As computing and communication systems evolve rapidly and ubiquitously, it has become convenient and almost effortless for individual users to generate, share and exchange information on online social networks. However, the simplicity of creating such digital content online has also led to an increase of users’ concerns about their security and privacy. In this E-Letter, we mainly focus on the state-of-the-art security and privacy issues in online social networks. 

In particular, we invited researchers from both academia and industry to present their latest study on security/privacy attack and defense in various online social networks. There are four featured articles. 

Friend search has become one of the most popular services in online social networks such as Facebook and Twitter. However, privacy concerns have risen since users may want to share only a limited number of their friends. Attacks may be launched to violate users’ privacy settings. The first article, presented by Na Li et al., proposes the design of a web application which aims to collect friend search attack strategies from human users through a cyber-competition. The collected data will advance the understanding of advanced attack strategies and help with the design of a more secured friend search engine with privacy protection. The PDF version of the paper is available here. 

Online reputation system is a special type of social network, where users share their experiences of online products through reviews. One security challenge is that such reviews can be easily manipulated. Malicious behaviors on products' review will seriously affect both buyers and sellers. A security analysis tool – Reviewsec, which detects manipulations of reviews in online reputation systems, is presented by Yongbo Zeng et al. The PDF version of the paper is available here.

Online reputation system has also been deployed in mobile application (app) market. The big success of app sales provides attackers with strong motivation to allure users by providing dishonest information. In the third article, some arguable mobile app sale boosting strategies are investigated and the effectiveness of these strategies has been verified against real user data collected from a closely connected social community. The PDF version of the paper is available here.

Furthermore, in the mobile app market, due to the rapid growth of new apps with new features, it becomes very challenging to analyze the security and privacy of each individual app in depth. An automatic mobile security deep-analytics platform has been designed and implemented by VisualThreat Inc. Based on this platform, Wei Yan et al. shared their investigation of privacy leakages and security vulnerabilities of social related mobile apps in the final paper. The PDF version of the paper is available here.

Hope you enjoy this E-Letter!

Yuhong Liu