Security & Privacy in the Mobile Supply Chain: Uncovering Hidden Risks|Yifan Zhang (SDSU)|2026 CSRC скачать в хорошем качестве

Security & Privacy in the Mobile Supply Chain: Uncovering Hidden Risks|Yifan Zhang (SDSU)|2026 CSRC

Computational Science Research Center - Spring 2026 Colloquium Date of Talk - January 30, 2026 Speaker - Yifan Zhang, San Diego State University, Computer Science Title - Security and Privacy in the Mobile Supply Chain: Uncovering Hidden Risks In this colloquium, Prof. Yifan Zhang discusses mobile ecosystems rely on ever-evolving supply chains, but overlooked design flaws and privacy gaps pose significant risks. In this talk, I will present two studies addressing these challenges. The first reveals a design flaw in Android Studio that allows malicious SDKs to override static resources in other libraries, creating opportunities for supply chain attacks. By analyzing real-world apps and open-source projects, we identified widespread vulnerabilities and proposed a Gradle-based mitigation method. The second study examines privacy violations caused by privacy-configurable SDK wrappers (PICO SDK wrappers) that fail to relay app developers' privacy configurations to underlying advertisement SDKs. Through a large-scale analysis of 65 SDKs and over 48,000 apps, we found that 31.7% of apps were misconfigured, with 54.5% of PICO wrappers amplifying privacy risks. Hosted by : Computational Science Research Center (CSRC), San Diego State University Series: Spring 2026 Colloquium Talks