Mobile devices are more readily lost or stolen than notebooks and fixed assets, putting the applications and data on or available to mobile devices at higher risk of loss or unwanted disclosure.
Mobile devices tend to be replaced more often than notebooks and desktop computers. When devices are retired, handed down, donated or otherwise given away, the applications and data can easily be given away as well.
Users tend to be more lax about security measures on mobile devices such as using strong pass codes or logging out of applications promptly.
Techniques for or usage of device-wide encryption are lagging behind the equivalent use of full disk encryption for notebooks.
Mobile devices, all acting as access points to services and manipulating possibly sensitive information, far outnumber personal computers and notebooks.
In Rational Requirements Composer, use story boards, sketches, use cases, and other visual techniques to describe the external and internal security requirements of the mobile application.
In Rational Quality Manager, write test cases to verify that the required security characteristics of the mobile application are met. Link requirements and requirement collections to tests and test plans to ensure that adequate testing has been planned and to clearly identify which requirements are affected by failed tests.
In Rational Team Concert, configure the change set delivery process so that change sets must be reviewed and approved before they can be delivered to an integration stream. Having a colleague or team lead review code changes lowers the chance that a security hole in the implementation of a mobile application go undetected.