A Systematic Literature Review on Cyber Security and Privacy Risks in MaaS (Mobility-as-a-Service) Systems

Download PDF
Open Webpage

Rahime Belen-Saglam, Haiyue Yuan, Maria Sophia Heering, Ramsha Ashraf, Shujun Li

Published: 20 Jun 2025, Last Modified: 25 Jan 2026InformationEveryoneRevisionsCC BY-SA 4.0
Abstract: Mobility as a Service (MaaS) is anticipated to revolutionize transport by integrating conventional public transport with on-demand and shared services. This innovation promises enhanced convenience, flexibility, and sustainability in urban mobility, drawing interest from both researchers and industry. However, those systems heavily rely on the collection and sharing of personal data among various stakeholders, introducing security and privacy risks. To understand the scale and scope of cyber security and privacy concerns and risks associated with MaaS, we conducted a systematic literature review (SLR) covering 87 relevant research papers published between 2017 and April 2025. Our review represents the most comprehensive examination focusing on cyber security and privacy issues of MaaS systems. Our findings reveal three themes discussed within the MaaS literature: (i) cyber security and privacy risks inherent to MaaS systems, alongside proposed solutions to mitigate such risks; (ii) users’ concerns about these risks and how they affect MaaS adoption; and (iii) laws and policies that govern cyber security and privacy aspects of MaaS systems and solutions. As such, our research serves to not only inform MaaS service providers and users but also advise policymakers and legislators on the potential risks involved and the regulatory measures required to address them.