The ever-increasing prevalence of mobile devices brings with it a slew of security problems. Applications running directly on mobile devices (and web apps optimized for mobile clients) are ripe for the picking even by unsophisticated attackers. The attack classes that once applied to traditional network-facing, fat client, and web applications are now valid for mobile apps, as well. Insecure authentication and access control; home-grown crypto; and memory management problems are just some of the issues resurfacing on this new frontier. This presentation will discuss the security of some of the most popular applications running on mainstream mobile platforms such as Android, iPhone, Blackberry, and Windows Mobile.
