In this short talk we will present three of the worst vulnerabilities found in mobile apps, as part of the 7-year effort at Aarhus University to analyze more than 100 applications in the Network/Systems Security courses. We also briefly discuss how the Danish cybersecurity law makes our job harder.