MobileGuard: the first native governance framework for agentic AI on mobile

By Zenodo (preprint) · June 27, 2026.

Jaspreet Singh, an independent researcher, has published on Zenodo a preprint titled *MobileGuard: A Mobile-Native Governance Framework for Agentic AI*, presenting it as the first governance framework specifically designed for agentic AI in mobile environments. The work addresses a gap the author identifies as structural: existing governance frameworks for AI agents were conceived for enterprise deployments on mutable servers, and do not account for the unique constraints of the mobile ecosystem.

**The problem: why current frameworks don't work for mobile**

The paper's starting argument is that consumer mobile platforms have become the primary distribution channel for agentic AI, with global app launches growing between 60% and 104% year over year in 2026, driven by AI-assisted development tools. However, this channel presents five structural constraints that existing frameworks ignore: (1) binary immutability —once an app is published, it cannot be modified on the server without going through platform review—; (2) non-determinism of platform gatekeepers (App Store, Google Play), whose acceptance criteria are opaque and shifting; (3) blast radius at mass-consumer scale; (4) expansion of the ambient agent surface; and (5) growing regulatory exposure, especially under the EU AI Act.

**The four pillars of MobileGuard**

The framework is structured around four pillars that integrate throughout the mobile software development lifecycle (SDLC):

- **PDQC (Pre-Deployment Quality Contracts):** Quality contracts defined before deployment that formalize the agent's behavioral requirements and acceptable risk thresholds before the app reaches platform review.

- **TAC-M (Tiered Autonomy Calibration for Mobile):** A tiered autonomy calibration system adapted to the constraints of the mobile environment, regulating which actions the agent can execute autonomously according to the device context and available permissions.

- **PGSG (Platform Gatekeeper Simulation and Governance):** A component that simulates App Store and Google Play review processes to anticipate rejections before actual submission, reducing the uncertainty generated by reviewers' non-deterministic behavior.

- **AABE (Ambient Agent Boundary Enforcement):** A boundary-enforcement mechanism for ambient agents that controls the expansion of agents' action surface within the mobile device context (access to contacts, location, sensors, other apps, etc.).

**Empirical validation: three studies**

The paper presents three empirical studies to validate the framework, although it is worth emphasizing that this is a non-peer-reviewed preprint.

*Study 1 — Taxonomy of governance failures:* Drawing on 2,847 real platform-rejection records on iOS and Android, the authors build a taxonomy of governance failures with 23 categories distributed across 6 pillars. The central finding is that 71.3% of these failures are undetectable using existing governance frameworks, which underpins the need for a mobile-specific solution.

*Study 2 — Reduction of deployment errors:* Applying MobileGuard to a mobile production pipeline across three real applications, the study reports a 74.1% reduction in the Deployment Error Rate with statistical significance (p < 0.001). According to the paper, this figure exceeds the performance of AGENTSAFE, a benchmark governance framework in the sector, by 45.7 percentage points. The author acknowledges a relevant methodological limitation in this study: the "author-defined scenario circularity," that is, that the test scenarios were designed by the same researcher who evaluates the framework, which introduces a potential confirmation bias.

*Study 3 — Cross-sectional audit of 942 apps:* To resolve the methodological circularity of Study 2, Singh conducts an independent audit of 942 real mobile applications (primarily iOS, with Android replication underway) using AS-009, an AI-disclosure scanner for release notes that analyzes governance signals on both the App Store and Google Play. The result is a governance signal rate of 4.0%, with violations detected in applications from enterprise-scale developers, explicitly including **Adobe Inc.** and **Moleskine Srl**.

**Regulatory alignment and availability**

MobileGuard maps its controls to two benchmark regulatory frameworks: **ISO 42001:2023** (the AI management systems standard) and the **EU AI Act**. The framework is implemented as an open-source Python CLI, available at github.com/jsingh6/mobileguard, with an active development status according to the repository metadata.

**Implications for agentic AI on mobile**

The work touches on a real tension scarcely addressed in the academic and technical literature: most debates on agentic AI governance revolve around enterprise environments with developer-controlled infrastructure. Mobile introduces layers of intermediation (Apple's and Google's own gatekeepers) that operate as de facto regulators with non-public, shifting criteria, and that can reject or pull an application with immediate consequences for millions of users.

More broadly, as sector context, the proliferation of AI agents embedded in mobile apps —personal assistants, shopping agents, task automation, access to device data— poses governance risks distinct from those of enterprise agents: the average user has no visibility into what the agent is doing on their behalf, consent mechanisms are more superficial, and the ability to push security patches is subject to platform approval.

**Important caveats**

This work must be contextualized with several caveats. First, it is a **non-peer-reviewed preprint**, published the same day on Zenodo with zero views and zero downloads at the time of indexing, which means it has not undergone independent scrutiny. Second, the author is an individual researcher with no institutional affiliation identified in the metadata, which limits the ability to assess the work's independence. Third, the paper itself acknowledges the methodological circularity of Study 2, which Study 3 attempts to mitigate but does not fully eliminate. Fourth, the improvement figures (74.1% error reduction, 45.7 pp over AGENTSAFE) are striking and will warrant rigorous review when the paper enters a peer-review process. Fifth, the mention of Adobe Inc. and Moleskine Srl as companies with detected violations is a claim with legal and reputational scope that, in a preprint, lacks the backing of editorial review.

**Outlook**

If the paper's claims are confirmed after independent review, MobileGuard would represent a relevant contribution to the emerging field of agentic AI governance on mobile. Identifying a corpus of 2,847 platform rejections and classifying them into 23 categories would itself be a valuable contribution for the community. The open-source tool would facilitate adoption by development teams that currently lack specific instruments to audit their agents' behavior before submitting them for platform review. However, the path from an individual preprint to a standard adoptable by the industry is long, and the work's credibility will depend on its ability to pass peer review and be replicated by independent teams.