According to the 2025 Global Mobile Threat Report by Zimperium, half of mobile devices run outdated operating systems, which leaves them vulnerable to cyber-attacks. As more smartphones are used in corporate environments, threat actors have increasingly targeted mobile devices, exploiting app vulnerabilities. The report highlights a surge in mobile-targeted attacks and the growing risks posed by mobile phishing. Smishing, phishing via SMS, now accounts for 69.3% of all mobile phishing incidents, and both vishing and smishing attacks rose significantly.
Zimperium’s research also found that over 60% of iOS apps and 34% of Android apps lack basic code protection. In addition, nearly 60% of iOS apps and 43% of Android apps are vulnerable to personal identifiable information (PII) data leakage. Malware continues to be the primary tool for attackers, with Trojans seeing a 50% year-over-year rise. New malware families, such as Vultur, DroidBot, and BlankBot, are emerging as part of this growing threat landscape.
Despite increasing awareness of mobile security risks, vulnerabilities in mobile apps remain a significant issue. Apps downloaded outside of official stores are particularly dangerous, as they can bypass security checks and expose users to Trojans and data leaks. Internally developed apps are also vulnerable due to design flaws, insecure APIs, and weak security measures. These persistent security gaps make mobile devices a prime target for cybercriminals seeking to exploit sensitive user data.
To combat these risks, experts recommend adopting real-time mobile threat detection systems, ensuring regular updates, and patching software vulnerabilities. Organizations are urged to implement comprehensive security frameworks, such as zero-trust models, to strengthen defenses against evolving mobile threats. Additionally, users and organizations must prioritize app security to minimize the impact of malware and data breaches.
Reference:
