Just Accepted
MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
Authors: 
Shenao Wang, 
Yuekang Li, Kailong Wang, Yi Liu, 
Hui Li, 
Yang Liu, Haoyu WangAuthors Info & Claims
Accepted on 11 December 2024
Abstract
The advent of MiniApps, operating within larger SuperApps, has revolutionized user experiences by offering a wide range of services without the need for individual app downloads. However, this convenience has raised significant privacy concerns, as these MiniApps often require access to sensitive data, potentially leading to privacy violations. Despite existing privacy regulations and platform guidelines, there is a lack of effective mechanisms to safeguard user privacy fully. To address this critical gap, we introduce MiniScope, a novel two-phase hybrid analysis approach, specifically designed for the MiniApp environment. This approach overcomes the limitations of existing static analysis techniques by incorporating UI transition states analysis, cross-package callback control flow resolution, and automated iterative UI exploration. This allows for a comprehensive understanding of MiniApps’ privacy practices, addressing the unique challenges of sub-package loading and event-driven callbacks. Our empirical evaluation of over 120K MiniApps using MiniScope demonstrates its effectiveness in identifying privacy inconsistencies. The results reveal significant issues, with 5.7% of MiniApps over-collecting private data and 33.4% overclaiming data collection. We have responsibly disclosed our findings to 2,282 developers, receiving 44 acknowledgments. These findings emphasize the urgent need for more precise privacy monitoring systems and highlight the responsibility of SuperApp operators to enforce stricter privacy measures.
References
[1]
2022. Act on the Protection of Personal Information. https://www.ppc.go.jp/.
[2]
2022. California Consumer Privacy Act. https://oag.ca.gov/privacy/ccpa.
[3]
2022. Consumer Privacy Protection Act. https://ised-isde.canada.ca/site/innovation-better-canada/en/consumer-privacy-protection-act.
[4]
2022. eCommerce SaaS solution by WeChat: a complete guide. https://wechatwiki.com/wechat-resources/wechat-mini-shop-ecommerce-solution/.
[5]
2022. General Data Protection Regulation. https://commission.europa.eu/law/law-topic/data-protection_en.
[6]
2023. First Major Analysis of WeChat Ecosystem Network Requests Finds Privacy Gaps, Undisclosed Data Sharing. https://www.cpomagazine.com/data-privacy/first-major-analysis-of-wechat-ecosystem-network-requests-finds-privacy-gaps-undisclosed-data-sharing/.
[7]
2023. Should We Chat? Privacy in the WeChat Ecosystem. https://citizenlab.ca/2023/06/privacy-in-the-wechat-ecosystem-full-report/.
[8]
2023. WeChat API Documentation. https://developers.weixin.qq.com/miniprogram/en/dev/api/.
[9]
2023. WECHAT PRIVACY POLICY. https://www.wechat.com/en/privacy_policy.html.
[10]
Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 585–602. https://www.usenix.org/conference/usenixsecurity19/presentation/andow
[11]
Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck. In 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 985–1002. https://www.usenix.org/conference/usenixsecurity20/presentation/andow
[12]
Anonymous. 2023. Online Documentation. https://docs.google.com/spreadsheets/d/1l3P7D9kIRlDiR97ndGaa8xMLXooshIaQa0peYK2kV78/edit?usp=sharing.
[13]
appium. 2023. appium. https://github.com/appium/appium.
