Privacy-preserving data aggregation in wireless sensor networks (WSNs) with mobile nodes is a challenging problem, as an accurate aggregation result should be derived in a privacy-preserving manner, under the condition that nodes are mobile and have no pre-specified keys for cryptographic operations. In this paper, we focus on the SUM aggregation function and propose two privacy-preserving data aggregation protocols for two-tiered sensor networks with mobile nodes: Privacy-preserving Data Aggregation against non-colluded Aggregator and Sink (PDAAS) and Privacy-preserving Data Aggregation against Colluded Aggregator and Sink (PDACAS). Both protocols guarantee that the sink can derive the SUM of all raw sensor data but each sensor's raw data is kept confidential. In PDAAS, two keyed values are used, one shared with the sink and the other shared with the aggregator. PDAAS can protect the privacy of sensed data against external eavesdroppers, compromised sensor nodes, the aggregator or the sink, but fails if the aggregator and the sink collude. In PDACAS, multiple keyed values are used in data perturbation, which are not shared with the aggregator or the sink. PDACAS can protect the privacy of sensor nodes even the aggregator and the sink collude, at the cost of a little more overhead than PDAAS. Thorough analysis and experiments are conducted, which confirm the efficacy and efficiency of both schemes.