Nowadays, smartphones have become an essential part of our daily life and work. Unfortunately, threats to smartphones and the relevant ecosystem are also growing at a staggering rate. For instance, vulnerabilities in mobile apps might be leveraged by attackers to steal private user data and cause financial loss to enterprises. Malicious apps could penetrate into centralized app stores and infect a large number of users in a short time period. In this talk, I will present our research efforts to systematically secure the mobile application ecosystem against current and emerging threats. First, I will discuss the work of detecting malicious apps in various app stores (e.g., Google Play) and understanding the overall health. Then I will present the work of discovering two types of vulnerabilities existing in a large number of popular mobile apps. After that, I will talk about my latest work ARMlock, which aims to confine untrusted software components and protect mobile devices from being tampered with. At last, I will discuss possible directions for future research.