[14]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014, Michael F. P. O’Boyle and Keshav Pingali (Eds.). ACM, 259–269. https://doi.org/10.1145/2594291.2594299
[15]
Supraja Baskaran, Lianying Zhao, Mohammad Mannan, and Amr M. Youssef. 2023. Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case. CoRR abs/2307.09317 (2023). https://doi.org/10.48550/ARXIV.2307.09317 arXiv:2307.09317
[16]
Duc Bui, Brian Tang, and Kang G. Shin. 2023. Detection of Inconsistencies in Privacy Practices of Browser Extensions. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. IEEE, 2780–2798. https://doi.org/10.1109/SP46215.2023.10179338
[17]
Duc Bui, Yuan Yao, Kang G. Shin, Jong-Min Choi, and Junbum Shin. 2021. Consistency Analysis of Data-Usage Purposes in Mobile Apps. In CCS ’21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021, Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi (Eds.). ACM, 2824–2843. https://doi.org/10.1145/3460120.3484536
[18]
Feng Dong, Haoyu Wang, Li Li, Yao Guo, Tegawendé F. Bissyandé, Tianming Liu, Guoai Xu, and Jacques Klein. 2018. FraudDroid: automated ad fraud detection for Android apps. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/SIGSOFT FSE 2018, Lake Buena Vista, FL, USA, November 04-09, 2018, Gary T. Leavens, Alessandro Garcia, and Corina S. Pasareanu (Eds.). ACM, 257–268. https://doi.org/10.1145/3236024.3236045
[19]
William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick D. McDaniel, and Anmol Sheth. 2010. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In 9th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2010, October 4-6, 2010, Vancouver, BC, Canada, Proceedings, Remzi H. Arpaci-Dusseau and Brad Chen (Eds.). USENIX Association, 393–407. http://www.usenix.org/events/osdi10/tech/full_papers/Enck.pdf
[20]
frida. 2023. frida. https://github.com/frida/frida.
[21]
Lei Hao, Fucheng Wan, Ning Ma, and Yicheng Wang. 2018. Analysis of the Development of WeChat Mini Program. Journal of Physics: Conference Series 1087, 6, 062040. https://doi.org/10.1088/1742-6596/1087/6/062040
[22]
Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. 2018. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. CoRR abs/1802.02561 (2018). arXiv:1802.02561 http://arxiv.org/abs/1802.02561
[23]
Vijay Kumar, Shikha Arya, and Vinesh Kumar Gupta. 2018. Advances in Intrusion Detection and Prevention Techniques: A Survey. International Journal of Computer Network and Information Security 6 (Apr 2018), 1–13. https://doi.org/10.5815/ijcnis.2018.06.01
[24]
Wei Li, Borui Yang, Hangyu Ye, Liyao Xiang, Qingxiao Tao, Xinbing Wang, and Chenghu Zhou. 2024. MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps. IEEE Trans. Dependable Secur. Comput. 21, 4 (2024), 2099–2114. https://doi.org/10.1109/TDSC.2023.3299945
[25]
Yuxi Ling, Kailong Wang, Guangdong Bai, Haoyu Wang, and Jin Song Dong. 2022. Are they Toeing the Line? Diagnosing Privacy Compliance Violations among Browser Extensions. In 37th IEEE/ACM International Conference on Automated Software Engineering, ASE 2022, Rochester, MI, USA, October 10-14, 2022. ACM, 10:1–10:12. https://doi.org/10.1145/3551349.3560436
[26]
Changlin Liu, Hanlin Wang, Tianming Liu, Diandian Gu, Yun Ma, Haoyu Wang, and Xusheng Xiao. 2022. PROMAL: Precise Window Transition Graphs for Android via Synergy of Program Analysis and Machine Learning. In 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 1755–1767. https://doi.org/10.1145/3510003.3510037
[27]
Yi Liu, Jinhui Xie, Jianbo Yang, Shiyu Guo, Yuetang Deng, Shuqing Li, Yechang Wu, and Yepang Liu. 2020. Industry Practice of JavaScript Dynamic Analysis on WeChat Mini-Programs. In 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, Melbourne, Australia, September 21-25, 2020. IEEE, 1189–1193. https://doi.org/10.1145/3324884.3421842
[28]
Zhe Liu, Chunyang Chen, Junjie Wang, Yuhui Su, Yuekai Huang, Jun Hu, and Qing Wang. 2023. Ex pede Herculem: Augmenting Activity Transition Graph for Apps via Graph Convolution Network. In 45th IEEE/ACM International Conference on Software Engineering, ICSE 2023, Melbourne, Australia, May 14-20, 2023. IEEE, 1983–1995. https://doi.org/10.1109/ICSE48619.2023.00168
[29]
Haoran Lu, Luyi Xing, Yue Xiao, Yifan Zhang, Xiaojing Liao, XiaoFeng Wang, and Xueqiang Wang. 2020. Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems. In CCS ’20: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, November 9-13, 2020, Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna (Eds.). ACM, 569–585. https://doi.org/10.1145/3372297.3417255
[30]
Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, and Haoyu Wang. 2023. Wemint:Tainting Sensitive Data Leaks in WeChat Mini-Programs. In 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023, Luxembourg, September 11-15, 2023. IEEE, 1403–1415. https://doi.org/10.1109/ASE56229.2023.00151
[31]
Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, and Xiaofeng Wang. 2015. UIPicker: User-Input Privacy Identification in Mobile Applications. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 993–1008. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/nan
[32]
r3x5ur. 2023. unveilr. https://github.com/r3x5ur/unveilr.
