Question

find articles that deal with application or mobile device security and those types of attacks. You should have a large depository of these kinds of articles, especially in the mobile device security arena. Where are the biggest issues?

Answer 1

Application or mobile device security arena, related types of attacks, and the areas where the biggest issues are:
From the Mobile application issues, attacks, and its security perspectives, all types of mobile phone with their different OSs, their manufacturer company, their app store, and the applications available in these stores are the threats, many of the applications available in these platforms have biggest issues, are vulnerable to attacks, and a lot of customers or users' data are shared and compromised by attackers hacking the users' mobile phones, the apps, other apps downloaded, installed, and run on the phone. These attacks happen mostly because of the app stores such as Google's PlayStore, Apple's iTunes and its app store, Windows Store, etc.

* The app stores miss on monitoring and detecting any potential malware which would be in the codes of the applications developed by the vendor companies or individuals, which they would intentionally place such malware so they can attack users' phones, gather their data, and misuse for their personal use or monetary gains.
* The next issue occurs when the users download, install and run the apps on their phone giving those apps all the permissions they state to be required to run the app effectively. These permissions are often given by the users to view, monitor, use, and share their data for the app developers or company's purposes, share it with their (app developer company's) partner or customer companies for marketing, selling, and advertisements of their products and services for the mobile phone customers to purchase or subscribe for, or share it with government and other related agencies for surveillance, monitoring, law regulation, and enforcement purposes.

Some of the biggest issues and risks the mobile phone users experience across the world are:
* Mobile OS attacks are due to the issues, bugs, or loopholes in the Operating Systems are the main cause for vulnerabilities open to the bad guys to attack and hack.
* Physical (the actual mobile phone device) security.
* Issues and attacks due to unencrypted, no encryption, or weakly encrypted messages, calls, texts, emails, and apps.
* Logging of multiple users.
* Issues in the security of data storage.
* Browsing, navigating through, exploring both, offline and online on mobile phones.
* Issues experienced due to the improper management of isolation of applications used on mobile phones.
* System, OS, applications, and important security updates and patches.
* Issues in the coding of different mobile devices.
* Issues in mobile apps due to poor or bad coding; with inappropriate, irrelevant, and unnecessary permissions to be given the apps; improper development of the apps create vulnerabilities and compromise mobile phone and app security.
* Attacks through Bluetooth networks.
* In general, users and companies experience issues in protecting sensitive data and information of the customers.
* Any and all malicious attacks on mobile phones and applications.
* The mobile communication networks such as Bluetooth and Wi-Fi (unsecured) connections are also attacked making the devices vulnerable.
* Malware attacks on mobile phones and apps in them delete files, app data and other data creating confusion, chaos, and loss.
* Serious threats are found in newly added features and updates on the mobile phones and the apps on them.
* Stealing of users' mobile phones is a physical security threat.
* Leakage of data.
* Spoofing of networks.
* Attacks due to spam messages, texts, SMSs, emails push notifications, calls (from unknown numbers), etc.
* Unnecessary, dangerous, phishing, illegitimate advertisements, links, banners, etc., popping up while browsing the Internet on the phone or simply using the apps running them.
* Issues and attacks due to hidden spyware on the phone.
* Attacks could be due to any broken cryptography.
* Any improper handling of sessions.