Beyond the Blackphone: Mobile Security in 2025

Eugene Yiga speaks to industry experts at Mobile World Congress about how the threat landscape is changing

Over a decade ago, the Blackphone made headlines at Mobile World Congress (MWC) as a security-focused smartphone designed to protect user privacy in a post-Snowden world. With its encrypted communications and enhanced security features, it promised a new era of mobile privacy for security-conscious users.

Fast forward to 2025, and the mobile security landscape has transformed dramatically. Today’s challenges have evolved far beyond what its creators could have imagined. As organisations adapt to hybrid work environments, securing mobile endpoints has become a critical priority for CISOs worldwide.

The evolving mobile threat landscape

“We see four key topics that customers have on their agenda,” Palo Alto Networks EMEA and LATAM CEO, Helmut Reisinger, tells Assured Intelligence. “Navigating geopolitical instability, ensuring compliance with regulations, accelerating transformation with 5G, and managing the risk of third-party connectivity.”

Ransomware remains a top-tier cyber threat globally, with compromised mobile devices serving as potential entry points into corporate networks and cloud-based corporate apps. A recent Microsoft report found that “a staggering 92% of ransomware attacks in 2024 involved unmanaged devices”.

“The industry is preparing for future risks like quantum computing.”

Social engineering attacks targeting mobile users have also surged. Mobile users are often more vulnerable due to smaller screens and on-the-go distractions, which makes it harder to spot fraudulent links. In 2023, 75% of organisations experienced mobile phishing attempts against employees. Verizon’s data shows that mobile phishing attacks are alarmingly effective – about one-third of phishing attempts against tech company employees succeeded.

AI-powered deepfakes amplify the impact of social engineering. One such attack struck a T-Systems International customer, according to the firm’s senior VP for cybersecurity, Thomas Masicek.

“A subsidiary leader received an email, a voice call and a voice message from what appeared to be the CEO of the company,” he tells Assured Intelligence. “It looked and sounded completely real – even the responsible person couldn’t detect it wasn’t authentic. The call came from a real subscriber number, which we later discovered was a hacked Android device misused for this attack.”

Mobile operating systems also continue to be targeted by a variety of malware – from banking trojans to spyware. In 2024, cybercriminals unleashed over 33 million mobile malware, adware, or unwanted software attacks, according to Kaspersky. Android remains a primary target due to its open ecosystem, with banking trojans, SMS trojans and adware dominating the threat landscape. New malware strains include “DroidBot”, an Android banking trojan offered as malware-as-a-service, which attempted to steal logins from 77 banking and crypto apps across the UK, Italy, France, Spain, and Portugal.

Uncovering supply chain and 5G vulnerabilities

A growing concern in 2025 is the integrity of the mobile app supply chain. Threat actors target developers and app marketplaces to insert malicious code that will end up on thousands of devices. Malicious Software Development Kits (SDKs) and library tampering have emerged as a major threat.

A recent case uncovered by Kaspersky in early 2025 revealed several apps on Google Play and Apple’s App Store containing a hidden SDK called “SparkCat” that functioned as spyware. This SDK could search a device’s photo gallery and steal images containing specific keywords – aiming to harvest cryptocurrency wallet recovery phrases. Notably, SparkCat represented the first known optical character recognition (OCR) malware to sneak onto Apple’s App Store.

“The mobile threat is not something we can solve alone – no company, no vendor, no state can do it independently.”Miguel Sanchez

The rollout of 5G networks has also introduced new security challenges with its complex, software-defined architecture expanding the attack surface. Researchers have begun identifying protocol and implementation flaws, with potential risks including large-scale attacks on 5G infrastructure that could disrupt mobile connectivity or intercept data.

“We are now as a telco working very hard on 5G technology,” Telefonica’s global CISO, Miguel Sánchez, tells Assured Intelligence. “5G technology has elements that introduce new topics in security. There are improvements in the technology definition, with very good security standards, but they’re not the solution for all problems. There’s very high complexity in the operating model and the governance model.”

Known weaknesses in 5G include lack of authentication for initial broadcast messages, silent downgrade exploits from 5G to 4G, and unsecured network slicing that can allow attackers to eavesdrop or degrade service. Security researchers warn that such flaws “will continue affecting 5G networks in 2025 and vulnerabilities in unsecured base stations will multiply snooping attacks.”

How industry is responding

Organisations are deploying specialised solutions as they strengthen their mobile security policies. A notable trend is the widespread implementation of Zero Trust security for mobile access. With the rise of remote and hybrid work, companies must continuously verify every access request from devices.

“Networks and security have to go together,” insists Palo Alto’s Reisinger. “We provide security from code to cloud, because 70-80% of software is generated using open-source components. If one of these libraries contains malware, you have a serious snowball effect.”

“If an open source library contains malware, you have a serious snowball effect.”Helmut Reisinger

Another area ripe for innovation is securing the mobile app pipeline. Google and Apple have beefed up their app store review processes using automated scans for malicious components, and firms like Microsoft are investing in supply-chain security tools that developers can use to vet third-party libraries. To combat API-related threats, there’s a focus on protecting API keys and using containerised methods to keep secrets out of app code. API credential leakage in mobile apps was so rampant in 2024 that it topped the OWASP Mobile Top 10.

The industry is also preparing for future risks like quantum computing. At MWC, Vodafone and IBM demoed a new service designed to “future-proof smartphone security with quantum-safe cryptography”.

CISO insights and practical steps

The fragmentation of security solutions is a major inefficiency that CISOs must address. T-Systems International’s Masicek emphasises the importance of a holistic approach

“We still see a lot of separate tender processes – one for endpoint detection and response, another for security information management, a third for log management,” he says. “But all these topics should be handled together in one platform to have full visibility and end-to-end security infrastructure.”

“Malicious Software Development Kits and library tampering have emerged as a major threat.”

In response to these challenges, CISOs are implementing robust Mobile Device Management (MDM) and endpoint protection solutions. Many enterprises now require enrolment of devices in an MDM system for any device that handles company data, whether corporate-issued or BYOD. This allows security teams to push configurations, enforce screen lock and encryption, separate work data, and remotely wipe corporate data if a device is lost or an employee leaves.

“We share all information with all parts of Deutsche Telekom, so that everybody can get the best out of this infrastructure,” says Masicek. “We also work closer together with the local governments, because to some extent, you are not allowed to block data.”

Building co-responsibility and resilience

A key concept for improving security posture is what Telefonica’s Sánchez calls “co-responsibility” – the understanding that security is everyone’s concern, not just for security teams.

“Co-responsibility brings together many things,” he explains. “The threat is not something we can solve alone – no company, no vendor, no state can do it independently. And internally in a company, it’s a question for every employee. In society, it’s not just for security forces or intelligence agencies, but also for citizens. Everyone has their own responsibility.”

Given that social engineering is rampant on mobiles, CISOs emphasise continuous user education tailored to these scenarios. This includes training employees to recognise suspicious SMS or messaging app requests, to avoid public Wi-Fi or use a company VPN when on untrusted networks, and to be cautious with app permissions.

For T-Systems International’s Masicek, security experts are increasingly difficult to find, making efficiency crucial.

“Everybody needs high-skilled security experts,” he says. “So for us, it’s also about getting more efficiency into our security operation, as well as sharing information within the company and with partners. We’re all sitting in the same boat, and if we’re not working together, we are much weaker.”

However, security measures on mobile devices must be balanced with employee privacy and usability. If security controls are too intrusive, they may violate privacy laws and employees might seek workarounds. Forward-thinking CISOs must address this through transparency and policy: clearly communicating what the company can and cannot see on a managed mobile.