With cell phones and other mobile devices, which generally do not have security applications installed, there really isn't a threat that a malicious application would ever get detected - there's literally nothing there to detect a malicious program. So, the biggest deterrents at this point are getting the malicious software onto the device and the malware writers obtaining the necessary skills to write the specific applications to achieve the functionality they desire. Keylogging, e-mail logging, browser redirection, remote control, uploading sensitive data, etc. are all possible. With more and more users utilizing their cell phones for Internet-related tasks, an attack vector is being created for these devices to become infected. So, what can be gained from infecting cell phones is very similar to what can be gained from infecting a PC, though PC's have protection and most cell phones do not.

What kind of a threat is spyware to cell phones at the moment? What are the examples of cell phone spyware in the wild today?

Cell phone spyware today can capture e-mails and text messages, allow a remote user to silently turn the phone on to listen to whatever conversations are taking place in the area, and give the exact location of the phone via GPS. I believe that any reasonable person would consider this a considerable threat. There are at least half a dozen Internet sites that sell spyware for these devices and without antivirus/antispyware software to detect these unwanted applications, most cell phones are completely vulnerable to these attacks.


Is phone call encryption the answer to the majority of possible problems?

Today, many phone calls have at least a minimal level of encryption provided automatically by their cell phone network provider. In fact, it's not uncommon to see 256-bit AES being used by network providers to encrypt phone conversations. While adding an additional layer of protection by utilizing a phone call encryption application can add a higher level of protection in areas where the inherent encryption is deficient and certainly for those working in government positions, this alone will not address threats from malware, direct attack, physical compromise, etc.