js'),
     debug = require('debug')('box:routes/apps'),
-    fs = require('fs'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     paths = require('../paths.js'),
@@ -67,11 +65,13 @@ function getApps(req, res, next) {
 function getAppIcon(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
-    var iconPath = paths.APP_ICONS_DIR + '/' + req.params.id + '.png';
-    fs.exists(iconPath, function (exists) {
-        if (!exists) return next(new HttpError(404, 'No such icon'));
-        res.sendFile(iconPath);
-    });
+    const userIconPath = `${paths.APP_ICONS_DIR}/${req.params.id}.user.png`;
+    if (safe.fs.existsSync(userIconPath)) return res.sendFile(userIconPath);
+
+    const appstoreIconPath = `${paths.APP_ICONS_DIR}/${req.params.id}.png`;
+    if (safe.fs.existsSync(appstoreIconPath)) return res.sendFile(appstoreIconPath);
+
+    return next(new HttpError(404, 'No such icon'));
 }
 
 function installApp(req, res, next) {
diff --git a/src/server.js b/src/server.js
index 58a3bdfce..befb951d0 100644
--- a/src/server.js
+++ b/src/server.js
@@ -18,7 +18,6 @@ var accesscontrol = require('./accesscontrol.js'),
     middleware = require('./middleware'),
     passport = require('passport'),
     path = require('path'),
-    provision = require('./provision.js'),
     routes = require('./routes/index.js'),
     ws = require('ws');