Despite various efforts to secure the mobile platform, the user has been and remains the main Achilles heel. This is because it is very likely that some customers will do some risky things with their mobile devices, be it through deliberate intent or ignorance.
The so-called jail breaking or rooting of mobile devices, for example, is widespread. It enables the user to receive administrator rights on his device. For example, software may be installed from unauthorized sources, but this also increases the risks of picking up malicious code.
Mobile devices can also be compromised via a Wi-Fi connection to free networks, a circumstance that many users are unaware of. There is also a risk when users postpone critical security updates to their device. Each of these attack vectors on its own poses a real challenge.
The increase of malicious apps
According to McAfee Labs’ 2017 report, there were 57 million malware detected, a new record high, with mobile malware accounting for over 20 million of these. The number of applications that Google banned from the App Store within the same period was 700,000. But this is not the only bad news because malware is becoming more complex and sophisticated. It's not just about faking apps anymore. In fact, parts of the code of an app can be abused. This means that the app itself becomes a threat, even if it has been carefully programmed.
Examples of advanced threats to mobile application environments include corruption of the run-time environment. If an application’s sandbox on a rooted device is interrupted, the data stored on the device can be sent out or manipulated by any other application. For example, malware with root privileges can access the user's banking credentials. Spyware agencies are also cashing in by providing relatively cheap phone espionage services.