The top ten mobile device risks

Introducing smartphones into the business environment has increased the risks to businesses, especially to those that have adopted a BYOD policy.

Nowadays, smartphones have access to user’s personal contact and media files as well as business emails, contacts and shared documents. Therefore, smartphones have increased the likelihood of an attack on both personal and business information.

Luckily, the smartphone, while on the face of it a completely new category of computing device, underneath still uses many of the same classic architectural features of the desktop environment:

  1. a client-server architecture for communicating with outside data providers, and

  2. files and self-contained databases (SQLite) for storing user data locally.

This commonality with the desktop environment has allowed organisations like the Open Web Application Security Project (OWASP) to use the same methodology to identify the top risks for mobile devices.

Top ten mobile risks

OWASP have produced a list of the Top Ten Mobile Risks, and this has been adopted by the software security industry as an industry standard and reference.

As of 2014, the top ten risks were:

  • M1: Weak Server Side Controls
  • M2: Insecure Data Storage
  • M3: Insufficient Transport Layer Protection
  • M4: Unintended Data Leakage
  • M5: Poor Authorization and Authentication
  • M6: Broken Cryptography
  • M7: Client Side Injection
  • M8: Security Decisions Via Untrusted Inputs
  • M9: Improper Session Handling
  • M10: Lack of Binary Protections

Share this article:

This article is from the free online course:

Secure Android App Development

University of Southampton