Concerning the Software Token for the Smartphone.

[Alhanelem]

That's the same argument people say about Macintosh. Macintosh is just the same as Windows, hackers are not going after them because not a lot of people use a Macintosh. Yes right now, there are not a lot of viruses for smart phones right now but that is increasing as more and more people start to use smart phones.

no, it's not just a popularity thing. Smart phones are more limited in certain ways what you can do with them but these limitations also make them less vulnerable to attacks. There is also usually less to gain from attacking someone's phone, because there is generally less data stored on them. Attacking smartphones is not as easy as attacking a Windows PC- script kiddies and creators of malicious software generally take the path of least resistance. Why waste more time hacking something that's less likely to prove useful to the attacker when they can more easily get into something that's more likely to be a treasure trove of stealable information?

Also being that phones and other small devices are easily lost / stolen, it is much, much more common (and much easier) to steal someone's actual phone and break into it directly, rather than trying to attack it remotely. And this type of attack, known as "man in the middle," works equally with both the phone app and the physical token.