Mobile devices and the risk posed by vulnerabilities in the software that runs them are proliferating. This talk will scrutinize challenges faced in securing mobile apps and contrast them with legacy software security initiatives. We discuss how outsourcing confounds security efforts, how the mobile app lifecycle makes risk a hot potato and conclude with the top mobile threats and how to avoid them.