#319 Subho Halder: Why Traditional App Security Fails in the Age of AI

16 snips

Feb 1, 2026

Subho Halder, co-founder and CEO of Appnox and former mobile security researcher, explains how AI has turned apps into living systems that break traditional security. He describes fake ChatGPT-style wrappers that harvest data, why app stores often miss malicious behavior, and why trust and developer workflows must change as AI reshapes mobile risk.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Apps Are Living Systems, Not Static Code

Mobile apps evolved from static clients to living systems that learn and change continuously.
Security must shift from protecting code to monitoring behavior, intent, and outcomes of apps.

ANECDOTE

Fake ChatGPT Wrappers Harvest Phone Data

Subho describes malicious ChatGPT-style wrappers that appear legit but siphon sensitive phone data.
Appnox used AI to discover and help remove such fake apps from official stores.

INSIGHT

Store Reviews Miss Data-Farming Apps

Many fake apps are benign-looking but focus on data farming or ad revenue rather than overt malware.
Store reviews miss these because they don't trigger classic virus/malware flags.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

This episode is sponsored by tastytrade.

Trade stocks, options, futures, and crypto in one platform with low commissions and zero commission on stocks and crypto. Built for traders who think in probabilities, tastytrade offers advanced analytics, risk tools, and an AI-powered Search feature.

Learn more at https://tastytrade.com/

AI is changing how software is built, but it is also quietly breaking how security works.

In this episode of Eye on AI, host Craig Smith sits down with Subho Halder, co-founder and CEO of Appknox, to unpack a growing and largely invisible risk. AI-powered mobile apps that look safe but are not.

Subho explains how the explosion of ChatGPT-style app wrappers, agentic AI, and rapid app creation has transformed software from static code into living systems, and why traditional security models no longer hold up. From fake AI apps harvesting personal data to AI agents lowering the barrier for attackers, this conversation explores the real-world consequences of AI at scale.

You will also hear why trust has become a core security metric, how app stores struggle to detect malicious behavior, and why developer burnout is rising as AI-generated code shifts risk downstream instead of removing it.

This episode is essential listening for founders, developers, security leaders, and anyone building or relying on AI-powered applications.

Stay Updated:

Craig Smith on X: https://x.com/craigss

Eye on A.I. on X: https://x.com/EyeOn_AI (00:00) Why Mobile Apps Became a Massive Trust and Security Risk

(02:45) Subho's Journey and the Birth of AppNox

(06:17) Fake AI Apps, Malicious Wrappers, and Silent Data Theft

(11:03) How Fake Apps Slip Past App Store Reviews

(15:26) The Data Harvesting Business Model Behind Fake Apps

(17:11) AI for Security vs Security for AI

(22:16) Why Trust Is Becoming a Measurable AI Performance Metric

(26:20) User Intent, Data Control, and Minimum Data Sharing

(31:10) Trust, Governments, and Why Where AI Lives Matters

(35:40) What AppNox Found in Retail App Security Audits

(39:16) How AppNox Protects Apps at Scale

(42:05) The Future of Security