Collaborative Research: EAGER: Towards Safeguarding the Emerging Miniapp Paradigm in Mobile Super Apps
Indiana University, Bloomington IN
Investigators
Abstract
The rapidly evolving miniapp paradigm within mobile computing is revolutionizing user engagement with mobile applications. Super apps, functioning as hosts with multiple services, facilitate the installation and operation of miniapps within their platforms, thereby cultivating an ecosystem akin to that of Google Play and Apple App Store. This approach, already adopted by leading social apps like WeChat, TikTok, and SnapChat, greatly enhances user convenience and interactivity. However, alongside these advancements, the miniapp paradigm ushers in distinct security and privacy challenges demanding urgent resolution. As the prevalence of miniapps continues to escalate, the establishment of proper safeguards struggles to keep pace. Existing security policies for managing system resources across modern mobile operating systems (OSs) often exhibit opacity and dispersion, impeding effective isolation of miniapps and concealing complexities inherent to diverse mobile OSs. Additionally, super apps, with their capacity to amass substantial user data from numerous miniapps, frequently avoid recognizing themselves as data controllers. This lack of transparency in data practices generates potential privacy threats and regulatory issues. This proposal aims to take the first step towards systematic understanding and safeguarding of the security and privacy of the emerging miniapp paradigm in mobile super apps. We recognize the pressing concerns related to this paradigm and aim to investigate new security and privacy threats, such as cross-platform support, the design and implementation of miniapp APIs, and the management of sensitive data with respect to access control and security and privacy policies. Our research will also explore innovative techniques for risk assessment and vulnerability detection within the miniapp ecosystem. Moreover, we propose to employ formal methods to rigorously reason about these policies and standardize the design and implementation of the APIs, enabling a more secure and privacy-compliant miniapp ecosystem. Our research is expected to pave the way for the development of practical solutions that can be rapidly adopted by super apps and miniapp developers to tackle the urgent security and privacy challenges in this field. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →