Search for: All records

Mobile super apps are revolutionizing mobile computing by offering diverse services through integrated "miniapps'', creating comprehensive ecosystems akin to app stores like Google Play and Apple's App Store. While these platforms, such as WeChat, Alipay, and TikTok, enhance user convenience and functionality, they also raise significant security and privacy concerns due to the vast amounts of user data they handle. In response, the Workshop on Secure and Trustworthy Superapps (SaTS 2024) aims to address these critical issues by fostering collaboration among researchers and practitioners to explore solutions that protect users and enhance security within the super app landscape. 

Integration of third-party SDKs are essential in the development of mobile apps. However, the rise of in-app privacy threat against mobile SDKs — called cross-library data harvesting (XLDH), targets social media/platform SDKs (called social SDKs) that handles rich user data. Given the widespread integration of social SDKs in mobile apps, XLDH presents a significant privacy risk, as well as raising pressing concerns regarding legal compliance for app developers, social media/platform stakeholders, and policymakers. The emerging XLDH threat, coupled with the increasing demand for privacy and compliance in line with societal expectations, introduces unique challenges that cannot be addressed by existing protection methods against privacy threats or malicious code on mobile platforms. In response to the XLDH threats, in our study, we generalize and define the concept of privacypreserving social SDKs and their in-app usage, characterize fundamental challenges for combating the XLDH threat and ensuring privacy in design and utilization of social SDKs. We introduce a practical, clean-slate design and end-to-end systems, called PESP, to facilitate privacy-preserving social SDKs. Our thorough evaluation demonstrates its satisfactory effectiveness, performance overhead and practicability for widespread adoption.