Mobile Security 101: A Glossary of Mobile Security Terminology

No matter how much you know about mobile security, you may come across some terms you don’t know as you read through Zimperium’s resources. This glossary contains terms that run the gamut — from the simple to the more technical. Is there a term you’d like to see included? Contact us and let us know.

Locate Terms Alphabetically

A-C    D-E    H-N    O-R    S-Z


Abnormal Process Activity

Any process that deviates significantly from a device’s regular processes. Abnormal activity can indicate a breach or an attack.

Android Package Kit (APK)

Short for Android Package Kit, and often seen as .apk, the file format used by the Android operating system.


A security measure that prevents malicious actors from reverse engineering and gaining insight into an application’s behavior and capabilities during run-time.

Anti-Reverse Engineering

A security measure that prevents unauthorized attempts to convert app binaries back to their original source code.


Short for “application,” a program that runs on a mobile device.

App Hardening

A security measure to protect applications from inspection, tampering, and run-time abuse. This is synonymous with App Shielding.

App Shielding

The process of modifying an existing application to make it more resistant to hacking attempts such as reverse-engineering, tampering, and monitoring.


A security measure that prevents apps from being manipulated and repackaged for unauthorized use.


A malware designed to steal banking credentials and payment information.

Binary Packing

A technique used to make it difficult for hackers to reverse engineer apps as they can’t run the code through a disassembler or decompiler.

Bring Your Own Device (BYOD)

Also called Bring Your Own Technology and often abbreviated as BYO, a workplace policy that allows employees to bring their personal mobile device to work rather than using a company-issued (or as it’s often referred to, a “managed”) device.

Common Vulnerabilities and Exposures (CVE)

CVE is short for Common Vulnerabilities and Exposures. The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

Cryptographic Keys

A piece of data, often a string of numbers or letters, which allows information to be encrypted or decrypted.


Danger Zone

Also known as a Known Malicious Network. Locations previously detected with risky networks and attacks. Can include an open Wi-Fi network that presents persistent security risks to devices that connect to it.

Developer Options

An Android setting that allows developers to configure their system so they can debug and monitor the performance of apps.

Device Attestation

The process by which software verifies the security and integrity of a device that’s attempting to connect with applications or workspace.

Device Compromise

A cybersecurity incident where unauthorized access to a device undermines the endpoint’s confidentiality, integrity, or availability. Impacted resources can include manipulation, theft, modification, substitution, or use of sensitive information.

Device Emulator

Also called simulators, device emulators allow a user to create virtual mobile devices on a computer. Emulators are often used by developers to test apps, but can also be used by criminals to commit fraud.

Digital ID

A set of validated digital attributes and credentials for the digital world which uniquely identifies a person online.


Diversification is a technique used to alter code to create instances of the same software that are functionally identical but where the surface of the code is uniquely different in shape and structure.

Dynamic Code Loading

The practice of allowing an app to pull information from beyond its codebase and execute it during operation. This practice means apps are smaller because the code is stored remotely and not in the app itself.

Dynamic Link Library (DLL) Injection

The process of running code within another process by forcing it to load a dynamic-link library. DLL injection is used by external programs to change the behavior of another program.


The process of encoding data so that only a person or organization with cryptographic keys can read it.


An endpoint is any device that is the end of a network, such as a computer or a mobile device.

Enterprise Mobility Management (EMM)

A set of security measures and technologies meant to secure corporate data on employees’ mobile devices.


A piece of software that takes advantage of a bug or vulnerability to perform an unauthorized action.


Hardware-Based Security

Protections such as hardware security modules (HSM), trusted platform modules (TPM), and trusted execution environments (TEE) can provide strong protection for cryptographic keys but are complex to implement and can become vulnerable if the attacker owns the execution environment.

In-app protection

In-app protection refers to self-defense capabilities in client-side applications. It includes application shielding, anti-tampering, cryptokey protection, and anti-malware techniques.

Integrity Checking

A technique used to harden applications by inserting thousands of small overlapping checksums across the codebase to check for tampering during runtime.


