A nice start but not enough
Well, I'm not a mobile app developer but it would seem to me that code is code essentially so while in the PC world, malware has evolved greatly, I don't see what that would be very different in the mobile world, yet, the mobile security products seem to be only in their infancy thus it will be easy for malware developers to overcome it. For example, does ZAP have solid tamper protection? But how can it, when other Android apps are given full priveldges on the device, thus malware can remove ZAP before it even gets to be involved. Don't get me wrong I applaud that we are starting to see security at some level for mobile, because mobile is a security hole the size of Jupiter, but I fear it's not evolved enough. And the problem is that, for example, a rootkit in the PC world often never goes away even if you've run updated scans that "clean" the latest file running in ..\local settings\temp or what not, so you have the wipe the machine and re-install the OS. Not something people know to do on a mobile, so we'll have millions of rooted mobile devices out there, and by the time robust security is available those devices will already be owned and part of a botnet or whatever.
I do plead ignorance about ZAP though and have no idea what other things are out there. Example: I know Symantec has a Mobile security platform but no idea what it does.
