We were losing 50% of the market as Privado couldn't touch mobile apps. I led the design for the Privado Mobile App Scan that changed that.
Details
What's Privado?
Privado is a platform that scans codebases using its proprietary code-scan engine to map data flows and catch privacy risks before they ship.
What's the gap?
Code-scan works perfectly for web apps, but not at all for mobile apps. This meant losing half of our market as they were not able to use Privado.
What was my role?
I led end-to-end design for a new product that brought Privado's privacy tools to mobile apps.
Timeline
2024 - 2 month
Goals
How do we scan something that we can't access?
1
Design a way for Privado to scan mobile apps despite their fundamentally different architecture.
2
Give privacy teams a way to test mobile apps without engineering support.
Process
Web apps are open, mobile apps are sealed.
Web
Mobile
Privado has no way of reading mobile apps
Privado's code scan plugs into your codebase via Git. Mobile apps are packaged into sealed files (APK/IPA) before deployment. There's no codebase to connect to.
Privacy teams are flying blind
Limited Resources
Small teams juggling compliance across multiple apps, platforms and regional laws.
Non-technical
Usually from a legal background. Can't build tests and verify what developers claim.
This usually means they are flying blind when it comes to mobile apps. One missed flow could mean a regulatory fine.
No automation. Now what?
We needed a tool that works without code access and doesn't require technical skills. That ruled out complete automation. The question became: what kind of manual workflow gives privacy teams, who are short on time and resources, the most value, fastest?
The workflow:
Add Apps
→
Manual Tests
→
Observe Results
Multi-flow
Maps the entire app, like our web code-scan, covering all flows.
Need to manually map a majority of the app before seeing any results.
Single Flow
Record single flow in 5 minutes.
See results almost instantly.
Ability to prioritize flows.
Flows live in isolation.
Single flow meant sacrificing full app coverage. We opted for it for a few reasons:
Delivering results within a few minutes was a great value unlock for privacy teams
Single flow lets teams prioritize which flow to cover first by compliance risk.
Recording a single flow meant thinking linearly, without any need to understand the app architecture.
Solution
Designed around how privacy teams operate
Add new app in Privado
Unlike code-scan, adding mobile apps is manual and done through file (APK/IPA) uploads. We designed this step around how privacy officers think: in regions and laws, not builds and SDKs.
Automatic version control
Delta from previous app versions
Versioning is handled automatically using app metadata, and the privacy team never has to worry about it. Meanwhile, the delta between two versions is surfaced to show what actually changed.
No more blindly trusting the developers.
Testing that feels like Playing
Mobile app test recorder
We needed privacy teams to test app flows without any training or technical knowledge. So we modeled the entire interaction around one familiar metaphor: recording.
Record
Simply tap through the app. Privado captures everything in the background.
Replay
Rerun a recorded flow on a new app version to catch what changed.
Restart
Made a mistake or a wrong turn? Start over anytime.
Helping privacy teams prioritize
Mobile app overview dashboard
Each mobile app has layers of details: SDKs, permissions, data elements, and third parties spread across multiple views.
The overview dashboard surfaces what needs attention and what's changed, so the privacy team knows exactly where to dig in.
Reports that sell
Mobile app PDF report
Leadership rarely logs into Privado. So we designed an exportable report that summarizes key findings
It also became a sales tool. Our team would scan a prospect's public APK, generate a report, and walk into the call with real findings, providing real value before they had even signed up.
Results
The missing piece that unlocked new markets
The mobile app scan was the final piece. Privado now covers all touchpoints: web apps, websites and now mobile apps.
This unlocked new industries for Privado: mobile gaming, consumer apps, and e-commerce.
Landing 5 new enterprise customers in a single quarter.
my team
my manager and mentor