The Internet of Things (IoT) refers to a physical device that is embedded with sensors, processing ability, software, and other technologies that allow them to communicate with other devices and systems over the Internet. Examples include smart homes, wearable devices, medical devices, smart cars, and any other physical object with sensors embedded in it.


The act of bypassing Apple’s software restrictions to gain admin/root access. Apple views jailbreaking as a violation of a device’s warranty.


A Keystore can be a repository where private keys, certificates, and symmetric keys can be stored.

Malicious Website

A compromised or malicious website that is part of a phishing or spear-phishing attack chain masquerading as a legitimate or reputable source in an attempt to steal sensitive information, execute an exploit, or sideload malicious applications.


A malicious software or firmware that can be file-based or file-less malware used to perform unauthorized activities on a device to undermine an information system’s confidentiality, integrity, or availability. Examples of this malicious code include a virus, worm, Trojan horse, spyware, and adware.

Man in the Middle (MitM)

An attack that uses insecure networks to intercept and modify data during its transmission between a device and application. MitM can be used to compromise personal information, like login credentials and payment transactions.

Mobile Application Management (MAM)

The process of provisioning and controlling specific apps on a user’s phone. As opposed to controlling the entire device, MAM allows an enterprise to manage and secure specific apps that are used for work, such as O365 apps, Slack, Asana, or any app that might contain proprietary data. This approach to mobile security has become more popular as more employees are using personal devices for work and they prefer a light touch on their phone by their employer. 

Mobile Application Vetting (MAV)

The use of mobile apps introduces additional privacy and security risks, whether intentional or unintentional, to an individual and organization. Mobile app vetting analyzes applications to determine how risky an app is. According to the 2023 Gartner Market Guide for Mobile Threat Defense, “Security and risk management leaders looking for immediate, visible value to justify an MTD investment should use the app-vetting and device vulnerability management features. These two features enable them to demonstrate quickly how MTD reduces app risk and device risk.”


The use of mobile app vetting is recommended by the Continuous Diagnostics and Mitigation (CDM) Program, in the NIST SPECIAL PUBLICATION 800-124 rev2 guidelines for managing the security of mobile devices in the enterprise, and as a part of Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust maturity model.


Zimperium’s z3A vets mobile apps and provides deep intelligence, including contextual analysis along with privacy and security ratings.

Mobile Device Management (MDM)

A process that allows an enterprise to control its devices from a central platform. MDM products enable a consistent setup of devices, including pushing apps, security settings, authentication, and more. MDMs have mostly been replaced by Enterprise Mobility Management (EMM) products.

Mobile EDR

Endpoint Detection and Response (EDR) is a name for tools that monitor and collect activity data from endpoints that may indicate a threat, analyze the data to find threat patterns, and respond to threats. Mobile EDR is designed specifically to monitor and contain threats to mobile endpoints, which are substantially different from non-mobile endpoints.

Mobile Threat

Any security threat to a mobile device.

Mobile Threat Defense (MTD)

A technology that protects mobile devices against risks and attacks/threats. Through a variety of techniques, including machine learning and behavioral analysis, MTD products prevent, detect, and remediate threats to devices, their network connections, and their applications.

Multi-Factor Authentication (MFA/2FA)

The practice of using more than one factor — like a password — to sign in to a site or application. Authenticators may include push notifications, codes, or biometric data like fingerprints or facial scans. If an attacker has already taken over a phone, however, phone-based MFAs are no longer useful in protecting data.

Native App

An application specifically designed to work on one operating system, such as iOS or Android, written in a security-focused language like C/ C++, Swift, or Objective-C.



The practice of making code difficult to understand and reverse engineer, for the purpose of protecting information.

Pinning/ Certificate Pinning

A security technique in which a site or an application only accepts authorized, or “pinned” certificates as valid. This limits client-server connections.


A widespread social engineering attack vector using authentic-looking assets, such as e-mail or other messages to trick users to reveal critical data or direct them to a fake website that requests information. Spear phishing, or smishing, is a direct-targeting form of phishing.


Configuration profiles are XML-based files that contain settings to manage Wi-Fi, email accounts, passcode options, and many other functions of Apple devices.

