There are a number of ways users can access shady content via their mobile device. Messaging poses a particualr threat in the form of SMS. Spam texts containing links to sites that pose threats are not unheard of, for example, and users should avoid opening links from sources they don't recognize.
Equally risky is downloading apps from third-party app stores. Apple and Google may not be flawless in their approach to weeding out questionable apps from the App Store and Google Play, respectively, but at least there is some sort of screening process. When you download software from untrusted sources that are not, for example, Google or Apple approved, there's no telling what kind of malicious software you may end up with.