Cryptographic security protects information from wiretapping
in transit, but endpoints can still be vulnerable. A TLS-secured
connection isn't sufficient to protect a user's sensitive information if the server at the other end of that
connection is impersonating the system the user wants to reach, or if a legitimate system has been hacked.
A mobile device can empower its user to authenticate to Web-based services using methods stronger
than simple passwords. It can generate one-time passwords for display and entry by its user, or can
perform key-based cryptographic operations to demonstrate a user's identity within a protocol.
Federated identity technologies
Federated identity and related protocols,
such as SAML
Access Control Markup Language (XACML)
can serve new and valuable roles
now that mobile devices are powerful enough to operate as service providers in themselves and as users' data
is dispersed across numerous cloud-based platforms.
Mobile app protections and permissions
Many mobile apps communicate data back to sites operated by the organizations
that provide the apps. The apps can provide valuable services for their users, but may also serve
their providers by collecting information. To maintain an individual's security and privacy, especially
as mobile devices accumulate apps from
multiple sources, it's important to constrain what data each app can access
within a device.