Keep applications updated so that you are running the version with the latest security patches and updates. Application developers will often release a new update or version if their software is compromised in any way.
Install mobile security software (works like antivirus software on a workstation).
The majority of mobile phones do not include firewall protection. Firewalls not only protect your online privacy when browsing, but can be used to only allow authorised apps to access the internet through a set of firewall rules.
Many mobile devices are compromised when they are lost and stolen. Use a passcode to lock the screen.
Only download apps from stores that vet applications: Apple App Store and Google Play have been vetted to ensure they are safe. This is not a guarantee that no app will slip through the vetting process. For example, attackers managed to distribute a fake “WhatsApp” app to millions of mobile users via the official Google Play Store by simply adding a Unicode-encoded space at the end of WhatsApp’s ID, and a fake app named Teligram sneaked into the Google Play, pretending to be a new version of the real Telegram app, but some vetting is better than the wild west without sherrif, and the vetting process is continuously being improved also.