An apparatus, method and computer program product for repairing security vulnerabilities of an application running on a mobile device. The method comprises: monitoring, by a hardware processor running a mobile device application, an application program interface (API) request associated with a data access operation, the data access operation associated with a security vulnerability. The method determines one or more private values provided by the data access operation and tracks, for each determined private value, a use of the private value by the mobile device application. Further, the method determines from the tracked usage, whether a private value has been transformed in a manner associated with the security vulnerability. For each private value that has been transformed, using the processor to modify the private value deemed a security vulnerability prior to an access by the mobile device application.