Mobile & Application Security Glossary
The essential terms behind mobile and application security, from Mobile Threat Defense to RASP, phishing to code obfuscation, and the regulations that govern them. Search a term or browse by category, and tap any card for the full definition.
Malware
Any software built to harm, exploit or gain unauthorised access to a device, app or network. Mobile malware includes trojans, spyware and adware, often hidden inside apps that look legitimate.
Why it matters: Mobile malware is increasingly sophisticated and evades basic checks, so automated, behaviour-based detection is essential.
Spyware
Malware that covertly gathers data from a device, such as messages, location, contacts, keystrokes or camera and microphone feeds, and sends it to an attacker.
Why it matters: On mobile, spyware can turn a phone into a surveillance device, threatening both privacy and corporate confidentiality.
Stalkerware
Commercially available spyware marketed to monitor another person, often installed with brief physical access to their phone to track location, messages and calls.
Why it matters: It blurs the line between consumer app and surveillance tool, and can quietly expose highly sensitive personal data.
Ransomware
Malware that encrypts a victim's data or locks a device, then demands payment to restore access. Mobile variants may lock the screen or hold app data hostage.
Why it matters: As more business runs on mobile, a locked device can halt operations and pressure victims into paying.
Leakware
Extortion malware that threatens to publish stolen confidential data unless a ransom is paid, sometimes called doxware. The pressure comes from exposure, not encryption.
Why it matters: Mobile apps hold contacts, messages and documents, exactly the sensitive data leakware weaponises.
Adware
Software that aggressively displays or injects advertisements, often bundled into free apps and sometimes tracking users or redirecting them to malicious pages.
Why it matters: Beyond being intrusive, adware can degrade device performance and act as a gateway to more harmful payloads.
Banking Trojan
Malware that targets mobile banking and payment apps, typically stealing credentials through fake login screens or by intercepting one-time codes.
Why it matters: It directly targets financial data and can bypass some authentication, making it a high-impact mobile threat.
Keylogger
A tool that records keystrokes on a device to capture passwords, messages and other typed information without the user's knowledge.
Why it matters: On mobile, keyloggers can harvest credentials for both personal and corporate accounts in the background.
Rootkit
Malicious software that gains privileged (root) control of a device while actively hiding its own presence from users and security tools.
Why it matters: By operating at a deep level, rootkits are hard to detect and can neutralise other protections on the device.
Botnet
A network of compromised devices controlled remotely by an attacker, used to send spam, launch attacks or commit fraud. Infected phones can be silently enrolled.
Why it matters: A device in a botnet consumes resources and lends its identity to attacks, often without the owner noticing.
Cryptojacking
The unauthorised use of a device's computing power to mine cryptocurrency, usually via a malicious app or script running in the background.
Why it matters: It drains battery, degrades performance and shortens device lifespan while quietly profiting the attacker.
Phishing
A social-engineering attack that tricks people into revealing credentials or data, or installing malware, by impersonating a trusted brand or contact.
Why it matters: Small screens hide URLs and mix personal and work channels, making phishing especially effective on mobile.
Spear Phishing
A targeted phishing attack tailored to a specific person or organisation, using personal details to appear highly convincing.
Why it matters: Its personalisation makes it far more effective than mass phishing, especially on mobile devices.
Smishing SMS Phishing
Phishing carried out via SMS or messaging apps, using fraudulent texts to lure victims into clicking malicious links or sharing information.
Why it matters: Text messages have high open rates and feel personal, making smishing a fast-growing mobile threat.
Vishing Voice Phishing
Phishing over a phone call, where an attacker impersonates a trusted party to manipulate the victim into revealing information or taking a harmful action.
Why it matters: Vishing exploits trust in voice and often works alongside smishing and email in multi-channel attacks.
Quishing QR-code Phishing
Phishing that uses malicious QR codes to send victims to fraudulent sites or trigger harmful downloads once scanned with a phone.
Why it matters: QR codes hide their destination and are trusted in public spaces, giving attackers an easy mobile entry point.
Man-in-the-Middle Attack MitM
An attack where a malicious actor secretly intercepts, and possibly alters, communication between two parties, such as an app and its server, often over untrusted Wi-Fi.
Why it matters: MitM can steal credentials and session tokens in transit; encryption and certificate pinning are key defences.
Man-in-the-Disk
An attack that abuses shared external storage on a device to tamper with data that apps read from or write to it.
Why it matters: Apps that trust shared storage without validation can be manipulated or crashed, opening the door to code injection.
