The introduction of smart phones in the mid-2000s forever changed the way users interact with data and computation--and through it prompted a renaissance of digital innovation. Yet, at the same time, the architectures, applications and services that fostered this new reality fundamentally altered the relationship between users and security and privacy. In this talk I map the scientific community's initial efforts evaluating smart phone application security and privacy. I consider several key scientific questions and explore the methods and tools used to answer them. In this talk, I show how our joint understanding of adversary and industry practices have matured over time, and conclude with a discussion of the open problems and opportunities in mobile device security and privacy.