LLMs on support of privacy and security of mobile apps: state of the art and research directions
Tran Thanh Lam Nguyen, Barbara Carminati, Elena Ferrari
TL;DR
The chapter surveys how LLMs can support privacy and security in mobile apps, covering vulnerability detection, bug reproduction, malware detection, and an illustrative EXIF metadata leakage mitigation workflow. It emphasizes prompt engineering approaches such as Few-Shot Learning and Retrieval-Augmented Generation to overcome input limits and inject relevant context. Findings show LLMs can surpass some traditional static tools in vulnerability detection and enable scalable, human-readable malware analysis, while also exposing challenges around cost, interpretability, on-device deployment, and potential threats to LLM integrity. The work identifies open research issues and directions for secure, robust integration of LLMs into mobile-app security workflows.
Abstract
Modern life has witnessed the explosion of mobile devices. However, besides the valuable features that bring convenience to end users, security and privacy risks still threaten users of mobile apps. The increasing sophistication of these threats in recent years has underscored the need for more advanced and efficient detection approaches. In this chapter, we explore the application of Large Language Models (LLMs) to identify security risks and privacy violations and mitigate them for the mobile application ecosystem. By introducing state-of-the-art research that applied LLMs to mitigate the top 10 common security risks of smartphone platforms, we highlight the feasibility and potential of LLMs to replace traditional analysis methods, such as dynamic and hybrid analysis of mobile apps. As a representative example of LLM-based solutions, we present an approach to detect sensitive data leakage when users share images online, a common behavior of smartphone users nowadays. Finally, we discuss open research challenges.