![\"Unlocked](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/10\/960x0.jpg\")
<\/p>\n<\/p>\n
Behind every tap, mobile apps leak more than they admit. Opaque SDKs and embedded AI move data off-device; shifting the burden to developers and making privacy testing routine is how brands earn trust back.<\/p>\n
getty<\/p>\n
Mobile is where customers live. It\u2019s also where privacy goes missing. <\/p>\n
I spoke recently with NowSecure CEO Alan Snyder<\/a> and he didn\u2019t mince words: \u201cThe mobile app is the best surveillance tool ever created on the planet.\u201d That sticks because it\u2019s true on both sides. Users trade convenience for exposure. Companies trade speed for visibility.<\/p>\n \u201cSuccess in any industry often depends on the ability to create software applications that can be accessed and used from any device. When applications can be easily accessed and used from mobile devices, it can drive more business and monetary transactions,\u201d emphasized Melinda Marks<\/a>, practice director for cybersecurity at Enterprise Strategy Group. \u201cHowever, mobile security is often overlooked, so hackers often target vulnerabilities in mobile applications.\u201d <\/p>\n The message is simple: mobile growth is good for business, which makes it a magnet for attackers\u2014and a stress test for trust.<\/p>\n The gap shows up in small choices that add up: permissive defaults, rushed releases and libraries dropped in without review. Teams intend to do the right thing. Then deadlines hit, SDKs update in the background and disclosures drift away from reality. <\/p>\n What you end up with are apps that feel helpful but quietly spill data to places most people never see.<\/p>\n What the data shows\u2014and why it\u2019s growing<\/p>\n Recent testing paints a pattern. Many iOS and Android apps handle sensitive data and call tracking domains. That doesn\u2019t automatically mean abuse, but it does mean data is moving\u2014farther and faster than most risk teams realize. According to research from NowSecure<\/a>, a big chunk of iOS apps fail to declare what they collect. Many lack a primary privacy manifest. Almost all are missing the required manifests for third-party SDKs, which is where much of the behavior lives.<\/p>\n Snyder\u2019s team has pressed on the mismatch between claims and code. He shared with me that the bad news is their analysis found over 90% of those attestations are wrong. It\u2019s often not malice; it\u2019s blind spots. Developers know their code. They\u2019re less sure about a changing pile of third-party components.<\/p>\n AI is accelerating the problem. Almost one in five of the 183,000 apps reviewed use some form of AI. Thousands send data to external AI endpoints. That adds new data flows, new vendors and new risks. When AI hides inside SDKs as well as first-party code, even basic questions get hard: What leaves the device? Where does it go? How long is it kept?<\/p>\n Who owns the fix\u2014and how to start<\/p>\n \u201cThe burden of this should not fall to the consumer,\u201d stressed Snyder. \u201cThe burden of getting this right should fall to the app developer.\u201d <\/p>\n