For many mobile apps, the only state that is known to be compliant is the initial state, because there is no documented security policy regarding state transitions. An app could be compromised, providing an attack vector to the app and OS if shutdown and aborts are not designed to keep the app in a secure state