Report submitted for the degree of Bsc in Computer Network and Security Universiti Teknologi Brunei. Abstract Mobile devices have outnumbered PCs and laptops to become the prime medium for accessing content and services. Due to its ability to handle many useful and creative applications, enterprises are rapidly adopting innovative applications to transform their business capabilities as the mobile presence is critical for businesses to attract new customers. While Android, the most popular open-source mobile platform, has its own set of permissions to protect the device and resources, however, it does not provide a security framework to defend against any attack. Hence, it is imperative to make the applications more secure and reliable. In this project a threat modelling process will be conducted on local existing applications from Google Play Store with objectives to identify the possible threats and vulnerabilities with reference to OWASP top 10 security risks. These vulnerabilities are then to be rated according to its risk of exploitation, among several application for comparisons by using DREAD. Penetration testing were also carried out to test the security of the application by following the freely available mobile security testing guide by OWASP. Microsoft's STRIDE tools are the features used for threat modelling process and an open source tools such as Kali Linux, Burpsuite, MobSF and Drozer etc for implementing the penetration testing.