Native applications are those applications that have been built specifically for the platform they are running on. These applications take advantage of the libraries and functions that are provided by a given platform to make the best use of the platform features. The security issues that may be experienced by these applications are usually the security issues that affect the underlying platform on which these applications are running, or because of the vulnerabilities that have been left by the application developers. So, let's take a look at some of the issues that affect the security of native applications:

• Vulnerabilities of the underlying platform: When an application runs over a platform, its functionality is governed by what the underlying platform exposes. If the underlying platform is vulnerable to security issues, the applications running on top of the platform will also be vulnerable, unless they implement proper measures to mitigate those vulnerabilities at the application level. These kinds of issues may involve issues with the hardware, such as the recent Spectre and Meltdown vulnerabilities that affected the x86 platform.
• Use of third-party libraries: Some applications that use third-party libraries, specifically the ones for implementing security inside the application, can indeed leave the application more vulnerable to security breaches if the developer stops maintaining those libraries or if there are some vulnerabilities that are left unfixed. Usually, a better alternative is to use the libraries that are provided by the platform itself, at least for the use case of implementing security in the application and not utilizing undocumented platform APIs, which may have unexplained security implications for the use of the application.
• Unencrypted storage of data: In case an application that may involve the storage and retrieval of data stores, the data in an unencrypted format may cause the data to be accessed by untrusted sources and may leave the data vulnerable to misuse. An application should make sure that the data it is storing is in an encrypted form.
• Unencrypted communication with third parties: A lot of applications these days depend upon third-party services to achieve a particular functionality. This is true, even inside a corporate network where an application might be making a call to a third-party authentication server inside the network to validate the user's identity. If this communication between the applications is unencrypted, it can lead to attacks, such as a man-in-the-middle attack.
• Avoiding bound checks: Those native applications that are implementing their own memory management techniques may become vulnerable in case the developers of the application miss a possible bounds check, which may allow an attacker to access data outside the application boundaries. This may cause a huge breach of the system's security, where data not only from the affected application but also from the other applications is left exposed.

This is a non-exhaustive list of issues that may affect the security of native applications. Some of these issues can be fixed easily, while others require a lot of effort from the application developers as well as the platform provider to mitigate the possible security breaches.

Now, with the knowledge of possible attack vectors that may affect the native apps, it's time for us to move on to understanding the attack vectors that may affect the web applications.