Various researchers have report security-bugs, but they remain open for years, see:
I have written and reported on mobile security issues and testing. However it feels like until somebody actually exploits a fault and the exploitation makes the news, many vendors and app providers do nothing.
I do not put any information on my phone that I don’t want public. I am even unsure about using many mobile web apps with register logins. If the mobile app world wants to become trusted, I feel they must do a better job, but just like the web world during the “.com” bubble of years back, I suspect it will take time until companies come to understand the importance of quality and security of the mobile world.
It is sad.