6.1 Description of ThreatMobile devices are increasingly used by people around the world, with more than 1.4 billion smartphones sold in 2015 alone, its use has become an essential part of our daily life due to its vast amounts of functions, other than just calling, it can be used to surf the internet, chat with friends and watch shows on it. As smartphones make its way to more people, more hackers would naturally want to find new ways to hack into mobile devices to steal information and/or get more money.The smartphone industry is currently dominated by 2 operating systems, Android by Google and iOS by Apple. Vulnerabilities and malware continue to grow on both systems, but more common on Android due to high interest of improving the Android architecture, high research of mobile platforms, and the vast amount of users using the Android system compared to iOS.6.2 Nature of ThreatThere are various kind of threats in mobile, currently the most prominent ones are malware and vulnerabilities. There were 18.4 million mobile malware detected by Symantec in the year 2016, which is double of what they detected in the previous year. Typically, malware is transmitted through malicious application or file downloads. One example would be Android APKs (Android Package Kits), hackers are able to put malware in apps and release them on the Google Play Store, sometimes bypassing Google’s security checks, for users to download, another way is to release the APK file in the internet and users can install the app. After the app is installed, the malware in the app is activated and can steal information off the user’s phone.Vulnerabilities are also another way hackers can attack mobile devices. Android devices have more vulnerabilities than its rival iOS due to its open source nature of running the operating system, releasing source code and allowing the user to tinker with their phone. Apple on the other hand does not release source code of iOS and controls both hardware and software, making it easier to restrict what the user installs on their phone and impose tighter security restrictions or policies.Vulnerabilities are usually found by white hat hackers who try to exploit the operating system to find the vulnerabilities and fix it, but there are also zero-day vulnerabilities, where the hackers who knew about the vulnerability would make use of it once it is known to the public. This makes this extremely difficult for the manufacturer, who needs to patch it, and the consumer with the device, prone to being attacked by these vulnerabilities.6.3 Mitigation of ThreatNew vulnerabilities are found almost every day, and fixes are required to be quick and successive at the same time. Google’s (Android) solution is the Android Security Bulletin, it releases a security update every month for manufacturers to implement and release to consumers’ phones. This allows the consumer to update their phones and minimise the threat of malware entering into their devices. Android users can also uncheck unknown sources in their settings to disallow manual app installs and only install apps through the Play Store, which checks all apps in the users’ device.Another well-known manufacturer, Apple, does security updates as and when it is required, and will release the update almost immediately once they are able to confirm that the vulnerability is verified and have a patch ready to be released.In order to readily minimise the threat, companies should to force update their consumers’ phones with these updates/patches, because attacks can happen anytime, they should be allowed to force update the users’ phones with the patches in case the user does not know about it or does not have the time to update their device. This way, if an attack happens on consumers’ device, they can be successfully blocked.