[33]
Qianhui Rao and Eunju Ko. 2021. Impulsive purchasing and luxury brand loyalty in WeChat Mini Program. Asia Pacific Journal of Marketing and Logistics 33, 10 (2021), 2054–2071. https://doi.org/10.1108/APJML-08-2020-0621
[34]
security-pride. 2023. MiniScope. https://github.com/security-pride/MiniScope.
[35]
sensepost. 2023. objection. https://github.com/sensepost/objection.
[36]
Rocky Slavin, Xiaoyin Wang, Mitra Bokaei Hosseini, James Hester, Ram Krishnan, Jaspreet Bhatia, Travis D. Breaux, and Jianwei Niu. 2016. Toward a framework for detecting privacy policy violations in android application code. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016, Laura K. Dillon, Willem Visser, and Laurie A. Williams (Eds.). ACM, 25–36. https://doi.org/10.1145/2884781.2884855
[37]
Rahmadi Trimananda, Hieu Le, Hao Cui, Janice Tran Ho, Anastasia Shuba, and Athina Markopoulou. 2022. OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR. In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 3789–3806. https://www.usenix.org/conference/usenixsecurity22/presentation/trimananda
[38]
W3C. 2023. MiniApp Standardization White Paper. https://www.w3.org/TR/mini-app-white-paper.
[39]
W3C. 2023. MiniApp Subpackaging. https://www.w3.org/TR/mini-app-white-paper/#subpackaging.
[40]
Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, and Zhiqiang Lin. 2023. Taintmini: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. In 45th IEEE/ACM International Conference on Software Engineering, ICSE 2023, Melbourne, Australia, May 14-20, 2023. IEEE, 932–944. https://doi.org/10.1109/ICSE48619.2023.00086
[41]
Chao Wang, Yue Zhang, and Zhiqiang Lin. 2023. Uncovering and Exploiting Hidden APIs in Mobile Super Apps. CoRR abs/2306.08134 (2023). https://doi.org/10.48550/ARXIV.2306.08134 arXiv:2306.08134
[42]
Shenao Wang, Yanjie Zhao, Kailong Wang, and Haoyu Wang. 2023. On the Usage-scenario-based Data Minimization in Mini Programs. In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, SaTS 2023, Copenhagen, Denmark, 26 November 2023, Zhiqiang Lin and Xiaojing Liao (Eds.). ACM, 29–32. https://doi.org/10.1145/3605762.3624435
[43]
Tao Wang, Qingxin Xu, Xiaoning Chang, Wensheng Dou, Jiaxin Zhu, Jinhui Xie, Yuetang Deng, Jianbo Yang, Jiaheng Yang, Jun Wei, and Tao Huang. 2022. Characterizing and Detecting Bugs in WeChat Mini-Programs. In 44th IEEE/ACM 44th International Conference on Software Engineering, ICSE 2022, Pittsburgh, PA, USA, May 25-27, 2022. ACM, 363–375. https://doi.org/10.1145/3510003.3510114
[44]
Xiaoyin Wang, Xue Qin, Mitra Bokaei Hosseini, Rocky Slavin, Travis D. Breaux, and Jianwei Niu. 2018. GUILeak: tracing privacy policy claims on user input data for Android applications. In Proceedings of the 40th International Conference on Software Engineering, ICSE 2018, Gothenburg, Sweden, May 27 - June 03, 2018, Michel Chaudron, Ivica Crnkovic, Marsha Chechik, and Mark Harman (Eds.). ACM, 37–47. https://doi.org/10.1145/3180155.3180196
[45]
Yin Wang, Ming Fan, Junfeng Liu, Junjie Tao, Wuxia Jin, Haijun Wang, Qi Xiong, and Ting Liu. 2024. Do as You Say: Consistency Detection of Data Practice in Program Code and Privacy Policy in Mini-App. IEEE Transactions on Software Engineering (2024), 1–23. https://doi.org/10.1109/TSE.2024.3479288
