Answers from the experts at Zimperium.

Mobile Security

What are mobile security threats?

Mobile security threats are vulnerabilities or attacks that attempt to compromise your phone’s operating system, internet connection, Wi-Fi and Bluetooth connections, or apps. Smartphones possess very different behaviors and capabilities compared to PCs or laptops and need to be equipped to detect attacks specific to mobile devices. Mobile devices contain unique functions and behaviors, making traditional IT security solutions ineffective for securing mobile devices.


One of the primary differences in how mobile devices like iPhones or tablets are different from PCs and laptops is regarding administration privileges. There can be several administrators for a PC or laptop, making it simple for corporate IT to install security software and monitor computers for problems. On mobile devices, the admin is the device owner. The device owner is the only one that can install apps or allow other management profiles on the device. This means the burden of securing the mobile device and its data falls entirely on the user–who may not have the time or expertise to provide proper mobile device security.


Visit our glossary and terminology page to learn more about the different mobile threats.

How can I tell if my phone is hacked?

More than likely, you will not be able to determine if your phone has been hacked or compromised without expert-level knowledge of the operating system and device hardware. However, you may notice your phone exhibiting new behaviors like becoming slower, crashing, and having excessive or weird battery drain. Some users received enormous data usage bills from their service providers after malicious adware was installed on the device. To determine with certainty whether or not your phone has been hacked or compromised by a third party requires specialized software to do so.


z9™ is Zimperium’s machine learning-based engine that enables our mobile security solutions to detect threats. Much like your nervous system continuously monitors your body from the inside, z9 can detect both known and unknown threats by analyzing the behavior of a mobile device. By analyzing slight deviations to the mobile device’s OS statistics, memory, CPU, and other system parameters, z9™ can accurately identify not only the specific type of malicious attack but also provide forensics associated with the who, what, where, when, and how of an attack occurrence. The z9 engine was specifically developed for mobile, not ported from traditional endpoint security, to guard against the unique threats targeting iOS, Android, and Chromebook devices. z9 runs efficiently on the device without introducing latency or violating user privacy.


Advanced App Analysis (Z3A) is Zimperium’s app vetting feature, evaluating the risks posed by mobile apps that employees have downloaded to their devices. z3A identifies and reports which mobile apps on a device are risky, providing deep intelligence about an application’s behavior with unprecedented granularity, including content (the app code itself), intent (the app’s behavior), and context (the domain, certificates, shared code network communications, and other data). z3A also provides privacy and security rating, making it easy for security teams to set effective security policies to reduce an app’s risk.

Why is mobile security important?

The use of personal devices at work has now become standard in an enterprise organization. According to Zimperium’s 2022 Global Mobile Threat Report, 66% of mobile phones used at work are employee-owned. The use of personal devices at work boosts employees’ productivity, but it also blurs the lines between devices and data, presenting cyber criminals with a treasure trove of enterprise information ripe for stealing. According to the Verizon 2022 Mobile Security Index:


  • 23% of surveyed enterprises said their organization had suffered a mobile security compromise.
  • 79% of respondents said the shift to remote or hybrid work has undermined the cybersecurity of their organizations due to the distribution of devices and less secure networks.
  • 87% surveyed said they have been forced to re-evaluate how they operate as attacks on mobile devices grow.
  • 46% of the companies surveyed said they had suffered a compromise involving a mobile device in the past 12 months.


Beyond mobile devices, mobile apps also present major security risks. The apps used on smartphones represent an intrinsic value to attackers, as these apps contain financial information, perform payment transactions, contain PII data, are used to identify ourselves, contain our personal conversations, and much more. In order to secure these apps and the assets they hold, we need to secure them against tampering and exploitation by criminal organizations and attackers.

Mobile Application Security

What is mobile app protection, and why do I need it?

Mobile application protection can be categorized as security solutions that focus on building and increasing the defensive capabilities within a mobile application, making it more resistant to attacks and responsive when attacked. It generally includes techniques such as code obfuscation, specialized cryptographic key protection, anti-tampering protections and integrity protections, as well as Runtime Application Self-Protection (RASP) for awareness of debugging, emulators, dynamic and static analysis, and more.


Organizations offering iOS or Android apps need comprehensive mobile app protection to protect confidential data, intellectual property, and the customers they serve. An effective mobile app security and protection approach must also be practical for developers and should:


  • Not cause significant development delays,
  • Be easily implemented,
  • Provide mobile-specific security,
  • Not affect app performance, and
  • Keep pace with rapidly evolving threats.

How does Zimperium secure mobile applications?

The goal of DevSecOps is to bake security in as a part of the software development lifecycle (SDLC) with secure coding best practices and testing automation. This has proven to be better and more efficient than addressing security concerns after applications are in production.


Mobile application risks start in development and persist throughout the app’s entire lifecycle, including when running on an end user’s device. Zimperium’s Mobile Application Protection Suite consists of four products with a centralized dashboard to view threats and create response policies. It is the only unified platform that combines centralized visibility with comprehensive in-app protection, combining both inside-out and outside-in security approaches to help enterprises build and maintain secure mobile apps.


