The rapidly rising demand for mobile devices is also accompanied by an increase in mobile platform options and the need for high security. Examples of malware on the popular platforms include DroidDream (Android), Ikee (iOS) and Zitmo (Windows and Android).
The Open Web Application Security Project (OWASP) Mobile Top 10 2016 includes “Improper Platform Usage” as one of the top 10 risks to mobile security:
This category covers misuse of a platform feature or failure to use platform security controls. It might include Android intents, platform permissions, misuse of TouchID, the keychain, or some other security control that is part of the mobile operating system.
The impacts of this risk are hard to describe. Mobile platforms provide many different services, from authentication to secure data storage to secure network communications. Failing to use some part of the platform correctly, therefore, could expose data, allow connections to untrusted hosts, or enable fraudulent payments. Privacy and permissions in mobile apps are also the domain of the platform. Thus, a failure to use the platform’s features could expose the end user to a privacy risk.