SaTS 2026
ACM Workshop on Security and Safety of AI-Empowered Mobile Super Apps (SaTS ’26)
Co-located with ACM CCS 2026 »
October, 2026
cfp anchor
Call for Papers
Mobile super apps have evolved into complex ecosystems that integrate diverse services through
third-party miniapps, plugins, and APIs. These super apps, offering a plethora of services often
in the form of third-party integrated, self-contained packages and capabilities, have greatly extended
the versatility of the platforms, offering unprecedented convenience but also introducing significant
security and privacy challenges. In the past decade, super apps have evolved into a comprehensive
OS-alike ecosystem, with millions of miniapps hosted by built-in stores akin to Google Play and the Apple App Store.
Nevertheless, the surging popularity of these apps, such as WeChat, Alipay, TikTok, Line, Zalo, and Grab,
has resulted in an immense volume of user data being generated, stored, and transmitted via these platforms.
Emerging Operating Systems have also provided such light-weight integration, such as QuickApps as advocated
by Huawei, Xiaomi, and Oppo. With their integration of diverse services within a single platform or application,
these super apps pose significant security and privacy challenges.
Recently, the rise of agentic AI frameworks and AI-enabled application development has further transformed
the ecosystem of super apps. Agentic frameworks enabling automatic multi-modal interaction, as well as
AI-augmented app development, has significantly reformed the landscape of software development and user interactions.
However, these advancements have also expanded the attack surface, introducing novel risks such as data leakage,
malicious integrations, privilege escalation, and adversarial manipulation.
Our desire of SaTS workshop is to bring together researchers and practitioners from academia, industry,
and government to share the latest research efforts and advances, exploring emerging threats, defense,
and research directions at the intersection of AI-empowered mobile super apps, miniapp ecosystems,
and security analysis.
Important Dates (hard deadline)
| Paper Submission Deadline | July 15th, 2026 (AoE, UTC-12) |
| Acceptance Notification | Sept 1st, 2026 |
| Camera-ready Deadline | Sept 15th, 2026 (AoE, UTC-12) |
Topics of Interest
Topics of interest in this workshop include, but are not limited to, the following
categories:
- Security Analysis of AI-Empowered Mobile (Super) Apps and third-party miniapps
- Security Analysis of Agentic frameworks and assistants on Mobile (Super) Apps
- Agentic/LLM-based techniques for security analysis in Mobile (Super) Apps
- User-centric analysis regarding security and privacy of Mobile (Super) Apps
- Detection of Malware, Vulnerability, Misinformation, and Regulation Violation
- Analysis of privacy policies, compliance, and violation of regulations
- Attack, defense, and mitigation for Mobile (Super) Apps
- Other security topics related to Agentic / Miniapp in Mobile (Super) Apps
The PC will select a best paper award for work that distinguishes itself in advancing the security and
privacy of mobile superapps/miniapps and emerging computing paradigms through novel insights, attacks or
defenses.
Submission Instructions
1. Submitted papers must be in English, unpublished, and must not be currently under review for any other publication.
Submissions must be a PDF file in double-column ACM format (see ACM Proceedings Template, using the sigconf style).
2. We accept (1) regular papers with up to 7 pages, (2) short papers or work-in-progress papers with up to 4 pages,
and (3) attack/defense/tool demos with up to 2 pages. The page limits does not include bibliography and well-marked
appendices, which can be up to 2 pages long. Note that reviewers are not required to read the appendices or any
supplementary material.
3. Authors should not change the font or the margins of the ACM format. The review process is double-blind.
All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via
HotCRP (submission link to be updated).
Organization anchor
Organization
Steering Committee
Zhiqiang Lin (The Ohio State University, USA)
Ben Stock (CISPA Helmholtz Center for Information Security, Germany)
Yan Shoshitaishvili (Arizona State University, USA)
Luyi Xing (University of Illinois Urbana-Champaign, USA)
Program Committee Chairs
Yuqing Yang (CISPA Helmholtz Center for Information Security, Germany)
Yue Xiao (William & Mary, USA)
Program Committee
Balazs Engedy (Google, Germany)
Hao Wu (Nanjing University, China)
Hongkai Chen (Arizona State University, USA)
Soheil Khodayari (CrowdStrike, Germany)
Shubham Agarwal (Max Planck Institute for Security and Privacy, Germany)
Xinfeng Li (Nanyang Technological University, Singapore)
Yanjie Zhao (Huazhong University of Science and Technology, China)
Yue Xiao (William and Mary, USA)
Yue Zhang (Shandong University, China)
Yuhao Wu (Palo Alto Networks, USA)
Yuqing Yang (CISPA Helmholtz Center for Information Security, Germany)
Zifeng Kang (BUPT, China)