  • zScan: Discover and fix compliance, privacy, and security issues within the development process before you publicly release your apps.
  • zKeyBox: Protect confidential data by securing cryptographic keys with white-box cryptography so they cannot be discovered, extracted, or manipulated.
  • zShield: Harden and protect the app with advanced obfuscation and anti-tampering functionality to protect the source code, intellectual property (IP), and data within the application.
  • zDefend: Leverage RASP and enable the mobile application to detect and proactively protect itself by taking actions on the end user’s device, even without network connectivity.

Mobile Threat Defense (MTD)

What is mobile threat defense?

According to Gartner, “Mobile threat defense (MTD) protects organizations from threats against iOS and Android mobile devices. It provides prevention, detection, and remediation for the device, its network connections, and its applications. To prevent and detect enterprise threats, such as malware, MTD products use a variety of techniques, including machine learning and behavioral analysis.”


MTD solutions protect mobile platforms by detecting threats to devices, operating systems, the networks they use, and apps on the device. Each of these vectors is vulnerable to a variety of attack vectors. More information about mobile threat defense is available on the Zimperium blog here.

How does Zimperium Mobile Threat Defense (MTD) work?

Zimperium Mobile Threat Defense (MTD) – formerly known as zIPS – provides continuous, on-device monitoring to detect known and unknown threats across the kill chain: device, network, phishing, and app attacks. Powered by our z9™ detection engine and patented machine learning-based and behavioral models – developed and refined through years of threat intelligence research – the solution dynamically and accurately identifies malicious attacks.


On-device detection doesn’t require signatures, a cloud-based sandbox, or even an Internet connection. This means users are always protected and alerted to any actions needed. Even when in airplane mode, roaming, or plugging into a port, there are no waiting hours or days to find out if a device has been compromised.


Zimperium MTD enables security operations and incident response teams with the critical mobile threat and risk data necessary to support modern Zero Trust architectures. The unmatched threat forensics and risk intelligence data feed can be integrated with leading enterprise mobility management (EMM), unified endpoint management (UEM), security operations (SOC), and incident response (IR) solutions. More information about Zimperium MTD is available on the Zimperium MTD Product page.

What’s the difference between Mobile Threat Defense and MDMs, EMMs, & UEMs?

UEM is a class of software tools that provide a single management interface for mobile, PC, and other devices. It is an evolution of, and replacement for, mobile device management (MDM) and enterprise mobility management (EMM), and client management tools. Zimperium Mobile MTD can be used as a stand-alone tool or integrated with a UEM. When integrated with a UEM, Zimperium MTD sends alerts about detected threats to the UEM, and the UEM remediates the risk based on predefined rules.


Zimperium MTD works seamlessly with leading Enterprise Mobility Management (EMM) / Unified Endpoint Management (UEM) solutions and is the only MTD solution that can simultaneously integrate with multiple EMM/UEM partners, which is helpful when transitioning between UEM vendors and when the organization has a mix of BYOD and corporate-owned mobile devices.


Zimperium MTD can also be implemented with mobile application management without enrollment (MAM-WE), which is particularly helpful in ensuring secure access to Office 365 applications in BYOD situations. In MAM-WE implementation, when a user launches a work application on a device, the application allows access only when MTD is running on the device. In addition, integrating with mobile device management can automate policies and reduce the friction of deploying Zimperium MTD on devices with little to no interaction with the user, instantly increasing security adoption throughout the enterprise.


What kind of threat research does Zimperium produce?

Zimperium has a team of researchers called zLabs, which is the most qualified and talented collection of researchers focused 100% exclusively on mobile. With backgrounds at companies ranging from eBay and Samsung to Microsoft and Freescale, zLabs researchers are setting the bar for the industry. zLabs researchers discovered and documented attacks such as Stagefright on Android, ziVA on iOS and provided a detailed analysis of the FreeRTOS TCP/IP Stack Vulnerabilities.


Zimperium’s zLabs team is a key member of the App Defense Alliance. Leveraging our extensive mobile security research expertise and some of the most renowned security researchers in the world, zLabs is working with Google to ensure apps entering the Play Store are free of malicious content. Learn more about it here.

How do I purchase Zimperium solutions?

Fill out our Contact Us form and one of our team members will reach out to you.

If I’m a Zimperium customer, how do I contact support?

You can log in to the Customer Success portal here. If you want to talk to our team directly, please reach out directly to your Customer Success Manager or contact us at info@zimperium.com.


If you’re unsure who your Customer Success Manager is, please contact support@zimperium.com.


What is zANTI, and how do you use it?

zANTI is a free mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This toolkit enables IT Security Administrators to simulate an advanced attacker and to identify the malicious techniques they use in the wild to compromise corporate networks. Visit the zANTI Mobile Penetration Testing page to learn more and download zANTI.


Note: zANTI has been retired from active support and development, with no new updates or features coming to the toolkit. Zimperium will no longer provide support for the zANTI mobile pen-testing toolkit.

Where do you download zANTI?

zANTI is available for download from the zANTI Mobile Penetration Testing page.

Get started with Zimperium today