Model Context Protocol moderate risk

Mobile

Mobile Next MCP server enables scalable mobile automation and development across iOS and Android devices via a platform-agnostic interface, supporting native app interaction.

Connections & Capabilities

Connects To

GitHubSlack

Capabilities

readwriteexecadmin

Quickstart

Install

npx @mobilenext/mobile-mcp@latest

Config

{
  "mcpServers": {
    "mobile-mcp": {
      "command": "npx",
      "args": ["-y", "@mobilenext/mobile-mcp@latest"]
    }
  }
}

Exposed MCP Tools (9)

safe

mobile_list_available_devices

Lists all available mobile devices (simulators, emulators, and real devices) connected to the system.

Read-only operation with no side effects.

safe

mobile_get_screen_size

Retrieves the screen size of the mobile device in pixels.

Read-only operation; no modification of the system.

moderate

mobile_launch_app

Launches a mobile application using its package name.

Can launch unintended or malicious apps if the package name is compromised.

moderate

mobile_terminate_app

Stops and terminates a running mobile application.

Can terminate critical apps, causing disruption.

high

mobile_install_app

Installs a mobile application from a file (.apk, .ipa, .app, .zip).

Installing untrusted apps can introduce malware or vulnerabilities.

high

mobile_uninstall_app

Uninstalls a mobile application using its bundle ID or package name.

Can uninstall critical apps, potentially causing data loss or system instability.

moderate

mobile_click_on_screen_at_coordinates

Clicks on the mobile device screen at specific x,y coordinates.

Can trigger unintended actions if coordinates are not carefully validated.

moderate

mobile_type_keys

Types text into focused elements on the mobile device screen.

Can enter malicious commands or sensitive data if not properly controlled.

moderate

mobile_open_url

Opens a URL in the device browser.

Opening untrusted URLs can lead to phishing or malware downloads.

Safety Assessment

The Mobile Next MCP server is relatively safe for read-only operations and simple interactions. However, installing untrusted apps or automating complex workflows without careful validation could lead to security risks. Exercise caution when using tools that modify device settings or interact with sensitive data.

No direct internet access from the server itself
Relies on device-level permissions and OS sandboxing
Most interactions use accessibility trees, reducing reliance on potentially risky screenshot analysis
Provides tools for managing apps and device settings, but requires explicit tool calls

Can install and uninstall apps, posing a risk if malicious apps are installed
Can type text and click on screen elements, potentially automating harmful actions
No built-in RBAC or access controls
Potential for data exfiltration through automated data entry and extraction