![[2602.10915] Blind Gods and Broken Screens: Architecting a Secure, Intent-Centric Mobile Agent Operating System](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.10915] Blind Gods and Broken Screens: Architecting a Secure, Intent-Centric Mobile Agent Operating System
Summary
The paper presents Aura, a secure mobile agent operating system designed to address vulnerabilities in current app-centric models by implementing a structured interaction model and enhancing security measures.
Why It Matters
As mobile computing evolves towards autonomous agents, ensuring security against emerging threats is crucial. This research highlights significant vulnerabilities in current systems and proposes a novel architecture that could enhance security and functionality in mobile applications, making it relevant for developers and security professionals.
Key Takeaways
- Current mobile agent systems face critical security vulnerabilities.
- Aura proposes a structured interaction model to replace traditional GUI scraping.
- The new architecture significantly improves task success rates and reduces attack success rates.
Computer Science > Cryptography and Security arXiv:2602.10915 (cs) [Submitted on 11 Feb 2026 (v1), last revised 13 Feb 2026 (this version, v3)] Title:Blind Gods and Broken Screens: Architecting a Secure, Intent-Centric Mobile Agent Operating System Authors:Zhenhua Zou, Sheng Guo, Qiuyang Zhan, Lepeng Zhao, Shuo Li, Qi Li, Ke Xu, Mingwei Xu, Zhuotao Liu View a PDF of the paper titled Blind Gods and Broken Screens: Architecting a Secure, Intent-Centric Mobile Agent Operating System, by Zhenhua Zou and Sheng Guo and Qiuyang Zhan and Lepeng Zhao and Shuo Li and Qi Li and Ke Xu and Mingwei Xu and Zhuotao Liu View PDF HTML (experimental) Abstract:The evolution of Large Language Models (LLMs) has shifted mobile computing from App-centric interactions to system-level autonomous agents. Current implementations predominantly rely on a "Screen-as-Interface" paradigm, which inherits structural vulnerabilities and conflicts with the mobile ecosystem's economic foundations. In this paper, we conduct a systematic security analysis of state-of-the-art mobile agents using Doubao Mobile Assistant as a representative case. We decompose the threat landscape into four dimensions - Agent Identity, External Interface, Internal Reasoning, and Action Execution - revealing critical flaws such as fake App identity, visual spoofing, indirect prompt injection, and unauthorized privilege escalation stemming from a reliance on unstructured visual data. To address these challenges, we propose Aura, an Ag...