Overlay Attack
A technique where malware draws a fake screen on top of a legitimate app to capture credentials or trick users into approving actions.
Why it matters: Because the overlay looks like the real app, users hand over data or permissions without realising it.
Tapjacking
An attack that tricks a user into tapping something different from what they see, by overlaying or disguising interface elements.
Why it matters: It can silently grant permissions or trigger actions the user never intended.
SIM Swapping
A fraud where an attacker convinces a carrier to move a victim's phone number to a new SIM, hijacking calls and SMS, including one-time codes.
Why it matters: It defeats SMS-based authentication and can lead to full account takeover.
Evil Twin Rogue Wi-Fi
A fraudulent Wi-Fi access point that mimics a legitimate network to lure devices into connecting so traffic can be intercepted.
Why it matters: Once connected, users are exposed to interception and man-in-the-middle attacks without any obvious sign.
Zero-Day Vulnerability
A security flaw unknown to the vendor with no fix available at the time it is discovered or exploited, leaving defenders zero days to prepare.
Why it matters: Zero-days power the most advanced mobile attacks, which is why behaviour-based detection matters alongside patching.
Zero-Click Attack
An attack that compromises a device without any user interaction, for example through a crafted message processed automatically by the phone.
Why it matters: With nothing to click, users cannot avoid it through caution alone, raising the bar for on-device defence.
Pegasus & Graphite Mercenary Spyware
Highly sophisticated commercial spyware sold to state and private clients, able to covertly compromise a smartphone, often via zero-click exploits, to access messages, calls, camera and microphone.
Why it matters: They prove even fully updated devices can be targeted, underlining the need for continuous on-device detection.
App Repackaging App Cloning
Modifying a legitimate app and redistributing it, often with malicious code added, under the guise of the original.
Why it matters: Repackaged apps trade on a trusted brand to spread malware and harm both users and the app owner's reputation.
PUA Potentially Unwanted Application
Software that is not outright malware but behaves in unwanted ways, such as excessive data collection, intrusive ads or hidden tracking.
Why it matters: PUAs blur the line between legitimate and malicious and can quietly leak data from corporate devices.
Credential Stuffing
An automated attack that tries stolen username-password pairs across many services, exploiting the habit of reusing credentials.
Why it matters: Reused mobile-app credentials let one breach cascade into many account takeovers.
Supply Chain Attack
An attack that compromises a trusted third party, such as a library, SDK or build tool, to reach the apps and organisations that depend on it.
Why it matters: A single tainted component can silently affect every app that includes it, at massive scale.
Data Leakage
The unauthorised transfer of sensitive data from a device or app to an external destination, through malicious code, an over-permissive app or a misconfiguration.
Why it matters: Uncontrolled leakage can breach regulations such as GDPR and erode customer trust.
MTD Mobile Threat Defense
A solution that detects and responds to threats targeting mobile devices, spanning app, network and device-level attacks such as malware, phishing and espionage, across Android and iOS.
Why it matters: Management tools alone cannot stop active attacks; MTD adds continuous, automated detection and response without disrupting users.
Mobile EDR
Endpoint Detection and Response applied to smartphones and tablets: continuous monitoring, investigation and automated response on mobile endpoints.
Why it matters: Mobile devices are full endpoints handling corporate data, yet are often less monitored than laptops; Mobile EDR closes that gap.
EDR Endpoint Detection and Response
A security approach that continuously monitors endpoints to detect suspicious activity, investigate incidents and respond, originally built for laptops and servers.
Why it matters: It shifts security from prevention only to detection and response, a model now extended to mobile.
XDR Extended Detection and Response
A platform that correlates detection and response across multiple layers, endpoints, network, cloud and email, for a unified view of threats.
Why it matters: Feeding mobile signals into XDR helps security teams see attacks that span several channels.
Mobile Threat Intelligence
Curated analysis of the security posture of public mobile apps, evaluating them for vulnerabilities, privacy risks and malicious behaviour before use.
Why it matters: It lets organisations vet apps and anticipate risks before they reach devices.
Secure Private Store
A company-branded, private app store to distribute and secure corporate apps and documents on employees' or partners' devices, without managing the devices themselves.
Why it matters: It enables secure BYOD and external collaboration by protecting data at the app level rather than the whole device.
Jailbreaking
Removing Apple's restrictions on an iOS device to gain privileged access and install software from outside the App Store.
Why it matters: A jailbroken device loses key built-in protections, making it far easier for malware to reach corporate apps.
Rooting
Gaining privileged administrator access on an Android device, bypassing the manufacturer's restrictions.
