Towards Privacy-Preserving Social-Media SDKs on Android
Haoran Lu
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In an era where mobile applications are increasingly reliant on third-party libraries, the security and privacy implications of these dependencies have become a critical concern. Haoran Lu's talk, "Towards Privacy-Preserving Social-Media SDKs on Android," addresses a significant vulnerability in the Android ecosystem: the **Cross-Library Data Harvesting (XL-DH) attack**. This presentation highlights how malicious or compromised SDKs within a single application can illicitly access sensitive user data handled by legitimate social media SDKs, posing substantial privacy risks and legal liabilities for both app developers and SDK providers.
AI review
This talk presents a critical, novel architectural solution to the widespread Cross-Library Data Harvesting (XL-DH) attack on Android. It masterfully addresses the limitations of existing platform-level privacy solutions, offering a robust, practical framework for securing sensitive social media SDK data without OS modifications or functional compromise. The proposed isolation mechanisms and auditable policy are a significant step forward for mobile privacy and accountability.