Mobile phones are emerging to personal mobile devices, which can already replace a personal computer in many use cases. But their overall security mechanisms are not sufficient. The data stored in today's devices are much more personal then data stored on any other device we use.
The focus in this thesis are operating systems and additional installed applications. The mobile phone attack surface is examined and based on it, possible and by researchers documented examples of threats are summarized. Since the mobile and fixed environments have their differences, these are outlined as the consideration for improvement approaches. Because of the human factor, some results of awareness surveys are presented and discussed.
Due to limited resources of mobile phones (mainly power supply and size and/or weight), the current research in this field mainly concentrates on off-device (cloud) security services. These off-device security services are now the only solution to save power supply consumption while inferring possible attacks. Another focus is the virtualization and problems interconnected with installation of new applications.
Summing up, this thesis proposes a mobile phone attack surface including open problems, which have to be solved to improve the overall security of mobile phones.