NowSecure, a leading authority in Mobile Application Risk Management (MARM), has unveiled its latest innovation: the NowSecure Mobile Application Risk Checker (MARC). This free, publicly accessible tool is designed to provide actionable insights into thousands of mobile applications, helping IT, security, and privacy professionals identify, understand, and mitigate mobile app-related risks efficiently.

“Mobile apps often handle highly sensitive and business-critical data, yet compared to web and cloud applications, there is limited focus on managing security and privacy risks within these apps and their third-party components,” said Alan Snyder, CEO of NowSecure. “MARC was created as a free resource to raise awareness of these crucial risks affecting both businesses and consumers.”

Cyber Technology Insights : Patero and Calibr8 Partner to Drive Global Adoption of Post-Quantum Cryptography

Introducing MARC: A Public Mobile App Risk Database

Mobile applications frequently access sensitive information—ranging from financial transactions to personal health data—yet organizations rarely have visibility into the third-party elements used during app development. Research by NowSecure indicates that these components can contain hidden data flows, leaving organizations vulnerable to theft, data leakage, and loss. The rising number of mobile app-related breaches, alongside stricter privacy regulations, reinforces a critical point: mobile app risk equates to data risk.

MARC is a public repository of apps sourced from the Apple App Store and Google Play, downloaded and tested without using any customer data. Users can explore app behavior and properties to identify potential risks through a detailed view of results across five key risk areas:

  • Permissions – Evaluates the type of data an app can access. Mismanaged permissions can allow unauthorized access to sensitive information and device features.
  • Sensitive Data Collection & Sharing – Tracks the sensitive information handled by the app and identifies potential exposures that could lead to breaches or compliance violations.
  • Privacy Declarations – Checks whether an app adheres to its stated privacy policies. Despite app store requirements, many apps provide incomplete or misleading information about data collection and usage.

Cyber Technology Insights : Pentera Acquires AI-Remediation Platform DevOcean to Automate Cyber Risk Reduction

  • Network Connections – Monitors where the app sends data. Unrestricted communication with external servers can put proprietary or business-sensitive data at risk.
  • AI Integration – Assesses whether AI components exist in the app and how they handle sensitive information, which could introduce unexpected vulnerabilities.

It is important to note that MARC does not assign an inherent risk rating to any app. Users should evaluate risk based on the app’s importance, the type of information it collects and shares, and the responsibilities of its developers. MARC’s results are derived solely from publicly available data, ensuring no customer information is used in testing.

By providing transparency into mobile applications, MARC empowers organizations to make informed decisions and take proactive steps toward safeguarding their data and users’ privacy.

Cyber Technology Insights : Futurex Opens Middle East Office and Local Data Centers to Deliver Best-in-Class Cryptographic Services

To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com