Third-generation (3G) mobile phones are capable of high data rate Internet connection and promise seamless connectivity for a free roaming user. They can provide an "always on" Internet, and make a range of services, traditionally available on desktop computers, accessible to mobile users, irrespective of their location. Providing adequate security for these phones and the services that they offer is a central concern for their acceptability and uptake. We briefly review the security of second generation mobile phones and then discuss security architecture proposed for 3G phones. The new security issues that are of importance because of the combination of their advanced capabilities and limitations are discussed.