Mobile app use surged ahead in 2025 globally, with the average user spending nearly 5 hours daily. Mobile app security faces a complex and evolving landscape as regulators call for stringent compliance, improved malware detection, and controls against unauthorized app installations.
Security solutions now focus on real-time threat intelligence, app shielding, and dynamic policy enforcement to maintain trust and regulatory alignment.
Threat actors remain at the forefront, if not ahead, in the use of cutting-edge technologies to break defence mechanisms. Asia’s booming mobile market incentivizes investment in secure app development, privacy-first user experiences, and innovative security frameworks that can scale with the region’s dynamic digital ecosystem.
The accelerating threat landscape
Jan Sysmans, mobile app defence evangelist for Appdome, highlights that the mobile security landscape is facing "escalating challenges from AI-powered attacks like advanced malware and biometric bypasses, which are constantly evolving."
Traditional defences, he warns, are "proving insufficient against these dynamic threats." The proliferation of AI-driven attacks means that static, signature-based security models can no longer keep pace.
According to Appdome's (yeo to be released) "2025 Message to Mobile Businesses", attackers are innovating at an alarming rate, with AI being "used to enhance existing attacks and create new attacks faster than ever."
The report specifically notes that "in 2025, AI is being used to generate deepfakes to bypass Face ID and spread attack know-how to the masses. Next, AI Agents will be used for better social engineering, On-Device Fraud and ATOs [Account Takeovers]."
This creates a widening gap between threat evolution and defensive capabilities. While industry regulations and standards like OWASP move at a slow to medium pace, the hacker community, organised crime, and AI-powered threats are evolving at the fastest rate.
Sysmans explains, "A new paradigm is crucial: AI-native security platforms."
The mobile defence dilemma
Appdome's 2025 report starkly illustrates that "mobile defence is moving too slow." It points out that mobile businesses are "facing new risks but...are struggling to get the needed defences live."
The report claims Sysmans identifies several key barriers: "Lack of resources, implementation complexity, too many point products, technical overlaps, and poor user experiences have held back time to market for all defences."
This aligns with Sysmans' observation that organisations need to move beyond fragmented security approaches: "Organisations are increasingly consolidating security tools onto unified platforms, moving away from disparate point solutions."
"This trend is vital for better threat coverage, especially in regions like Asia where procurement often prioritizes lowest cost, potentially leading to complex implementations and a lack of futureproofing against evolving threats." Jan Sysmans
Performance, flexibility, and developer experience
A common concern with embedding security into apps is the potential impact on performance and user experience. Sysmans claims
Appdome addresses this with a security framework that directly integrates protective measures into mobile applications during the build process. He also stresses that that during the app building and signing phases, Appdome actively optimises the application.
"This process often leads to (but not always) a reduced overall package size for the secured app, enhancing performance and user experience," he beams.
AI-native security: the new imperative
Appdome's 2025 report makes a clear call to action: "Get Cyber to be A.I. Native [or else]." It emphasises the need to "Use AI to accelerate defence delivery, threat monitoring and response, and end user sup[port]."
This aligns with Sysmans' assertion that "proactive AI is key to future security. Given the unknown potential of AI to create increasingly sophisticated attacks, leveraging AI-native platforms deeply integrated into the protection process is paramount for proactive threat identification and swift countermeasure deployment."
The report illustrates the current threat landscape with a comprehensive diagram showing the range of threats mobile businesses face, including fake location services, account takeovers, on-device fraud, bots and DDoS attacks, AI-deep fakes, and social engineering scams.
Sysmans warns, "AI is increasingly undermining biometric security, with real-world instances showing AI-driven attacks bypassing liveness checks. This demonstrates that even passwordless solutions relying on biometrics are not inherently secure, as compromising the biometric element can compromise the entire authentication flow."
Proactive defence against sophisticated threats
Sysmans is clear that future-proofing mobile app security requires more than just compliance or basic protections. He advocates for a layered, proactive approach: "Apps need dynamic certificate pinning and 'Threat Events' to customise responses beyond simple closure, as instability from aggressive security risks app store penalties."
He adds, "AI-driven solutions tailor threat responses and monitor devices for malware like banking Trojans, automatically restricting transactions. This ensures robust, intelligent in-app protections and leverages threat frameworks to disrupt social engineering attacks like voice phishing."
DevOps, automation, and unified security management
For development teams, Sysmans stresses the importance of seamless DevOps integration and automation: "Developers need platforms with seamless DevOps integration and strong automation. This enables quick security model adjustments, adapting to new threats without disrupting workflows."
He continues, "Comprehensive auditability is also vital for developer compliance and demonstrating security measures. Cybersecurity teams require automated platforms for efficient, collaborative management.
"These tools empower them to quickly identify, build, and deploy defences against evolving threats, while offering auditable artefacts to streamline releases and prove regulatory compliance."
This approach directly addresses the challenges identified in Appdome's 2025 report, which highlights implementation complexity and resource constraints as major barriers to effective mobile security.
Balancing security and user experience
A perennial challenge is balancing robust security with a seamless user experience. Sysmans believes platforms like Appdome are crucial: "Developers naturally prioritise creating engaging user experiences and features, " he asserts.
"Platforms are crucial because they enable developers to maintain this focus while seamlessly integrating and rapidly updating robust security models, effectively balancing critical security needs with a smooth user experience." Jan Sysmans
He asserts, however, that "traditional SDK-based security products struggle against the escalating challenge of AI-driven mobile attacks. Therefore, it's vital for them to adopt comprehensive platforms that offer centralised security management and control, ensuring effective defence where conventional methods fall short."
Securing microservices and open-source components
With modern mobile apps increasingly built from a collection of microservices and open-source components, "development teams, even with top talent, face resource limitations and time constraints," says Sysman.
"Recognising this, prioritising speed becomes a fundamental aspect of their development strategy, making solutions that streamline security integration critical," he continues.
Compliance and regulatory demands in Asia
Regulatory requirements in Asia are becoming more stringent, but Sysmans notes that compliance alone is not enough. Regulators are holding brands accountable for security outcomes, not just compliance.
"Singaporean regulators are actively holding brands accountable for app security, emphasising that mere compliance doesn't guarantee protection," reminds Sysmans.
"Traditional SDK-based solutions, while useful for meeting basic requirements, often fall short against today's sophisticated and evolving cyber threats," he warns.
A proactive, AI-native security is not an option
Sysmans concludes with a call to action: "Effective AI-based security models depend heavily on the quality and volume of their training data. This underscores the vital role of platforms capable of analysing vast amounts of threat intelligence to ensure the efficacy of their defensive capabilities."
He believes that "proactive AI is key to future security. Given the unknown potential of AI to create increasingly sophisticated attacks, leveraging AI-native platforms deeply integrated into the protection process is paramount for proactive threat identification and swift countermeasure deployment."