Mobile applications pose a significant, undisclosed threat to user privacy, with a new study revealing widespread failures in data transparency and compliance across millions of programs.
Cybersecurity firm NowSecure analyzed more than four million public mobile applications through its Mobile Application Risk Intelligence (MARI) service, which continuously assesses risks related to security, compliance, protection, and privacy.
The company characterized mobile apps as a “privacy risk blind spot” for organizations. Their findings indicated that a substantial number of applications fail to provide basic transparency regarding data collection.
As of August 2025, a review of 23,300 iOS app sets found that 42% lacked a primary privacy manifesto, which developers use to inform users about data practices. An even higher 97% did not have the required privacy manifestos for their third-party software development kits (SDKs).
For the same period, 35% of the tested iOS applications did not disclose what data they collected and shared, according to the report.
On the Android ecosystem, NowSecure’s analysis of 10,500 apps showed that 10% had not published a data security section in the Google Play Store. Additionally, 40% did not declare support for user requests to erase provided data, a common regulatory privacy obligation.
The report emphasized that mobile applications accumulate vast amounts of user data, often through granted permissions. By August 2025, 75% of tested iOS apps and 70% of Android apps contained sensitive data and tracking domains.
These applications can gain access to sensitive information through dangerous permissions, including a user’s camera, microphone, geolocation, communication services, sensor data, and private files.
The integration of artificial intelligence (AI) further complicates privacy. Out of 183,000 mobile applications analyzed in 2025, 18% (33,396 apps) utilized AI, and 2% (3,541 apps) sent data to AI endpoints.
This practice introduces new privacy and security risks, such as the leakage of sensitive data and the loss of intellectual property.
Separately, the technology news website BGR highlighted specific applications, drawing on various reports and past data disclosure cases. Following the NowSecure study, BGR compiled a list of eight common iOS applications it suggested could potentially be monitoring users.
These included Siri, Google Chrome, Facebook and Instagram, TikTok, DoorDash, free VPN applications, LinkedIn, and Cleaner Kit.