App Dark Supply Chain: SDKs, AI & Hidden Tracking

October 1, 2025 Lisa Park Tech
News Context
At a glance
  • Here's a breakdown of the key⁣ takeaways from the provided ⁤text, focusing on the core‌ message and supporting details:
  • Mobile app growth is a ‍boon for business, but it's creating notable ​privacy and security risks due to​ overlooked vulnerabilities, ⁣especially concerning data handling and the increasing use...
  • * Mobile ⁤as a Target: The popularity of mobile apps makes ‍them attractive targets for hackers.
Original source: forbes.com

Here’s a breakdown of the key⁣ takeaways from the provided ⁤text, focusing on the core‌ message and supporting details:

Core Message:

Mobile app growth is a ‍boon for business, but it’s creating notable ​privacy and security risks due to​ overlooked vulnerabilities, ⁣especially concerning data handling and the increasing use of AI. The responsibility for addressing these ⁤risks⁢ lies with‌ app developers, not⁢ consumers.

Key Supporting points:

* Mobile ⁤as a Target: The popularity of mobile apps makes ‍them attractive targets for hackers.
*⁣ Overlooked Security: Mobile security is often neglected, leading to vulnerabilities.
* Data⁤ Spillage: ⁣ apps often collect and share data in ways users are unaware​ of, due to issues like:
* Permissive defaults
* Rushed releases
* ‍ Lack of review of third-party libraries (SDKs)
*‌ ⁤ Manifest Issues: iOS apps ⁤frequently fail to accurately declare what data they collect, ​and often lack‍ necessary‍ privacy manifests, particularly for ⁣SDKs. nowsecure research⁣ found over 90% of privacy attestations are incorrect.
* ⁣ AI Amplifies Risks: The integration‌ of AI⁣ (both‌ directly in apps ⁤and within SDKs) introduces new data ⁤flows, vendors, and risks, making it⁤ harder to track data movement and storage.
* Developer ‍Responsibility: The onus is on app developers to prioritize security and ⁤privacy, not on consumers to protect themselves.
* Trust as Proof: Trust isn’t just marketing; it ⁤needs ⁣to be demonstrably earned through secure and transparent ⁣practices.

Key People Quoted & Their Contributions:

* Melinda Marks (Enterprise Strategy Group): Highlights the business benefits of mobile apps and the corresponding increase in security‍ risks.
* snyder ‌(NowSecure): Details ⁣the findings of NowSecure’s ‍research, emphasizing the discrepancy between claimed⁤ data practices and ⁤actual ‍code​ behavior.
* Jon ⁢Brody (NowSecure): Reinforces ‍the idea that trust ​is earned through proof, not ‌just marketing claims.

In ⁢essence, the article ⁤is⁣ a ‍warning about the growing gap between the convenience and business advantages of mobile apps and the often-hidden ⁣privacy and security ⁣risks they pose. It calls for developers to take ownership ⁢of these risks ⁢and prioritize building trustworthy applications.

, , , , , , , ,