[46]
Yin Wang, Ming Fan, Hao Zhou, Haijun Wang, Wuxia Jin, Jiajia Li, Wenbo Chen, Shijie Li, Yu Zhang, Deqiang Han, and Ting Liu. 2024. MiniChecker: Detecting Data Privacy Risk of Abusive Permission Request Behavior in Mini-Programs. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (Sacramento, CA, USA) (ASE ’24). Association for Computing Machinery, New York, NY, USA, 1667–1679. https://doi.org/10.1145/3691620.3695534
[47]
xdmjun. 2023. wxappUnpacker. https://github.com/xdmjun/wxappUnpacker.
[48]
Fabian Yamaguchi, Nico Golde, Daniel Arp, and Konrad Rieck. 2014. Modeling and Discovering Vulnerabilities with Code Property Graphs. In 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, May 18-21, 2014. IEEE Computer Society, 590–604. https://doi.org/10.1109/SP.2014.44
[49]
Ziqiang Yan, Ming Fan, Yin Wang, Jifei Shi, Haoran Wang, and Ting Liu. 2023. MUID: Detecting Sensitive User Inputs in Miniapp Ecosystems. In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps (Copenhagen, Denmark) (SaTS ’23). Association for Computing Machinery, New York, NY, USA, 17–21. https://doi.org/10.1145/3605762.3624429
[50]
Shengqian Yang, Haowei Wu, Hailong Zhang, Yan Wang, Chandrasekar Swaminathan, Dacong Yan, and Atanas Rountev. 2018. Static window transition graphs for Android. Autom. Softw. Eng. 25, 4 (2018), 833–873. https://doi.org/10.1007/S10515-018-0237-6
[51]
Shengqian Yang, Dacong Yan, Haowei Wu, Yan Wang, and Atanas Rountev. 2015. Static Control-Flow Analysis of User-Driven Callbacks in Android Applications. In 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, Volume 1, Antonia Bertolino, Gerardo Canfora, and Sebastian G. Elbaum (Eds.). IEEE Computer Society, 89–99. https://doi.org/10.1109/ICSE.2015.31
[52]
Shuaihao Yang, Zigang Zeng, and Wei Song. 2022. PermDroid: automatically testing permission-related behaviour of Android applications. In ISSTA ’22: 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, South Korea, July 18 - 22, 2022, Sukyoung Ryu and Yannis Smaragdakis (Eds.). ACM, 593–604. https://doi.org/10.1145/3533767.3534221
[53]
Yuqing Yang, Chao Wang, Yue Zhang, and Zhiqiang Lin. 2023. SoK: Decoding the Super App Enigma: The Security Mechanisms, Threats, and Trade-offs in OS-alike Apps. CoRR abs/2306.07495 (2023). https://doi.org/10.48550/ARXIV.2306.07495 arXiv:2306.07495
[54]
Yuqing Yang, Yue Zhang, and Zhiqiang Lin. 2022. Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022, Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi (Eds.). ACM, 3079–3092. https://doi.org/10.1145/3548606.3560597
[55]
Jianyi Zhang, Leixin Yang, Yuyang Han, Zhi Sun, and Zixiao Xiang. 2022. A Small Leak Will Sink Many Ships: Vulnerabilities Related to Mini Programs Permissions. CoRR abs/2205.15202 (2022). https://doi.org/10.48550/ARXIV.2205.15202 arXiv:2205.15202
[56]
Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. 2022. Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022, Kevin R. B. Butler and Kurt Thomas (Eds.). USENIX Association, 1597–1613. https://www.usenix.org/conference/usenixsecurity22/presentation/zhang-lei
[57]
Xiaohan Zhang, Yang Wang, Xin Zhang, Ziqi Huang, Lei Zhang, and Min Yang. 2023. Understanding Privacy Over-collection in WeChat Sub-app Ecosystem. CoRR abs/2306.08391 (2023). https://doi.org/10.48550/ARXIV.2306.08391 arXiv:2306.08391
