Increasingly sophisticated software engineering techniques have resulted in more and more complicated mobile software, and thus increased capabilities and intelligence in mobile devices. At the same time, the volume of high-end mobile devices is increasing rapidly in both the enterprise and public sectors, gradually refocusing the target group from IT professionals to average-skilled end users.
This creates new possibilities for malicious parties, who are usually motivated by possible access to the valuable information stored in mobile devices. The amount of attempted hacking will increase in proportion to the benefits gained.
Threats can be classified and sorted in a number of ways. The following list itemizes the most common reasons for security breaches, in descending order of frequency:
Intentional hostile action, where an attacker is deliberately trying to harm the system
Administrative flaws in the management of a device (for example, in a security area)
User mistakes, such as deletion of critical information or typing errors
Technical failures that cause data corruption, deletion, or inaccessibility
Other unpredictable or unavoidable failures and incidents that cannot be prevented (usually system wide)
There are different types of malicious software that software developers and security personnel need to be aware of when designing new applications. The following common classifications are based on the way these programs spread.
Software that needs a host to spread:
Backdoors and trapdoors: Refers to a debug-type entrance to programs, for example, access via a hard-coded password.
Logical bombs: Under certain conditions, the software "explodes" — that is, it stops working or corrupts data. Like backdoors, also the logical bombs can be unintentional; that is, there is a bug in the application that the developer has not discovered in the testing phase. There is by no means any intention of writing badly-behaving or malicious software.
Trojan horses: Refers to useful-looking software that acts maliciously without notifying the user.
Viruses: These infect other software by modifying them to reproduce new viruses.
Software that spreads independently:
Bacteria(also known as rabbits): Their only purpose is to reproduce themselves as quickly as possible to jam the system and its services. A single unit of bacteria is not usually dangerous because their strength comes from a large quantity.
Worms: Spread through networks and can act in a system like bacteria or a virus.
These classifications are not strict or self-contained. For example, a worm can be used to install a Trojan horse into a system. The Trojan horse can then be used to activate a backdoor or logical bomb. Common to all these malicious programs is that they can function as flexibly as normal software, thus restricting and controlling the access rights of normal software is also a necessary precaution to effectively protect the system. Beginning with Symbian OS v9.1, control and authentication of access rights is performed by platform security mechanisms.