Does @mobilenext/mobile-mcp send data, and where? — data-flow verdict
provisional · AUTOMATED — forensic confirmation pending. A preliminary, fact-based flag, not a judgment that the tool is unlawful or unsafe.
100/100 integrity
50% evidence coverage
evidence-backed
Measures evidence support, not confidence — how this is scored
Verdict (the facts)
- Tool
- npm/@mobilenext/mobile-mcp
- Integrity axis
- honest — "integrity: honest" refers to the integrity axis (the egress matches the tool's description / no misrepresentation) — NOT that the data flow above is harmless.
- Data-flow axis
- Sends usage telemetry to us.i.posthog.com (PostHog) in US (jurisdiction tier 2) on launch and on every tool call.
- Disclosure
- disclosed — The observed endpoint us.i.posthog.com (PostHog) is named/disclosed in the tool's own docs (matched: posthog, telemetry, posthog, us).
- Capture self-test
- verified
- Severity
- none — integrity axis only (counts undeclared exfiltration). A disclosed data flow is reported as a neutral fact and is not graded here.
- Version (pinned)
- 0.0.59 · commit 9008f712891b39c751dfc1f5a39f1368d1e38a5f
- Content hash
- sha256:e73da4bf33764a39b925837a1868bfe21dd8d0cdfb3d80f4bf5d25c1812f7a4c
- Signature
- ed25519:DaE/9Sgfk6ZPvcEPKZO0aOJngmDN0QkooGE+Rh… · Ed25519 public key · sha256:49cf8457b42a7048
- Scanned
- 2026-06-13T00:00:00Z — Pinned to @mobilenext/mobile-mcp@0.0.59 (git 9008f712891b39c751dfc1f5a39f1368d1e38a5f), published 2026-06-09. This verdict applies to that exact version; a newer release would require a re-scan.
- Re-verified
- 2026-06-14 — pinned version current
- Categories
- mobile telemetry-disclosed US published
- Observation history
- 1 scan(s); first seen 2026-06-13T00:00:00Z · latest 2026-06-13T00:00:00Z
Observed egress destinations
| host | country | jurisdiction | class | disclosure | frequency | kind |
|---|
| us.i.posthog.com | US | tier 2 | — | disclosed | on launch and on every tool call | usage telemetry |
Jurisdiction context: Tier 2 = third country (e.g. US): transferring EU personal data to a third country requires a transfer basis under GDPR Art. 44-49 (e.g. SCCs / EU-US Data Privacy Framework) — an obligation on you, the deployer; the tool gives no control over this flow. This is the applicable framework, not a finding that the tool violates it.
Evidence — the captured request (verify, don't just trust)
Capture self-test: verified — a beacon decoy was emitted from the tool's network context; its presence in the intercept means a 'no egress' result would have been trustworthy.
Observed: POST
https://us.i.posthog.com/i/v0/e/ ×21
— intercepted (the tool's HTTPS was terminated against the sandbox CA; the egress was then blocked by strict-egress, but the full request was captured)
Payload fields actually sent:
- api_key
- event
- properties.Platform
- properties.Product
- properties.Version
- properties.NodeVersion
- properties.CI
- distinct_id
- properties.AgentName
- properties.ToolName
- properties.Duration
Captured payload sample (one event):
{"api_key":"phc_KHRTZmkD…","event":"tool_invoked","properties":{"Platform":"linux","Product":"mobile-mcp","Version":"0.0.59","NodeVersion":"v20.20.2","CI":"0","AgentName":"mcp","ToolName":"mobile_list_available_devices","Duration":50},"distinct_id":"b204fade01d6…"}
Captured in the sandbox run. The distinct_id (a persistent machine identifier) and the write-only, public-by-design ingestion key are truncated above; payload_fields is the union observed across the run.
Reproduce it yourself (canary-sandbox (open methodology; Docker backend)):
python -m canary.cli scan <target> --backend docker # target: npm @mobilenext/mobile-mcp@0.0.59
Re-run it yourself: the scanner installs the pinned version, drives the tool over MCP, and intercepts all egress.
