NowSecure Privacy helps organizations protect mobile apps from data leaks

NowSecure announced the release of NowSecure Privacy, a privacy solution for mobile applications. With this launch, developers, security teams, and privacy professionals gain the capabilities needed to identify and fix systemic blind spots that compromise mobile application privacy.

NowSecure Privacy enables organizations to analyze, detect, and eliminate privacy leaks across both first-party and third-party mobile apps before they become breaches and public incidents. It ensures that public app store data usage attestations (formal disclosures developers make when publishing an app in a public app store about what data is being collected and how it’s being used) match how the app is actually behaving.

This enables enterprises to avoid embarrassing and costly privacy violations, comply with global data privacy regulations, and maintain uninterrupted app store availability.

New research reveals widespread mobile app privacy risks

In conjunction with the launch, NowSecure has published new research that shows how mobile applications expose sensitive data and create privacy risks. The research is an indictment of current analysis methods that lack the capabilities to prevent these issues.

Key findings include:

• In 50,000 apps NowSecure tested in August, over 77% were found to contain common forms of PII.
• It’s well known that the vast majority of mobile apps are built using third-party components (SDKs, etc.). We found that 98% of iOS apps have incomplete privacy manifests due to omissions relating to third party components, violating Apple transparency requirements and creating major blind spots.
• 35% of iOS apps fail to declare collected data that NowSecure observed during testing. And 10% of Android apps don’t even declare a data safety section in the Google Play app store listing.
• Since August 2025, 75% of iOS apps and 70% of Android apps tested (25,000) have both sensitive data and tracking domains, meaning they collect, store, or transmit, and/or share sensitive data with third parties.
• Of 183k mobile apps scanned in 2025,18.3% (33,396 apps) use artificial intelligence and 3,541 send data to AI endpoints which introduces privacy and security risks including sensitive data leakage and loss of IP.

Mobile app security testing is essential to eliminate security vulnerabilities but is not designed to identify and eliminate privacy risks. NowSecure Privacy identifies hidden data flows that expose gaps between attestations and actual data collection and sharing in SDKs. Both security and privacy testing are essential to protect customer data, meet compliance requirements and protect the organization’s brand.

“When it comes to enterprise privacy risk, mobile applications are some of the worst offenders, yet the risks persist unaddressed,” said Ed Amoroso, CEO of Tag Cyber. “NowSecure Privacy is a major step forward in mobile application risk management. It provides enterprises with the visibility and control to maintain both code integrity and data privacy while bolstering user trust and safety.”

Privacy risk detection and management

Built on NowSecure’s mobile app risk management solution, NowSecure Privacy delivers:

• Automated privacy testing at scale – Continuous static, dynamic, and human-augmented testing uncovers hidden data leaks, unsafe SDKs, excessive permissions, improper AI usage, incorrect MFA implementation and unauthorized data sharing across all app versions and releases.
• Privacy risk reporting – Detailed findings identify what data is leaking or inadvertently shared, its source (first-party code, SDK, or API), and where it is sent, including ad networks, analytics providers, and data brokers.
• Regulatory & business impact analysis – Findings are mapped against OWASP MASVS Privacy standards and global regulations such as GDPR, CCPA, COPPA, HIPAA, and can be used to support compliance with numerous U.S. state privacy laws. This enables risk-based prioritization, streamlined governance reporting, and faster executive attestation. This also allows for OWASP MASVS Privacy Attestation so organizations can demonstrate their commitment to Privacy.
• End-to-end workflow integration – Integrated automation and reporting empower developers, AppSec, end-user computing, and privacy teams to identify, triage, and remediate leaks before they become breaches, ensuring every app release is privacy-ready.

“Mobile application risk is data-centric and privacy is all about properly managing and securing data. Strong mobile security requires equally strong privacy controls,” said Alan Snyder, CEO of NowSecure. “Our solution gives enterprises full visibility into what data their apps collect, share, and transmit—allowing them to prevent violations before they become a reputation or regulatory incident.”