Mobile Security Glossary: Key Terms and Definitions

Mobile security encompasses a specialized technical vocabulary drawn from device management standards, cryptographic frameworks, threat taxonomy, and regulatory compliance requirements. This glossary defines core terms used across the mobile security sector — from enterprise deployment contexts to consumer threat analysis — as classified by bodies including NIST, the GSMA, and IETF. Precise terminology is operationally important: misidentifying a threat class or misapplying a compliance term can result in incorrect controls selection, audit failure, or regulatory exposure under frameworks such as HIPAA, FISMA, or PCI DSS.

Definition and scope

Mobile security terminology spans 4 primary domains: device-level security controls, network and transport security, application security, and identity and access management. Each domain carries its own standards lineage and vocabulary, and terms frequently overlap or carry different meanings depending on context (enterprise MDM versus consumer threat research, for example).

NIST Special Publication 800-124 (Guidelines for Managing the Security of Mobile Devices in the Enterprise, Rev. 2) provides the foundational federal reference for mobile security terminology in US government and regulated-industry contexts. The OWASP Mobile Security Testing Guide (MSTG) is the primary reference for mobile application security vocabulary. GSMA's security resources govern telecommunications-layer definitions.

Key terms across the mobile security landscape include:

Attack Surface — The total set of points on a device or application where an unauthorized actor can attempt to enter, extract data, or execute code. On mobile platforms, the attack surface includes the OS kernel, installed applications, hardware interfaces (NFC, Bluetooth, USB), network stacks, and bootloader chains. The mobile device threat landscape determines which attack surface components are most actively targeted in any given threat environment.

Mobile Device Management (MDM) — A category of enterprise software and protocol frameworks that enforce policy on enrolled devices. MDM solutions interact with OS-level APIs exposed by Apple iOS (via MDM protocol) and Android (via Android Enterprise). MDM is distinct from Mobile Application Management (MAM) and Mobile Content Management (MCM), though all three are frequently integrated in Unified Endpoint Management (UEM) platforms. See mobile device management security for deployment considerations.

Jailbreaking / Rooting — The process of removing OS-level restrictions imposed by the manufacturer or carrier. Jailbreaking applies to iOS devices; rooting applies to Android. Both actions eliminate the integrity of the device's secure boot chain and disable key platform security controls. NIST SP 800-124 Rev. 2 explicitly categorizes both as high-risk configurations for enterprise enrollment. Full technical and policy implications are covered at jailbreaking and rooting security risks.

Smishing — SMS-based phishing. A social engineering attack delivered via text message, typically impersonating a financial institution, carrier, or government agency to harvest credentials or deliver malware. The FBI's Internet Crime Complaint Center (IC3) tracks smishing under its broader phishing category. See mobile phishing and smishing for incident patterns.

SIM Swapping — An identity fraud technique in which an attacker convinces a carrier to transfer a victim's phone number to a SIM card under the attacker's control, intercepting SMS-based two-factor authentication codes. The FTC and FCC have both issued formal guidance on SIM swap fraud. SIM swapping attacks details carrier-level and consumer-level countermeasures.

How it works

Mobile security terminology is organized through a layered architecture that maps to the OSI model and to device hardware stacks:

  1. Hardware Layer — Terms include Secure Enclave (Apple), Trusted Execution Environment (TEE, defined by GlobalPlatform), and Hardware Security Module (HSM). These components store cryptographic keys in isolation from the main OS.
  2. OS / Platform Layer — Terms include sandboxing, permission model, secure boot, verified boot (Android), and System Integrity Protection (SIP, macOS/iOS derivative). NIST SP 800-164 covers hardware-rooted security for mobile devices.
  3. Application Layer — Terms include inter-process communication (IPC) abuse, insecure data storage, improper session handling, and binary protection. OWASP classifies these under the OWASP Mobile Top 10. See mobile app security risks for a structured breakdown.
  4. Network Layer — Terms include man-in-the-middle (MitM), SSL/TLS certificate pinning, rogue access point, and IMSI catcher (also known as a Stingray device). Network-layer threats are detailed under mobile network security.
  5. Identity Layer — Terms include biometric authentication, FIDO2/WebAuthn, TOTP (Time-based One-Time Password), and SIM-based authentication (SS7 vulnerabilities). Mobile two-factor authentication covers implementation standards.

Common scenarios

Mobile security terminology appears most consequentially in 3 operational contexts:

Compliance audits — Under HIPAA (45 CFR §164.312), organizations must implement technical safeguards including encryption and access controls on devices that access protected health information (PHI). Auditors and compliance officers must distinguish between encryption at rest (covering stored data) and encryption in transit (covering data in motion), as they map to different technical controls. Mobile encryption standards covers AES-256, FIPS 140-2, and platform-specific implementations.

Incident response — Security operations teams must apply precise threat taxonomy to route incidents correctly. Ransomware on a mobile endpoint requires different containment steps than a stalkerware infection or a credential-harvesting smishing campaign. Mobile security incident response maps terminology to response playbooks.

Policy drafting — Enterprise BYOD security policy frameworks require precise use of terms like "containerization," "remote wipe," "selective wipe," and "compliance policy" to avoid ambiguity in enforcement. Selective wipe removes only corporate data; full remote wipe erases the entire device — a distinction with direct legal implications under state data privacy statutes.

Decision boundaries

Terminology selection determines control scope. The following contrasts identify where definitional precision has direct operational consequences:

Term A Term B Operational Distinction
MDM MAM MDM manages the entire device; MAM manages only enrolled applications. Wrong selection = incorrect BYOD enforcement.
Encryption at rest Encryption in transit Governed by different NIST controls (SP 800-111 vs. SP 800-52).
Vulnerability Exploit A vulnerability is a weakness; an exploit is active weaponization of that weakness. Risk scoring differs.
Jailbreak detection Root detection Platform-specific; iOS and Android APIs for detection differ structurally.
MitM SSL stripping SSL stripping is a specific MitM subtype targeting HTTPS downgrade; not interchangeable.

Zero-day (CVE-undefined vulnerability with no available patch) must be distinguished from N-day (a known, patched vulnerability still present on unpatched devices). The majority of successful mobile exploits in documented threat intelligence reports target N-day vulnerabilities, not zero-days, because device patch adoption rates remain low across enterprise and consumer fleets. Zero-day exploits on mobile covers the taxonomy further.

Mobile privacy laws in the US and mobile security compliance both require organizations to apply regulatory-specific terminology precisely — terms defined in CCPA, COPPA, and HIPAA do not map 1:1 to each other even when they address similar data categories.

References

Explore This Site

Regulations & Safety Regulatory References Tools & Calculators Password Strength Calculator