Top 10 Mobile Risks - OWASP Mobile Top 10 2024 - Final Release

• M1: Improper Credential Usage
• M2: Inadequate Supply Chain Security
• M3: Insecure Authentication/Authorization
• M4: Insufficient Input/Output Validation
• M5: Insecure Communication
• M6: Inadequate Privacy Controls
• M7: Insufficient Binary Protections
• M8: Security Misconfiguration
• M9: Insecure Data Storage
• M10: Insufficient Cryptography

Comparison between 2016 and 2024

Vulnerabilities which didn’t make the place on Final Top 10 list, but in future we may consider them.

• Data Leakage
• Hardcoded Secrets
• Insecure Access Control
• Path Overwrite and Path Traversal
• Unprotected Endpoints (Deeplink, Activitity, Service …)
• Unsafe Sharing