Mobile devices and the risk posed by vulnerabilities in the software that runs them are proliferating. This talk scrutinizes challenges faced in securing mobile apps and contrasts them with legacy software security initiatives. We discuss how outsourcing confounds security efforts, how the mobile app lifecycle makes risk a hot potato, and conclude with the top mobile threats and how to avoid them.