Third-party tracking is becoming a prevalent practice in mobile app ecosystems. While providing benefits for app developers, this practice also introduces several privacy issues for end-users. The European General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD) mandate that mobile apps must obtain user consent before sharing users’ personal data with third-party trackers. This work presents an empirical study investigating the compliance of 400 popular mobile apps (200 Android apps and their corresponding version for iOS) with the ePD and GDPR requirements on valid consent.