1. What are the biggest threats to mobile app security?
2. Do you think that people with mobile phones who have banking or financial apps with sensitive data should avoid storing the user id and/or password on the device which would give a person taking the device a road into accessing the information
3. Most MFA security falls into 3 categories.
a. Knowledge factors which is information that a user must be able to provide in order to log in such as an id and password.
b. Possession factors - anything a user must have in their possession in order to log in, such as a security token.
c. Inherence factors - any biological traits the user has that are confirmed for login such as fingerprint or retinal scan.
Do you think in order to be safe, all 3 of these types should be used, or is that overkill?
4. You mentioned "....Application isolation should isolate the data from apps that don't have any business accessing it"
What might be done to try and do the type of isolation you are referring to?
5. How do you think you can effectively test all the different hardware and software combinations?