A conversation with Chris Roeckl, Chief Product Officer at Appdome
February 5, 2025 – Taguig City, BGC – CyberSecPhil 2026 – In a recent conversation with Chris from Appdome , the reality became clear: mobile security has entered an AI-powered arms race, and most consumers are already outmatched.
The cybersecurity battlefield has quietly but decisively shifted. It’s no longer just about data centers, enterprise networks, or backend systems: it’s about what sits in our pockets.
Chris didn’t mince words when describing today’s threat landscape. In markets like the Philippines, mobile fraud has ballooned into a multi-billion-dollar problem, fueled by the rapid digitization of banking, payments, and communication. Regulations such as the Anti-Financial Account Scamming Act (AFASA) are beginning to strengthen consumer protection, but legislation alone cannot keep pace with adversaries who operate globally, automatically, and without downtime.
everyday users simply don’t stand a chance
As Chris put it, consumers rely on platforms, passwords, and habits that were never designed to withstand AI-driven attackers.
One of the more sobering insights from the discussion was where responsibility truly lies. While users often assume Apple, Google Android , or gadget ,aker will “handle security,” those platforms can only provide baseline protections across millions of applications. They cannot tailor defenses to every business logic, transaction flow, or user behavior. That burden, Chris emphasized, belongs to mobile brands themselves: banks, fintechs, telcos, and service providers whose apps directly handle money, identity, and trust.
Modern mobile attacks are rarely purely technical .
Instead, they blend psychology and technology in carefully orchestrated sequences. Chris described common scenarios involving vishing: voice phishing. It is where a victim is pressured during a phone call to open their banking app while malicious tools operate silently in the background. The attack succeeds not because of a single exploit, but because no one breaks the chain.
This is where intelligent, context-aware defenses become critical. By analyzing real-time telemetry, a mobile app can recognize suspicious combinations of behavior—such as an active phone call coinciding with a sensitive transaction. Rather than abruptly blocking access, which risks alienating legitimate users, apps can introduce subtle but powerful friction. A simple message reminding users that financial institutions will never call and request in-app actions can be enough to disrupt social engineering in progress. According to Chris, this kind of intervention often stops fraud before it escalates.
Beyond warnings, mobile brands now have access to a broader toolkit. In high-risk situations, apps can shift into read-only mode, allowing users to view balances without moving funds. They can apply rate limits that cap how much money can be transferred during suspicious activity. Even accessibility features: long exploited by attackers to overlay malicious interfaces. It can be managed more intelligently by allowing only trusted tools while blocking abuse. These measures don’t eliminate usability; they preserve it while buying critical time.
Perhaps the most unsettling part of the conversation centered on biometrics. Fingerprints and facial recognition have long been marketed as near-foolproof, but generative AI has dramatically changed that equation. Chris shared a proof-of-concept demonstration where Face ID was bypassed using a 3D model created from a single LinkedIn photo. The entire process took under half an hour and relied on inexpensive, readily available software. In an era of deepfakes and voice cloning, the idea that biometrics alone can secure high-value transactions is quickly becoming an illusion.
Faced with attackers who deploy AI agents around the clock, the defensive response must evolve just as aggressively. Chris was unequivocal:
Fighting AI requires AI
Human analysts, no matter how skilled, cannot manually process the volume and velocity of modern threats. AI-driven systems can analyze massive datasets, detect emerging attack patterns, and deploy protections in hours rather than weeks—an essential capability in a mobile ecosystem where app updates are constant and threats mutate in real time.
By the end of the discussion, one theme stood out above all others. The old “buyer beware” mindset no longer applies in mobile security. Consumers cannot reasonably defend themselves against AI-powered fraud, and they shouldn’t be expected to. Instead, accountability must shift upward . Mobile brands are now the first and most important line of defense. Users, in turn, are beginning to “vote with their feet,” abandoning apps that fail to protect them.
In the AI era, trust is no longer built solely on features or convenience. It is built on whether a brand is willing to acknowledge the arms race and actively fight on behalf of its users. As Chris made clear, the question is no longer if mobile apps will be targeted, but who is prepared to defend them when it happens.
================
About the Author:
Raphael Quisumbing as a Co-Host of KaKaComputer, is a seasoned technology expert with 20+ years of experience in the industry. He has several hour long videos in Youtube as YoungCTO with over 37.1K Views, 2.6K Hours Watch Time and 1.3K Subscribers. He is recognized Cloud Enthusiast and leader (AWS Hero) with genuine enthusiasm for effectively mentoring a usergroup of over 18,000 members in the Philippines. He comes from a family of teachers and educators, serving in the academe as well as being an AWS Authorized Instructor.
