Xiaojing Liao, assistant professor of computer science, and Luyi Xing, assistant professor of computer science, for the Luddy School of Informatics, Computing, and Engineering, have received a $150,000 National Science Foundation collaborative research award to study the security and privacy of mobile super apps such as TikTok, SnapChat and WeChat.
The study, titled Towards Safeguarding the Emerging Miniapp Paradigm in Mobile Super Apps, focuses on comprehending and safeguarding the use of these apps, which function as hosts with multiple services and enables the installation and operation of mini-apps within their platforms, creating an ecosystem similar to that of Google Play and Apple App Store.
“Our objective is to develop a set of tools that ensure both security and privacy compliance for mobile super apps,” Liao said. “Through our research, we aim to pave the way for the creation of practical solutions that can be readily adopted by super apps and mini-app developers. These solutions will address the pressing security and privacy challenges prevalent in this field.”
In a high-tech world, where so much information is available and accessible through so many devices, security and privacy are more important than ever before.
“Computer systems such as mobile phones keep innovating with useful computing and application paradigms, such as the mini-app paradigm in this project, which often introduce new security risks and challenges,” Xing said.
“Our security group is internationally recognized. In this project, we are committed to identifying emerging security risks and exploring secure solutions to protect normal users for their daily use of essential mobile applications from cyber attacks and privacy threats.”
The rapidly growing mini-app paradigm in mobile computing has transformed the way users interact with mobile applications, greatly enhancing user convenience and interactivity. However, that rapid growth creates security and privacy challenges. The host apps collect enormous amounts of data without transparency and safeguards, resulting in privacy threats and regulatory issues.
This study will explore innovative techniques for risk assessment and vulnerability detection. It will employ formal methods to rigorously reason about privacy policies and standardize the design and implementation of application programing interfaces. The goal is to develop practical solutions that can be rapidly implemented by super apps and mini-app developers.
“Professors Xing and Liao's research is timely, addressing the privacy and security challenges emerging in the widely adopted social apps that allow mini-apps within the apps,” said Yuzhen Ye, computer science chair, and professor of informatics and computer science. “Their work will lead to the development of best practices towards safer mobile computing, and the adoption of the practices by various stake holders from academia, industry and government.”
Security and privacy are among the priorities for NSF, an independent federal agency that supports science and engineering in all 50 states and U.S. territories.