QR Codes

Digital barcodes, often square, that when scanned by a mobile device, open a Web page, an application, or lead to other information. Cybercriminals sometimes hack legitimate QR codes to direct users to scam sites. QR stands for “quick response.”

Rogue Access Point

A wireless access point that has been installed on a network’s wired infrastructure without the consent of the network’s owner. Often used for various attacks, including denial of service, data theft, and other malware deployments.

Rooted Device

A device, usually Android, that has been hacked to allow the user privileged access to the device’s subsystems through the root account, which allows a user the most privileges possible. While rooting has some similarities to jailbreaking an Apple device, it is not frowned on by Google – many vendors allow their users to root devices. However, it’s easy to make a mistake on a rooted device that can compromise its security.


Malware that, when downloaded, locks a device or network by encrypting the user’s data. To receive a decryption key, a ransom must be paid.

Rogue Cell Towers

Also called Stingrays or IMSI Catchers, rogue cell towers are suspicious cell towers that are used to hijack nearby mobile device connections. Although Stingrays are also used by law enforcement, criminals use rogue towers to listen to calls, read texts, and push malware to devices.

Runtime App Self-Protection (RASP)

Runtime Application Self-Protection is a technology that lets organizations stop hackers’ attempts to compromise enterprise applications and data in real-time. RASP detects and blocks attacks by taking advantage of information from inside the running software.



A piece of software that appears to be legitimate but is actually malware in disguise.

Shift Left Testing

An approach to software testing in which testing is performed earlier in development instead of later in the process when mistakes are more difficult to detect and fix.


The practice of installing an application that has not been approved by the phone’s official App Store. This is typically done on a rooted Android device or a jailbroken iOS device. Sideloaded apps can be dangerous because they may contain malicious code and have an unknown security posture.

Silent App Installation

The process of an application updating or installing without notifying the user.

SIM Card State Change

When a SIM card has changed its IMSI (International Mobile Subscriber Identity) state. This occurs when a user activates or suspends the SIM card.


A targeted social engineering attack using authentic-looking text messages to trick users to reveal critical data or direct them to a fake website that requests information.


Malware that hides on a mobile device, monitors the user’s activity and steals sensitive information like financial information, proprietary data, or passwords.

Supply Chain Attacks

A type of attack that targets a third-party vendor who offers software to the supply chain.

Third-Party Apps Enabled

An Android setting allowing users to download apps from locations other than the Google Play store.

Traffic Manipulation

A tactic deployed across multiple traffic-based threats, including SSL Stripping, Traffic Tampering, and TLS Downgrade. Malicious actors can use external, forced reductions to traffic security or packet manipulation.


Also called a Trojan Horse or Trojan Virus, a Trojan is that is disguised as something else so that users will download it. Mobile Trojans arrive as text messages pretending to be banking or some other alert and once clicked on, mine information from a phone.

Unified Endpoint Management (UEM)

The practice of managing, securing, and deploying corporate resources and applications on any mobile device from a single platform. UEM is the next phase of EMM and combines the management of mobile devices with the management of applications and authentication.

Virtual Private Network (VPN)

A private network, extended over a public network, which routes all internet activity through an encrypted connection so that the activity remains private.


Any security flaw, glitch, weakness, or loophole in a piece of software that can be exploited by an attacker.

Vulnerability Scanning

Process of identifying security, privacy, and compliance weaknesses in software.

White-box Cryptography

The practice of combining methods of encryption and obfuscation to embed secret keys within application code so that both code and the encryption keys look indistinguishable to an attacker. This prevents those keys from being found or extracted from the app. Each implementation of white-box cryptography works is unique to its creator.

Zero-Day Attack

A recently-discovered security vulnerability attackers can use to breach a system. “Zero-day” refers to the fact that the developer has only just learned of the vulnerability, which means they have “zero days” to fix it.

Zero Trust Architecture

Also known simply as Zero Trust, this is an approach to cybersecurity based on the principle “Never trust, always verify.” Zero Trust continuously validates every stage of every digital interaction.

Return to the top of the glossary.

Did we forget a term?

Contact us and let us know the term you would like to see included in our glossary.

Get started with Zimperium today