Balancing “super app” ambitions with privacy

When Elon Musk’s ambitions to transform X into an “everything app” were divulged last year, he joined several companies known to be exploring or actively working on developing super apps, suggesting there’s clearly a niche to be filled.

In fact, since the era of big data started – and the amount of both public and personal data collected and curated has blown up – it’s become somewhat common for people to own several hundred online accounts. With each operating as an isolated silo managed by unrelated services and domains, interoperability is nowhere to be seen.

Right now, nothing indicates the growing amount of data is slowing anytime soon; the advent of generative AI may even amplify it. But the resulting fragmentation poses several challenges, including the need for users to update information separately across all the domains that store it.

Alongside what is a cumbersome, time-consuming maintenance task for users, this disjointed structure also results in missed opportunities to harness user-centric data across multiple domains, hindering the creation of innovative, value-added experiences.

Think of the potential in unified health metrics, consolidated banking services spanning multiple banks, a cohesive government-related account, an integrated social network, or a unified marketplace – all of which remain unrealized within the current siloed framework.

With these obstacles in mind, those pursuing data federation are jumping on a real opportunity to overcome existing limitations and unlock multifaceted benefits, including:

• Much simpler user experience, with a single application that encompasses everything
• New convenient services, which can rely on a more complete collection of exploitable data for the same purpose
• Boosted data-driven innovation that has added value for users and offers new avenues for business, like AI.

The considerations for “super app” data privacy

While benefits are plenty, one of the key considerations associated with the creation of a “super app” – with all the potential volumes of data accessible – is what users might lose in terms of privacy. Many will be nervous about how much knowledge a single brand will have about our individual preferences. With a single, multi-use platform there is also potentially more risk from data breaches or similar.

With these worries in mind, companies with super app ambitions must consider the following:

a. How to handle (and recover from) identity theft?
b. How to secure the data against data theft/breaches?
c. How to ensure that access to the data obeys the sharing policy the user has consented to?

Point a) is probably the easiest. It can be addressed using multi-factor authentication (MFA) and biometry, just like today, with the possibility of federated identity mechanisms in the future, such as FIDO or OpenID Connect.

Point b) is clearly a major cybersecurity issue, given how many data breaches are reported every year. This is where three emerging technologies will allow companies to balance super-app functionality without compromising user privacy:

Fully homomorphic encryption (FHE): FHE is a type of encryption that supports data processing without requiring decryption and is a game-changer in this scenario. Users manage their own individual private key in a local device, and the super-app backend only collects and processes data that is encrypted. The use of this technology alone makes data breaches and a whole category of cyberattacks completely nullified for both users and service providers alike.

With FHE, all the data attached to a user account remains confidential at all times, irrespective of whether it originated from that user in the first place or is the result of subsequent processing by the super-app service. The user may also publish a public FHE encryption key so that any other user can post additional encrypted data on their account to enrich their data store.

Multi-party computation (MPC): This technology provides a feature that complements an FHE user’s unique ability to decrypt their encrypted data using FHE. It allows a quorum of designated entities to engage in a collaborative protocol that re-encrypts that data blindly, so that the data becomes decryptable by a second user who was granted read access by the first. This re-encryption can occur without the user one’s involvement, but under very specific conditions on user two, and a preliminary consensus that these conditions have been met must be reached between the designated entities.

Attribute-based credentials (ABCs) function as advanced digital signatures, providing entity authentication while preserving the desired level of anonymity for the authenticating entity – in this case, user two.

In the super-app framework, user one issues to user two an access token that grants access to their data while allowing user two to maintain varying degrees of anonymity, determined by user one. Following issuance, user two can prove ownership of a valid token issued by user one without revealing it, using a zero-knowledge method. This triggers a multi-party re-encryption, and user two can then decrypt the re-encrypted data using their private key.

When implemented correctly, these mechanisms enhance the security of a super app – or even a conventional app – significantly.

Point c) is a challenge, as sharing access to data is a rather complex feature for service providers to support, especially in an auditable and legally binding way.

On this point, one might ask exactly how much control users have over shared data, and what mechanisms are in place to obtain user consent within the super app? The way I see it – from the perspective of a cryptographer – cybersecurity countermeasures and so-called security certificates are unreliable and should be replaced completely by strong cryptography. Many cryptographic tools are underused today in the consumer-facing tech industry, although most of them are efficient, standardized, and open-source implementations are even available.

Advanced cryptographic mechanisms such as FHE, MPC and ABCs are the only way to truly secure data sharing. With a proper cryptographic architecture in deployment, a super app can offer strong guarantees such as:

• Users have complete control over how their data is being shared and with whom. They can grant access in a granular way: read or write access or both, permanently or for a chosen duration, to third parties that will have to identify themselves – and therefore will appear in the logs – or that can remain partially or fully anonymous during access. All this while staying within the possible limitations of full compliance with the laws that may be applicable.
• The service itself is not given superpower-like privileges, such as being able to impersonate a user, accessing user data in the clear or modifying that data. All events originate from the explicit consent of users.
• Full auditability and legally binding authenticity of all logged events, while supporting various levels of user anonymity to deter mass surveillance.

The future of the super app

Looking to the future, I can see further challenges and risks with the widespread adoption of super apps – particularly in corporate environments and potentially in the law enforcement space. Here, the evolution of this landscape will depend on how regulators navigate the challenges they face.

Striking a balance between maintaining national security and upholding user privacy rights will likely require continuous adaptation of legal frameworks and international cooperation. Additionally, the stance of individual countries on data protection and cryptography will play a crucial role in shaping the long-term implications for user privacy in a world dominated by super apps.

But overall, emerging technologies hold great promise in reconciling the potential of super apps without compromising functionality or user privacy – and this in mind, we’ll hopefully see a future where innovation can coexist with safeguarding individual rights.