One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant {APIs} in {WeChat}
The past few years have witnessed a boom of mobile super apps, which are the apps
offering multiple services such as e-commerce, e-learning, and e-government via miniapps …
offering multiple services such as e-commerce, e-learning, and e-government via miniapps …
Cross miniapp request forgery: Root causes, attacks, and vulnerability detection
A miniapp is a full-fledged app that is executed inside a mobile super app such as WeChat
or SnapChat. Being mini by nature, it often has to communicate with other miniapps to …
or SnapChat. Being mini by nature, it often has to communicate with other miniapps to …
Taintmini: Detecting flow of sensitive data in mini-programs with static taint analysis
Mini-programs, which are programs running inside mobile super apps such as WeChat,
often have access to privacy-sensitive information, such as location data and phone …
often have access to privacy-sensitive information, such as location data and phone …
Uncovering and exploiting hidden apis in mobile super apps
Mobile applications, particularly those from social media platforms such as WeChat and
TikTok, are evolving into" super apps" that offer a wide range of services such as instant …
TikTok, are evolving into" super apps" that offer a wide range of services such as instant …
Don't leak your keys: Understanding, measuring, and exploiting the appsecret leaks in mini-programs
Mobile mini-programs in WeChat have gained significant popularity since their debut in
2017, reaching a scale similar to that of Android apps in the Play Store. Like Google …
2017, reaching a scale similar to that of Android apps in the Play Store. Like Google …
No privacy among spies: Assessing the functionality and insecurity of consumer android spyware apps
Consumer mobile spyware apps covertly monitor a user's activities (ie, text messages,
phone calls, e-mail, location, etc.) and transmit that information over the Internet to support …
phone calls, e-mail, location, etc.) and transmit that information over the Internet to support …
MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps
W Li, B Yang, H Ye, L **ang, Q Tao… - … on Dependable and …, 2023 - ieeexplore.ieee.org
Running on host mobile applications, mini apps have gained increasing popularity these
days for its convenience in installation and usage. However, being easy to use allows mini …
days for its convenience in installation and usage. However, being easy to use allows mini …
Measuring the leakage and exploitability of authentication secrets in super-apps: The wechat case
Super-apps such as WeChat and Baidu host millions of mini-apps, which are very popular
among users and developers because of the mini-apps' convenience, lightweight, ease of …
among users and developers because of the mini-apps' convenience, lightweight, ease of …
Understanding the (in) security of cross-side face verification systems in mobile apps: a system perspective
Face Verification Systems (FVSes) are more and more deployed by real-world mobile
applications (apps) to verify a human's claimed identity. One popular type of FVSes is called …
applications (apps) to verify a human's claimed identity. One popular type of FVSes is called …
MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs
Mini-programs are lightweight apps running in super apps (such as WeChat, Baidu, Alipay,
and TikTok), an emerging paradigm in the era of mobile computing. With the growing …
and TikTok), an emerging paradigm in the era of mobile computing. With the growing …