A mobile application security system and method, in the preferred embodiment, permits authentication of a user of a sensitive mobile application dispatched from a vulnerable host to occur, but does not perform user authentication for non-sensitive mobile applications or for sensitive mobile applications dispatched from non-vulnerable hosts. A hub and spoke architecture and a peer-to-peer architecture are described.