New research underscores the need to eliminate hidden privacy leaks across mobile applications that expose organizations to fines, theft, fraud and reputational damage.
NowSecure, the recognized leader in Mobile Application Risk Management (MARM), announced the release of NowSecure Privacy, the industryโs first and only comprehensive privacy solution for mobile applications. With this launch, developers, security and privacy professionals finally get the capabilities needed to find and fix systemic blind spots that degrade mobile application privacy.
NowSecure Privacy enables organizations to analyze, detect, and eliminate privacy leaks across both first-party and third-party mobile apps before they become breaches and public incidents. It ensures that public app store data usage attestations (formal disclosures developers make when publishing an app in a public app store about what data is being collected and how it’s being used) match how the app is actually behaving. This enables enterprises to avoid embarrassing and costly privacy violations, comply with global data privacy regulations, and maintain uninterrupted app store availability.
Also Read:ย CIO Influence Interview with Dipto Chakravarty, Chief Product and Technology Officer at Black Duck
Newย Research Reveals Widespread Mobile App Privacy Risks
In conjunction with the launch, NowSecure hasย published new researchย that highlights how mobile applications expose sensitive data and create privacy risks. The research is an indictment of current analysis methods that lack the capabilities to prevent these issues. Key findings include:
- In 50,000 apps NowSecure tested in August, over 77% were found to contain common forms of PII.
- Itโs well known that theย vast majorityย of mobile apps are built using third-party components (SDKs, etc.). We found that 98% of iOS apps have incomplete privacy manifests due to omissions relating to third party components, violating Apple transparency requirements and creating major blind spots.
- 35% of iOS apps fail to declare collected data that NowSecure observed during testing. And 10% of Android apps donโt even declare a data safety section in the Google Play app store listing.
- Since August 2025, 75% of iOS apps and 70% of Android apps tested (25,000) have both sensitive data and tracking domains, meaning they collect, store, or transmit, and/or share sensitive data with third parties.
- Of 183K mobile apps scanned in 2025, 18.3% (33,396 apps) use artificial intelligence and 3,541 send data to AI endpoints which introduces privacy and security risks including sensitive data leakage and loss of IP.
Mobile app security testing is essential to eliminate security vulnerabilities but is not designed to identify and eliminate privacy risks. NowSecure Privacy identifies hidden data flows that expose gaps between attestations and actual data collection and sharing in SDKs. Both security and privacy testing are essential to protect customer data, meet compliance requirements and protect the organizationโs brand.
โWhen it comes to enterprise privacy risk, mobile applications are some of the worst offenders, yet the risks persist unaddressed,โ said Ed Amoroso, CEO of Tag Cyber, a cybersecurity research and advisory firm. โNowSecure Privacy is a major step forward in mobile application risk management. It provides enterprises with the visibility and control to maintain both code integrity and data privacy while bolstering user trust and safety.โ
Comprehensive Privacy Risk Detection and Management
Built on NowSecureโs market-leading mobile app risk management solution, NowSecure Privacy delivers:
- Automated Privacy Testing at Scale
Continuous static, dynamic, and human-augmented testing uncovers hidden data leaks, unsafe SDKs, excessive permissions, improper AI usage, incorrect MFA implementation and unauthorized data sharing across all app versions and releases. - Comprehensive Privacy Risk Reporting
Detailed findings identify what data is leaking or inadvertently shared, its source (first-party code, SDK, or API), and where it is sent, including ad networks, analytics providers, and data brokers. - Regulatory & Business Impact Analysis
Findings are mapped against OWASP MASVS Privacy standards and global regulations such as GDPR, CCPA, COPPA, HIPAA, and can be used to support compliance with numerous U.S. state privacy laws. This enables risk-based prioritization, streamlined governance reporting, and faster executive attestation. This also allows for OWASP MASVS Privacy Attestation so organizations can demonstrate their commitment to Privacy. - End-to-End Workflow Integration
Integrated automation and reporting empower developers, AppSec, end-user computing, and privacy teams to identify, triage, and remediate leaks before they become breaches, ensuring every app release is privacy-ready.
โMobile application risk is data-centric and privacy is all about properly managing and securing data. Strong mobile security requires equally strong privacy controls,โ said Alan Snyder, CEO of NowSecure. โOur solution gives enterprises full visibility into what data their apps collect, share, and transmitโallowing them to prevent violations before they become a reputation or regulatory incident.โ
The NowSecure Mobile App Privacy Risk Solution is available immediately as part of the NowSecure Mobile Application Risk Management (MARM) platform. It is the only automated, continuous, and comprehensive privacy risk management solution purpose-built for mobile applications.
Catch more CIO Insights:ย CIOs and the Inferencing Economy: Planning for a Future Where AI is Always On
[To share your insights with us, please write toย psen@itechseries.com ]
