A structured task for identifying and evaluating the threats and vulnerabilities of an application is called threat modeling; in simple terms, What could possibly go wrong with my app? This becomes the problem statement for creating the threat model.
In our case, we will look at what could possibly go wrong with our mobile app. There is no straightforward method of creating a model or a proven threat model, particularly for mobile applications.
Note
OWASP has created a sample threat model, which can be found at https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Mobile_Threat_Model#Controls
In order to understand the possible threats to a mobile app, it is necessary to define the information in the following sections.
We discussed the iOS and Android architectures in Chapter 2, Snooping Around the Architecture. Most apps are developed around these architectures and designed to serve a purpose. Let's take...