Why it matters: Rooted devices lose important safeguards and are a common target for malware and data theft.
Sideloading
Installing an app from a source other than an official app store, such as a file or a third-party store.
Why it matters: Sideloaded apps skip official vetting, a frequent route for malware onto corporate devices.
Device Attestation
A process that cryptographically verifies a device's integrity and state, confirming it has not been tampered with or compromised before granting access.
Why it matters: It gives apps and services trustworthy proof of device health, a building block of Zero Trust.
Sandboxing
Isolating an app so it runs in a restricted environment, limiting its access to the rest of the system and other apps' data.
Why it matters: Sandboxing contains the damage a malicious or buggy app can do, a core mobile-OS defence.
Biometric Authentication
Verifying identity using physical traits such as fingerprint or face recognition, widely used to unlock devices and approve actions in apps.
Why it matters: Biometrics improve usability and security but must be implemented carefully to avoid introducing new risks.
MDM Mobile Device Management
Software that lets IT enrol, configure, monitor and remotely wipe mobile devices from a central console, enforcing policies such as passcodes and app restrictions.
Why it matters: MDM manages devices but does not detect active threats, so it is most effective paired with Mobile Threat Defense.
EMM Enterprise Mobility Management
A framework combining device, application and content management with identity controls to secure enterprise mobility.
Why it matters: EMM handles management, not threat detection, which is why it is often complemented by an MTD layer.
UEM Unified Endpoint Management
A platform that unifies the management of all endpoints, mobile, laptops and desktops, from a single console, evolving from MDM and EMM.
Why it matters: UEM streamlines management across device types but still needs a dedicated threat-defence layer.
MAM Mobile Application Management
Managing and securing specific apps and their data, rather than the entire device, including deployment, configuration and selective wipe.
Why it matters: MAM is ideal for BYOD, protecting corporate apps without controlling the user's personal device.
BYOD Bring Your Own Device
A policy that lets employees use personal smartphones and tablets to access corporate resources such as email, files and applications.
Why it matters: BYOD boosts flexibility but personal devices sit outside direct control, so data must be protected without invading privacy.
COPE Corporate-Owned, Personally Enabled
A model where the company owns the device but allows limited personal use, balancing control with employee flexibility.
Why it matters: COPE gives IT more control than BYOD while keeping devices usable for staff.
CYOD Choose Your Own Device
A model where employees pick from a company-approved list of devices, which the organisation then manages and secures.
Why it matters: CYOD narrows the range of devices to support, simplifying security and compatibility.
COBO Corporate-Owned, Business-Only
A model where company-owned devices are restricted to business use, with personal use disabled.
Why it matters: COBO maximises control and is common in high-security or frontline environments.
Containerization
Separating corporate apps and data from personal content on the same device using an isolated, encrypted container.
Why it matters: It lets organisations secure and wipe business data without touching the user's personal side, key for BYOD.
Remote Wipe
The ability to erase data from a device remotely, either fully or selectively, for example when it is lost, stolen or an employee leaves.
Why it matters: It limits data exposure when a device is out of the organisation's hands.
Geofencing
Using a device's location to apply security policies within virtual boundaries, such as restricting features in certain areas.
Why it matters: It lets organisations enforce context-aware rules, for instance disabling cameras on secure sites.
MAST Mobile Application Security Testing
Automated analysis of Android and iOS apps to uncover security flaws, privacy issues and unwanted behaviours, for both first-party and third-party apps.
Why it matters: Organisations rely on many external apps and libraries; MAST lets them vet these at scale rather than trusting them blindly.
SAST Static Application Security Testing
Analysing an app's source or binary code without running it, to find vulnerabilities early in development.
Why it matters: Fixing flaws in code before release is far cheaper and safer than patching them in production.
DAST Dynamic Application Security Testing
Testing an application while it runs, probing its behaviour and interfaces from the outside to find runtime vulnerabilities.
Why it matters: DAST catches issues that only surface during execution, complementing static analysis.
IAST Interactive Application Security Testing
Analysing an app from inside while it runs, using instrumentation to combine the strengths of static and dynamic testing.
Why it matters: IAST pinpoints vulnerabilities with greater accuracy and fewer false positives.
SCA Software Composition Analysis
Identifying the open-source and third-party components in an app and flagging their known vulnerabilities and licence risks.
Why it matters: Most apps are largely third-party code, so SCA is essential to manage supply-chain risk.
RASP Runtime Application Self-Protection
Security built into an app so it can detect and respond to attacks in real time, on the user's device, while it runs, for example spotting malware, network attacks or unsafe environments.
