Abstract

The proliferation of machine learning (ML)-powered mobile applications has revolutionized user experiences but also introduced significant security challenges, particularly in Application Programming Interfaces (APIs). This study investigates API security protocols in ML-powered apps on iOS and Android platforms, analyzing common vulnerabilities such as insecure data transmission, improper authentication, and API key exposure. Through a comparative analysis, iOS is shown to benefit from stricter development controls, while Android’s open ecosystem presents unique risks. The research highlights effective security measures, including OAuth 2.0, HTTPS/TLS enforcement, and API gateway integration, and provides actionable recommendations for enhancing API resilience. These findings aim to guide developers in mitigating risks and safeguarding the integrity of ML-powered applications