The Smartphone Is the New Crime Scene: Mobile-First Cyber Attacks Redefine Global Digital Security

The 2025 Global Mobile Threat Report, prepared by the Centre for Police Technology (CPT), confirms that mobile devices are now the primary attack surface for cybercriminals worldwide. Smartphones—once mere communication tools—are increasingly gateways to identity, finance, enterprise, and government systems, making them high-value targets for attackers.

Rise of Mishing and Social Engineering

The report highlights a surge in mobile-targeted phishing (mishing), which now accounts for nearly one-third of all mobile threats:

• Smishing (SMS phishing) represents more than two-thirds of attacks.
• Vishing has risen by 28% and smishing by 22%, fueled in part by generative AI.
• Attackers increasingly use PDF-based phishing via SMS, bypassing traditional security filters.

From a law-enforcement perspective, these threats are especially concerning for government officials, police personnel, and critical infrastructure operators.

Device Vulnerabilities and Legacy Hardware

CPT research reveals that 25% of global mobile devices cannot upgrade their operating systems, leaving them permanently exposed to known vulnerabilities. Additionally, 23.5% of enterprise-connected devices run sideloaded apps, which often contain malicious or repackaged code, posing risks of fraud and covert surveillance.

Application-Level and Data Sovereignty Risks

The report uncovers risks in enterprise apps:

• 23% of work-related apps communicate with servers in high-risk or embargoed countries.
• This can lead to data sovereignty violations and unauthorized cross-border data transfers, often invisible to users and IT teams.

AI Integration: The Invisible Risk

AI-enabled mobile apps have grown 160% on enterprise devices. While they enhance productivity, they also create opaque data pipelines, making it difficult to trace:

• Data leakage
• Surveillance misuse
• Cross-jurisdictional cyber incidents

CPT Observations

“A single compromised smartphone can provide attackers persistent access to personal, corporate, and government ecosystems,” notes CPT. Mobile security failures now directly translate to cybercrime, fraud, and national security risks.

Recommendations

CPT recommends:

1. Deploy AI-enabled mobile threat protection to counter advanced mishing.
2. Decommission non-upgradeable devices in sensitive environments.
3. Continuously vet all mobile applications, including AI-enabled apps.
4. Implement device attestation to detect compromised or rooted devices.
5. Conduct targeted awareness programs for government officials, police, and enterprise users.

Mobile security is no longer a technical afterthought—it is a frontline issue in cybercrime prevention and national resilience. Coordinated action across technology, policy, and human behavior is essential to protect this critical attack surface.

For live demos of mobile protection solutions, visit: Algoritha Product Demo
For research collaboration or advisory support, contact CPT at contact@centreforpolicetechnogy.org.