Why it matters: RASP protects the app in the field, where perimeter defences do not reach, and can react automatically.
In-App Protection
A layered approach that builds security directly into a mobile app, combining shielding, anti-tampering and runtime self-protection (RASP).
Why it matters: It protects the app on any device, without relying on the device's own security posture.
Application Shielding
Protection techniques applied to an app to make it resistant to tampering, reverse engineering and cloning by hardening its code and runtime.
Why it matters: Once published, an app runs on devices the vendor cannot control; shielding is its last line of defence.
Code Obfuscation
Transforming an app's code so it still runs correctly but becomes very hard for a human or tool to read and understand.
Why it matters: Obfuscation slows reverse engineering, protecting business logic, keys and intellectual property.
Reverse Engineering
Taking apart a compiled app to understand how it works, recover its logic or extract secrets such as keys and API endpoints.
Why it matters: Attackers reverse-engineer apps to find weaknesses or clone them; shielding and obfuscation counter it.
Anti-Tampering
Mechanisms that detect and react when an app's code or runtime is modified, for example by refusing to run or wiping sensitive data.
Why it matters: It stops attackers from altering app behaviour or bypassing security controls after release.
Certificate Pinning
Configuring an app to trust only a specific server certificate or key, rather than any certificate from a trusted authority.
Why it matters: Pinning blocks many man-in-the-middle attacks that rely on fraudulent but valid certificates.
Root / Jailbreak Detection
Checks that let an app determine whether it is running on a rooted or jailbroken device and respond accordingly.
Why it matters: Detecting a compromised device lets an app protect its data before an attacker can exploit it.
Emulator Detection
Techniques that identify whether an app is running on a real device or in an emulator often used for analysis or fraud.
Why it matters: It helps block automated abuse and reverse-engineering carried out in emulated environments.
Hooking Frida / instrumentation
Intercepting and altering an app's function calls at runtime, often with tools like Frida, to inspect or change its behaviour.
Why it matters: Attackers use hooking to bypass controls; runtime protection detects and blocks it.
SBOM Software Bill of Materials
A complete inventory of the components and dependencies that make up an application, including open-source libraries.
Why it matters: An SBOM lets teams react quickly when a vulnerability is found in a widely used component.
DevSecOps
An approach that integrates security into every stage of software development and operations, rather than bolting it on at the end.
Why it matters: Building security in continuously reduces risk without slowing delivery.
Shift Left
Moving security testing earlier in the development lifecycle so flaws are found and fixed sooner.
Why it matters: Catching issues early is cheaper and less disruptive than fixing them in production.
Vibe Coding
Building software mainly by describing what you want to an AI assistant, which generates the code, rather than writing it by hand.
Why it matters: AI-generated code can multiply vulnerabilities if it is not security-tested, making automated testing essential.
Penetration Testing
A controlled, simulated attack on an app or system by security experts to find exploitable weaknesses before real attackers do.
Why it matters: It reveals how vulnerabilities chain together in practice, beyond what automated scans show.
Vulnerability
A weakness in code, configuration or design that an attacker can exploit to compromise a system or its data.
Why it matters: Identifying and remediating vulnerabilities early is the foundation of application security.
APK / IPA
The package file formats used to distribute and install apps: APK for Android and IPA for iOS.
Why it matters: These binaries can be extracted and analysed, which is why they must be tested and shielded.
API Security
Protecting the application programming interfaces that apps use to exchange data, against abuse, unauthorised access and data exposure.
Why it matters: Mobile apps depend heavily on APIs, making them a prime target and a critical thing to secure.
Compliance Audit
An assessment that checks whether a mobile app or fleet meets the security and privacy requirements of applicable regulations and standards.
Why it matters: Regular audits demonstrate compliance and catch gaps before regulators or attackers do.
OWASP MASVS Mobile App Security Verification Standard
An open, industry-recognised standard from OWASP defining security requirements for mobile apps, used as a baseline for design, development and testing.
Why it matters: MASVS gives teams a shared, measurable reference for what secure enough means, making assessments consistent.
OWASP Mobile Top 10
A regularly updated OWASP list of the most critical security risks facing mobile apps, such as insecure storage and weak cryptography.
Why it matters: It offers a prioritised starting point for the risks most likely to be exploited.
MASA Mobile App Security Assessment
An App Defense Alliance programme under which independent labs verify that an app meets a defined mobile security baseline.
Why it matters: A MASA validation signals to users and partners that an app has passed independent security checks.
ISO 27001:2022
An internationally recognised standard for information security management systems (ISMS), setting out how organisations manage and protect the information they store, process or access.
