Assessing and Mitigating Emerging Threats in the Mobile Software Supply Chain
Guardat en:
| Publicat a: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicat: |
ProQuest Dissertations & Theses
|
| Matèries: | |
| Accés en línia: | Citation/Abstract Full Text - PDF |
| Etiquetes: |
Sense etiquetes, Sigues el primer a etiquetar aquest registre!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3181066822 | ||
| 003 | UK-CbPIL | ||
| 020 | |a 9798310150911 | ||
| 035 | |a 3181066822 | ||
| 045 | 2 | |b d20250101 |b d20251231 | |
| 084 | |a 66569 |2 nlm | ||
| 100 | 1 | |a Lu, Haoran | |
| 245 | 1 | |a Assessing and Mitigating Emerging Threats in the Mobile Software Supply Chain | |
| 260 | |b ProQuest Dissertations & Theses |c 2025 | ||
| 513 | |a Dissertation/Thesis | ||
| 520 | 3 | |a The rapid proliferation of mobile applications and their ecosystems has revolutionized the way users interact with technology, but it has also introduced a range of emerging security and privacy threats. This thesis investigates critical vulnerabilities in the mobile supply chain through three distinct but interconnected domains: app-in-app ecosystems, location-based services, and third-party software development kits (SDKs). First, we explore the app-in-app paradigm, where sub-apps hosted within larger applications often bypass robust security controls, leading to privilege escalation and sensitive data leakage. Second, we address the aggressive and unwarranted harvesting of location data by mobile apps, which undermines privacy principles due to insufficient access control mechanisms in mobile operating systems. Finally, we examine how to mitigate privacy risks posed by cross-library data harvesting (XLDH) in third-party SDKs, particularly those in social media, which harvest user data across applications without consent.To mitigate these threats, this thesis proposes systematic frameworks and practical solutions, including a security assessment tool (Apinat), machine learning-based detection mechanisms (LocationScope) and a privacy-preserving SDK design (PESP). Our findings highlight the prevalence and impact of these issues, offering actionable insights for developers, platform stakeholders, and policy makers to secure the mobile supply chain. The contributions of this work aim to enhance the privacy and security of mobile ecosystems, paving the way for more resilient and compliant application development practices. | |
| 653 | |a Computer science | ||
| 653 | |a Computer engineering | ||
| 773 | 0 | |t ProQuest Dissertations and Theses |g (2025) | |
| 786 | 0 | |d ProQuest |t ProQuest Dissertations & Theses Global | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3181066822/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3181066822/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch |