Mobile commerce and location-aware services promise to combine the conveniences of both online and offline bricks-and-mortar services. Just as agent-enabled desktop computers can be used to improve a user s e-commerce experience, so can agent-enabled mobile devices be used to improve a user s mobile commerce experience. Agent-enabled mobile devices can perform complex and time-consuming tasks not well-suited for the small and cumbersome user interfaces available on most mobile devices, can interact with other mobile devices over more than one interface, and can accompany users under circumstances in which the desktop computers cannot. Agent-enabled mobile devices, however, present new security challenges and risks. While e-commerce agents run the risk of disclosing one s identity in cyberspace, agent-enabled mobile devices running location-aware applications, run the risk of disclosing one s actual physical location in addition to other personal information. This paper outlines security and privacy issues and provides security guidelines for agent-based location-aware mobile commerce.