The study surveyed Android developers to assess their willingness to adopt changes that mitigate device fingerprinting risks, finding that developers overwhelmingly support privacy protections even wi…

The paper reverse-engineers Apple's Private Cloud Compute (PCC) implementation to independently benchmark its model and evaluate its privacy claims, addressing the lack of transparency in Apple's syst…

The authors reverse-engineered and fuzz-tested the undocumented Apple Remote Invocation (ARI) interface, revealing a significant, untested Remote Code Execution (RCE) attack surface on iOS.

The paper addresses the over-reliance on GDPR in digital privacy research by systematically normalizing heterogeneous global data protection laws into a unified, data-lifecycle-aligned abstraction.

This study provides the first large-scale analysis of video piracy on Telegram, quantifying its massive financial impact and developing a resilient detection framework, Anti-RIP, to combat it.

This study empirically demonstrates that privacy exposure in mobile gaming apps is primarily driven by complex, configuration-level SDK ecosystems rather than just the permissions the app explicitly r…

This paper audits Apple's Differential Privacy framework on macOS and finds multiple implementation bugs and misconfigurations, revealing significant privacy violations in a large percentage of collec…

The paper proposes an on-device framework to detect and prevent the forwarding of images that have been physically recaptured (photographed) from a mobile screen, addressing the Screen Recaptured Anal…

This paper systematically analyzes 123 publications on anti-forensics to quantify techniques and attack vectors, identify research patterns, and propose directions for a more coherent and ethical unde…

The paper investigates how digital devices in U.S. prisons create privacy and security risks for incarcerated users, finding that pervasive surveillance and arbitrary policies negatively impact their…

The paper argues that the near-term impact of LLM-assisted vulnerability discovery is not simply an increase in zero-day volume, but a critical bottleneck in defender remediation throughput, shifting…

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

This paper analyzes location-data provenance risks across multiple European sectors, proposing a risk taxonomy and architectural design for a next-generation digital trust infrastructure that treats l…

This study provides an ecosystem-scale measurement of commit signing on GitHub, finding that current signing adoption rates are misleading and that developers struggle to maintain consistent, long-ter…

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

This paper introduces Security Cube, a comprehensive, multi-dimensional framework for evaluating LLM robustness against jailbreak attacks, providing a systematic taxonomy and benchmark analysis of exi…

This study empirically analyzed 1,000 Android apps, finding that privacy policies are often vague and frequently fail to align with the actual sensitive data logged by the applications.

This paper introduces the 'wide-net-casting' jailbreak scenario, demonstrating that querying a group of large language models can expose significant, previously overlooked safety risks, with a novel m…

This paper provides a large-scale empirical taxonomy of Broken Object Level Authorization (BOLA) by analyzing over 100 real-world bug bounty disclosures, revealing that unauthorized state-changing act…