This book constitutes the thoroughly refereed post-conference proceedings of the fourth International ICST Conference on Security and Privacy in Mobile Information and Communication Systems (MOBISEC 2012) held in Frankfurt/Main, Germany, in June 2012. The 13 revised full papers were carefully selected from numerous submissions and cover the application layer of security, highlighting the practical importance of security of mobile devices in concrete usages. Contributions to MobiSec 2012 range from treatments on user privacy issues, over mobile application and app security, to mobile identity management, and NFC. With the orientation toward applications, MobiSec is a perfect interface between academia and industry in the field of mobile communications.

The first six papers deal with computer security technology that operates in rapidly changing environments and has to adapt to their shifting conditions. The technology or application envisaged in the second six operates or assumes a static outcome that can, for instance, be used forensically. The second half of the book contains a proposal to quantify the time scales on which IT security lives may be a major contribution of this volume. The authors identify three main axes. First, the time scale of practical relevance. It denominates approximately the middle of the time range during which the problem treated by the technology becomes imminent to the IS&T community, through the demands of the market. Second, the technological research and development (R&D) time scale. It is a forecast of when the technological solution will be "there". This means in effect the first of two milestones in technology evolution: a) when a technology has made the breakthrough to be in principle, ie: theoretically and economically applicable and viable, and b) when it is matured to reach prevalence in IS&T, ie: to become textbook standard. The second point in time hinges obviously on external factors not amenable to analysis within the discipline proper. Third, we have the event horizon of the technology in question. That deals with the issue of the sustainability of the solution: May it be surpassed by the skills of attackers using advances in other areas? Can it be foreseen that it will be overcome by even better solutions?