Let's say you have a web application that you want your customers to be able access via their mobile device. More specifically from their smart phones.
What are some of the security considerations to keep in mind? I am especially interested in the communication from say the mobile device to the tower. What risks are present at this point?
Can you sniff 3G traffic and steal session data etc? I would imagine that this would be possible if the device connects to the web site using an open wi-fi connection yes? But what about 3G/EDGE etc. I know that intercepting voice on an edge network is possible with little effort.(Chris Paget @defcon).
What about data?
Isn't a mobile device just another end point and so the same risks that would be present in a pc environment would more or less also be present in the mobile environment(sniffing/MITM/Authentication/Input validation etc).