Online integration platforms have become integral components of modern digital ecosystems. These platforms establish connections with numerous third-party services, enabling seamless exchange of data and interactions among these services. This pervasive connectivity, while enhancing efficiency and convenience, has raised various security and privacy concerns. Any vulnerability or security breach in these platforms can be exploited to gain unauthorized access to a wealth of user data, with repercussions that extend not only to the user data within the platform but also to the connected third-party services. This dissertation delves into such multifaceted challenges posed by online integration platforms, by focusing on the threat vectors that originate from a malicious third-party service and from a compromised platform. To study the first threat, we conduct a systemic analysis of the app integration platforms in team-based business collaboration platforms (Slack and Microsoft Teams), demonstrating how a malicious third-party app can illegitimately access private messages and assume control over other benign apps. The second threat is rooted inherently in the current design of integration platforms, and we have addressed this issue through an exploration of system designs for two types of integration systems, namely trigger-action and smart home platforms. Leveraging the unique data communication flow of each platform, we construct an efficient protocol tailored to meet the specific security requirements of these platforms. Our work serves as a vital step toward protecting user data in integration platforms against potential security and privacy vulnerabilities.