Full raw captured trace + verification:
/verdict/mobile-mcp/evidence.json
— every captured request (redacted), the verdict content-hash and the package checksum, for an AI or auditor that wants the underlying observation, not just the conclusion.
Disclosure check (the §824 evidence)
- Read
- npm registry readme for @mobilenext/mobile-mcp
- Quoted from the tool's own docs
- “collects anonymous usage telemetry via PostHog. To disable it, set the `MOBILEMCP_DISABLE_TELEMETRY` environment variable: ```bash MOBILEMCP_DISABLE_TELEMETRY=1 npx @mobilenext/mobile-mcp@latest ```”
- Match
- The observed endpoint us.i.posthog.com (PostHog) is named/disclosed in the tool's own docs (matched: posthog, telemetry, posthog, us).
- Residual gap
- Docs may disclose the vendor but not the jurisdiction; the scan resolved the actual host. The observed per-request payload goes beyond a bare event count — it includes: properties.AgentName, properties.ToolName, properties.Duration.
How we know this — claims by basis
A verdict is a reproducible evidence container, not just a claim. Each assertion is tagged: an observation is in the capture and reproducible; an inference is our reasoning over it; documented is the tool’s own statement; a classification is our adversarially-reviewed judgment. Observation never reads as inference.
Observed — directly in the capture, reproducible
- The tool sent 21 request(s) to us.i.posthog.com carrying fields: api_key, event, properties.Platform, properties.Product, properties.Version, properties.NodeVersion, properties.CI, distinct_id, properties.AgentName, properties.ToolName, properties.Duration. — Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce. (confidence: high)
Inferred — our reasoning over the observation
- The repeated requests suggest the flow fires on launch and on each tool call. — 21 requests in one run — an inferred pattern, not proven across launches. (confidence: medium)
Documented — the tool's own statement
- The tool's own docs state (quoted): collects anonymous usage telemetry via PostHog. To disable it, set the `MOBILEMCP_DISABLE_TELEMETRY` environment variable: ```bash MOBILEMCP_DISABLE_TELEMETRY=1 npx @mobilenext/mobile-mcp@latest ``` — npm registry readme for @mobilenext/mobile-mcp (confidence: high)
Classified — our adversarially-reviewed judgment
- us.i.posthog.com is classified as egress (an observability side-channel, not required for the function). — Adversarially reviewed. (confidence: high)
- Disclosure status: disclosed. — The observed endpoint us.i.posthog.com (PostHog) is named/disclosed in the tool's own docs (matched: posthog, telemetry, posthog, us). (confidence: high)
Method
Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). Endpoints, resolved geo/jurisdiction and frequency are observed facts. Capture self-test passed.
Scope
Compares the tool's declared destinations against what was observed in one sandbox run. Checks transparency / integrity for a cooperative tool, NOT resistance to deliberate evasion. "honest"/"clean" means "observed without deviation within our reach", NOT "guaranteed no hidden egress".
Out of scope: exfiltration split/chunked across requests; tool-side encryption of the payload before egress; input/time/state-triggered processing not triggered in the run.
Machine-readable verdict: /verdict/mobile-mcp.json.
This page describes observed behaviour and its relation to the tool's own disclosures — it is not a legal judgment.
Search context: does @mobilenext/mobile-mcp send data, @mobilenext/mobile-mcp privacy, @mobilenext/mobile-mcp data flow, @mobilenext/mobile-mcp telemetry, where does @mobilenext/mobile-mcp send data, is @mobilenext/mobile-mcp safe, what data does @mobilenext/mobile-mcp collect, how to disable @mobilenext/mobile-mcp telemetry, @mobilenext/mobile-mcp opt out tracking, @mobilenext/mobile-mcp GDPR data residency, @mobilenext/mobile-mcp third-party / jurisdiction.