SaTS 2025
ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS ’25)
Co-located with ACM CCS 2025 »
October 13th, 2025
Mobile super apps present an emerging paradigm in the realm of mobile computing. These applications, which offer a plethora of services often in the form of “miniapps”, have experienced an accelerated growth trajectory in recent years. Specifically, the miniapps, analogous to native apps, have enabled super apps to construct a comprehensive ecosystem around themselves, akin to Google Play and the Apple App Store. By doing so, they not only enhance the host's functionalities, but also bestow an elevated level of convenience upon mobile users. Nevertheless, the surging popularity of these apps, such as WeChat, Alipay, TikTok, and Grab, has resulted in an immense volume of user data being generated, stored, and transmitted via these platforms. With their integration of diverse services within a single platform or application, these super apps pose significant security and privacy challenges. This burgeoning issue has caught the attention of not just users, but also researchers and regulatory authorities.
Building on this evolving landscape, the integration of large language models (LLMs) into mobile apps opens a new research frontier, generating an unforeseen paradigm of LLM-empowered mobile super apps. Many of such LLM-driven apps, acting as autonomous agents with broad privileges, offer enhanced functionality by managing traditional miniapps, traditional mobile apps, and any other external tools (e.g., smart-home devices, third-party Web services) accessible to the super apps. Yet, this evolution also presents significant challenges, including potential data exposure and heightened cybersecurity risks. Addressing these concerns calls for new studies in secure architecture design, permission management, root trust frameworks, and innovative threat models for LLM-enabled mobile super app and super app development ecosystems.
In light of these developments, the ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS 2025), co-located with ACM CCS 2025, is a highly relevant and timely event. Super apps are rapidly becoming indispensable tools for communication, entertainment, and commerce, while simultaneously raising crucial security and privacy issues. By fostering discussion and collaboration among researchers and practitioners, this workshop aims to address these concerns and provide insights and solutions to the security community, industry, and society at large. The objective of SaTS 2025 is to turn the spotlight on these concerns and foster an environment of knowledge exchange and problem-solving.
Important Dates (hard deadline)
| Paper Submission Deadline | June 20th, 2025 (AoE, UTC-12) |
| Acceptance Notification | August 8th, 2025 |
| Camera-ready Deadline | August 22nd, 2025 (AoE, UTC-12) |
| Workshop | October 13th, 2025 |
cfp anchor
Call for Papers
Emerging AI and LLM-powered mobile super apps—offering a range of functionalities through integrated external tools and traditional miniapps—have experienced rapid growth in recent years. Platforms such as Operator (by OpenAI), WeChat, Slack, TikTok and Alipay unite various external tools and miniapps to deliver services like payments, search, communication, and entertainment, thereby significantly enhancing functionalities and user convenience. However, the integration of these external tools and miniapps also introduces substantial security and privacy concerns, as large amounts of user data are generated, stored, and transmitted across interconnected systems.
Building on this evolving landscape, the integration of large language models (LLMs) into mobile apps opens a new research frontier, generating an unforeseen paradigm of LLM-empowered mobile super apps. These LLM-driven apps, acting as autonomous agents with broad privileges, offer enhanced functionality by managing traditional miniapps, traditional mobile apps, and any other external tools (e.g., smart-home devices, third-party Web services) accessible to the super apps. Yet, this evolution also presents significant challenges, including potential data exposure and heightened cybersecurity risks. Addressing these concerns calls for new studies in secure architecture design, permission management, root trust frameworks, and innovative threat models for LLM-enabled mobile super app and super app development ecosystems.
We invite researchers and practitioners to submit original research papers for the new edition of the Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS 2025), co-located with ACM CCS 2025 (see last year’s workshop at https://superappsec.github.io/2024/). The aim of this workshop is to bring together experts from academia and industry to discuss and address the security and privacy challenges posed by the increasing use of AI-empowered mobile super apps.
Topics of interest in this workshop include, but are not limited to, the following categories:
- LLM-Enabled Mobile (Super) Apps
- Agentic apps (LLM-empowered apps) related external tools, traditional apps and mini-apps related to
- Secure permission management for LLM-enabled super apps
- Architecture and threat models for LLM-enabled super apps
- Privacy-preserving techniques for mobile super apps (including their miniapps)
- Security analysis of mobile super app ecosystems
- Authentication and authorization mechanisms for super apps
- Data protection and secure storage in super apps
- Privacy policies, compliance, and regulations for mobile super apps
- User behavior and privacy risk analysis
- Surveillance and censorship in mobile super apps
- Anonymity and pseudonymity in miniapp communication
- Security and privacy issues in third-party integrations
- Secure payment systems in mobile super apps
- Case studies and real-world experiences with mobile super app security and privacy
In addition, topics of interest include, but are not limited to other emerging paradigms in mobile and ubiquitous computing, especially those related to LLM agents based mobile systems.
The PC will select a best paper award for work that distinguishes itself in advancing the security and privacy of mobile superapps/miniapps and emerging computing paradigms through novel insights, attacks or defenses.
Submission Instructions
Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must be a PDF file in single-column ACM format (see ACM Proceedings Template, using the sigconf style). We accept (1) regular papers with up to 7 pages, (2) attack/defense demos with up to 2 pages. The page limits does not include bibliography and well-marked appendices, which can be up to 2 pages long. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format. The review process is double-blind. All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via HotCRP (submission link below).
Submission Website (coming soon) »
Organization anchor
Organization
Steering Committee
Adam Doupe (Arizona State University, USA)
Zhiqiang Lin (The Ohio State University, USA)
Nick Nikiforakis (Stony Brook University)
Ben Stock (CISPA)
Luyi Xing (Indiana University Bloomington, USA)
Program Committee Chairs
Luyi Xing (Indiana University Bloomington, USA)
Yue Xiao (IBM Research, USA)
Program Committee
Adwait Nadkarni (William & Mary, USA)
Ding Li (Peking University, China)
Kaushal Kafle (University of South Florida, USA)
Omar Alrawi (Georgia Institute of Technology, USA)
Yue Xiao (IBM Research, USA)
Yue Zhang (Drexel University, USA)
Zhiqiang Lin (The Ohio State University, USA)
Xusheng Xiao (Arizona State University, USA)
Trent Jaeger (University of California, Riverside, USA)