Why it matters: Certification shows customers and regulators that security, including on mobile, is managed systematically.
GDPR / RGPD
The EU regulation governing how personal data is collected, processed and protected, applying to any organisation doing business in Europe.
Why it matters: Mobile apps routinely handle personal data, so GDPR shapes how they must be built and secured.
NIS2 Directive
An EU directive strengthening cybersecurity requirements for essential and important entities across many sectors, expanding the earlier NIS directive.
Why it matters: NIS2 extends security and reporting duties that increasingly cover mobile usage and applications.
DORA Digital Operational Resilience Act
An EU regulation requiring financial entities to withstand, respond to and recover from ICT-related disruptions and cyber threats.
Why it matters: DORA raises the bar for operational resilience, including the mobile channels finance now relies on.
PSD2 Payment Services Directive 2
An EU directive regulating payment services, requiring strong customer authentication and secure data handling for banking, wallet and payment apps.
Why it matters: Payment and banking apps must meet PSD2's authentication and security rules to operate in the EU.
DPA UK Data Protection Act
The United Kingdom's data protection law, which replaced GDPR in the UK after Brexit while mirroring its principles.
Why it matters: Organisations processing personal data of UK users must comply with the DPA or face fines.
HIPAA Health Insurance Portability and Accountability Act
A U.S. regulation protecting the privacy and security of individuals' health information (PHI), including in medical and telehealth apps.
Why it matters: Health apps handle highly sensitive data and carry serious HIPAA obligations.
PHI Protected Health Information
Any health data that can identify an individual, such as medical records, prescriptions and insurance details, protected under regulations like HIPAA.
Why it matters: Health apps must safeguard PHI throughout collection, storage and transmission.
PCI DSS Payment Card Industry Data Security Standard
A global security standard for organisations that handle credit card data, requiring cardholder data to be protected, including in mobile payments.
Why it matters: Mobile devices aren't secure by default, so PCI DSS demands added protection for payment apps.
SOC 2 Service Organization Control 2
An AICPA standard assessing how service providers manage data security, availability, processing integrity, confidentiality and privacy.
Why it matters: A SOC 2 report reassures customers that a provider's controls, including for mobile apps, are audited.
PIPEDA Personal Information Protection and Electronic Documents Act
Canada's federal privacy law governing how organisations collect, use and disclose personal information in commercial activities.
Why it matters: Apps and services operating in Canada must protect personal data under PIPEDA.
FTC Act Federal Trade Commission Act
U.S. legislation empowering the Federal Trade Commission to enforce fair business practices and protect consumer privacy, including for app developers.
Why it matters: It requires businesses to provide accurate, transparent information about data collection and protection.
CISA Mobile Checklist Mobile Device Cybersecurity Checklist
A checklist from the U.S. Cybersecurity and Infrastructure Security Agency to strengthen mobile device security, covering configuration, updates, app security, MDM and phishing.
Why it matters: It offers a practical baseline for hardening mobile devices in any organisation.
CVE Common Vulnerabilities and Exposures
A public catalogue of known security vulnerabilities, each with a unique identifier so teams worldwide can reference the same flaw.
Why it matters: CVE IDs let teams track, prioritise and patch known weaknesses consistently across their dependencies.
CVSS Common Vulnerability Scoring System
A standardised framework for rating the severity of a vulnerability on a 0 to 10 scale based on its characteristics and impact.
Why it matters: CVSS scores help teams prioritise which vulnerabilities to fix first.
Zero Trust
A security model based on never trust, always verify, where no user, device or app is trusted by default and every access request is continuously validated.
Why it matters: Mobile devices connect from anywhere, so their posture must be verified continuously, a core Zero Trust input.
MFA / 2FA Multi-Factor Authentication
Authentication that requires two or more independent proofs of identity, such as a password plus a one-time code or biometric.
Why it matters: MFA sharply cuts account takeover, but the mobile channel itself is targeted, so the device also needs protecting.
Encryption
Encoding data so only authorised parties can read it, protecting information both stored on a device (at rest) and sent over networks (in transit).
Why it matters: Strong encryption is fundamental to keeping mobile data confidential even if a device or connection is compromised.
IOC Indicators of Compromise
Forensic evidence that a device or system may have been breached, such as malicious file signatures, domains or unusual behaviour.
Why it matters: Sharing IOCs lets defenders detect and respond to the same threat faster across their fleet.
No term matches your search.
Put these concepts into practice
Protect your mobile endpoints and applications with solutions trusted by global tech leaders and recognised by top analysts.