The 2025 Global Mobile Threat Report provides compelling evidence that mobile devices have become the primary attack surface for cybercriminals worldwide. This research article, prepared by the Centre for Police Technology (CPT), analyses the report’s findings through a law-enforcement and public-safety lens, highlighting the operational, regulatory, and national security implications of rapidly evolving mobile threats. The study concludes that mobile security must now be treated as a strategic pillar of cyber risk management rather than a peripheral control
Introduction
Over the past decade, smartphones have transformed into digital identities—serving simultaneously as communication tools, authentication devices, wallets, and gateways to enterprise and government systems. Our research indicates that attackers have clearly recognized this shift. The 2025 Global Mobile Threat Report confirms a decisive transition toward mobile-first attack strategies, deliberately targeting the weakest and least monitored endpoint in most organizations: the mobile device.
From a policing and public-sector perspective, this evolution is particularly concerning, as mobile compromise increasingly enables financial fraud, identity theft, surveillance, and large-scale data breaches.
Rise of Mishing and Social Engineering Attacks
One of the most significant findings of the report is the dramatic rise of mishing (mobile-targeted phishing), which now constitutes nearly one-third of all observed mobile threats. Within this category, smishing (SMS phishing) accounts for more than two-thirds of attacks. Our analysis suggests that users inherently trust SMS communication, making it an effective channel for deception.
The report documents a 28% increase in vishing and a 22% increase in smishing, trends strongly correlated with the use of generative AI by threat actors. Of particular concern is the emergence of PDF-based phishing delivered via SMS, a technique that evades traditional security controls and exploits user familiarity with document sharing on mobile platforms.
From CPT’s research standpoint, these developments significantly raise the risk of mass-scale fraud and targeted attacks against government officials, police personnel, and critical infrastructure operators.
Device Vulnerabilities and the Legacy Hardware Problem
The research further highlights a structural weakness in the global mobile ecosystem: 25% of devices currently in use cannot upgrade their operating systems due to hardware limitations. Such devices remain permanently exposed to known vulnerabilities and are attractive targets for attackers seeking reliable exploitation paths.
In parallel, 23.5% of enterprise-connected devices were found to have sideloaded applications. Sideloaded apps bypass official app store vetting and frequently contain repackaged or malicious code. CPT research indicates that these apps are often used as covert surveillance tools or banking malware, especially in fraud and organized cybercrime investigations.
Application-Level and Data Sovereignty Risks
A critical but often overlooked risk identified in the report is related to work applications and data flows. The findings show that 23% of work-related mobile apps communicate with servers located in high-risk or embargoed countries, including a significant proportion of financial and productivity apps .
From a regulatory and policing perspective, this raises serious concerns around:
• Data sovereignty violations
• Unauthorized cross-border data transfer
• Exposure of sensitive government and enterprise information
Such risks are often invisible to users and even to IT administrators, underscoring the urgent need for continuous app vetting and runtime monitoring.
AI Integration: The New Invisible Risk
The report also documents a 160% growth in AI service usage within mobile applications installed on enterprise devices. While AI improves functionality and productivity, it simultaneously introduces opaque data processing pipelines. CPT’s analysis indicates that many AI-enabled apps fail to adequately disclose where sensitive data is processed, stored, or transmitted.
This creates new investigative challenges for law enforcement, particularly in tracing data leakage, surveillance misuse, and cross-jurisdictional cyber incidents.
Researcher’s Observation (CPT)
As noted during this study, “Mobile devices today represent the convergence of identity, finance, communication, and access control. A single compromised smartphone can provide attackers with persistent access to personal, corporate, and government ecosystems. The findings of this report confirm that mobile security failures now translate directly into cybercrime, fraud, and national security risks.”
Recommendations and Way Forward
Based on the report and CPT’s independent analysis, we recommend:
1. AI-enabled mobile threat protection to counter advanced mishing attacks.
2. Strict decommissioning of non-upgradeable devices in sensitive environments.
3. Continuous vetting of mobile applications, including third-party and AI-enabled apps.
4. Mandatory device attestation to detect compromised or rooted devices in real time.
5. Targeted awareness programs for government officials, police personnel, and enterprise users.
Organizations and agencies seeking to evaluate these controls in practice may request a live demonstration of mobile protection solutions at:
https://algoritha.in/product-demo-request-form/
This research confirms that mobile security is no longer a technical afterthought—it is now a frontline issue in cybercrime prevention, digital policing, and national cyber resilience. The mobile device has become the preferred entry point for attackers, and defending it requires coordinated action across technology, policy, and human behaviour.
For research collaboration, advisory support, or implementation guidance on mobile threat protection, the Centre for Police Technology (CPT) can be contacted at contact@centreforpolicetechnogy.org.
