Mobile security can be tested in a variety of ways. You can apply black box testing to test the server side logic that your mobile app is working with, as we've recently blogged about.
You can also apply static analysis to test the client side. The following short video shows exactly how that's done using IBM Security AppScan Source Edition:
For a more complete overview of mobile security, check out the webcast we've recently published.