[58]
Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. 2021. A Measurement Study of Wechat Mini-Apps. In SIGMETRICS ’21: ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer Systems, Virtual Event, China, June 14-18, 2021, Longbo Huang, Anshul Gandhi, Negar Kiyavash, and Jia Wang (Eds.). ACM, 19–20. https://doi.org/10.1145/3410220.3460106
[59]
Yue Zhang, Yuqing Yang, and Zhiqiang Lin. 2023. Don’t Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. CoRR abs/2306.08151 (2023). https://doi.org/10.48550/ARXIV.2306.08151 arXiv:2306.08151
[60]
Zidong Zhang, Qingsheng Hou, Lingyun Ying, Wenrui Diao, Yacong Gu, Rui Li, Shanqing Guo, and Haixin Duan. 2024. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA. https://doi.org/10.1145/3658644.3670294
[61]
Kaifa Zhao, Le Yu, Shiyao Zhou, Jing Li, Xiapu Luo, Yat Fei Aemon Chiu, and Yutong Liu. 2022. A Fine-grained Chinese Software Privacy Policy Dataset for Sequence Labeling and Regulation Compliant Identification. CoRR abs/2212.04357 (2022). https://doi.org/10.48550/ARXIV.2212.04357 arXiv:2212.04357
[62]
Yanjie Zhao, Yue Zhang, and Haoyu Wang. 2023. Potential Risks Arising from the Absence of Signature Verification in Miniapp Plugins. In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps (Copenhagen, Denmark) (SaTS ’23). Association for Computing Machinery, New York, NY, USA, 59–64. https://doi.org/10.1145/3605762.3624433
[63]
Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman M. Sadeh, Steven M. Bellovin, and Joel R. Reidenberg. 2016. Automated Analysis of Privacy Requirements for Mobile Apps. In 2016 AAAI Fall Symposia, Arlington, Virginia, USA, November 17-19, 2016. AAAI Press. http://aaai.org/ocs/index.php/FSS/FSS16/paper/view/14113
Index Terms
- MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
Recommendations
Cooperative Visualization of Privacy Risks
CDVE '08: Proceedings of the 5th international conference on Cooperative Design, Visualization, and EngineeringThe growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services has put large quantities of customer private information in the hands of service providers, who in many cases have ...
On two RFID privacy notions and their relations
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on ...
Privacy Policy Compliance in Miniapps: An Analytical Study
SaTS '24: Proceedings of the ACM Workshop on Secure and Trustworthy SuperappsMiniapps, lightweight applications based on WebView technology, are widely used on many platforms around the world. With the exponential growth in the number of miniapps, a variety of security concerns have emerged. Although various governments and ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
EISSN:1557-7392
Table of ContentsCopyright © 2024 Copyright held by the owner/author(s).
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Online AM: 21 December 2024
Accepted: 11 December 2024
Revised: 29 November 2024
Received: 19 January 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 160Total Downloads
- Downloads (Last 12 months)160
- Downloads (Last 6 weeks)62
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in