More Web Proxy on the site http://driver.im/

research-article

A Measurement Study of Wechat Mini-Apps

Authors:

Bayan Turkistani,

Allen Yuqing Yang,

Zhiqiang LinAuthors Info & Claims

Proceedings of the ACM on Measurement and Analysis of Computing Systems, Volume 5, Issue 2

Article No.: 14, Pages 1 - 25

https://doi.org/10.1145/3460081

Published: 04 June 2021 Publication History

Abstract

A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host app to build an ecosystem around (much like Google Play and Apple AppStore), enrich the host's functionalities, and offer mobile users elevated convenience without leaving the host app. It has been reported that there are over millions of mini-apps in WeChat. However, little information is known about these mini-apps at an aggregated level. In this paper, we present MiniCrawler, the first scalable and open source WeChat mini-app crawler that has indexed over 1,333,308 mini-apps. It leverages a number of reverse engineering techniques to uncover the interfaces and APIs in WeChat for crawling the mini-apps. With the crawled mini-apps, we then measure their resource consumption, API usage, library usage, obfuscation rate, app categorization, and app ratings at an aggregated level. The details of how we develop MiniCrawler and our measurement results are reported in this paper.

References

[1]

C. Lee, "WeChat launches mini-app feature," https://www.zdnet.com/article/wechat-launches-mini-app-feature/, 01 2017, (Accessed on 04/21/2021).

[2]

L. Eadicicco, "How facebook, Apple, Google copied china's WeChat messaging app - business insider," https://www.businessinsider.com/facebook-apple-google-copied-wechat-app-trump-executive-order-2020--8, 08 2020, (Accessed on 04/21/2021).

[3]

K. Leswing, "Three ways to get iPhone software without using Apple's App Store," https://www.cnbc.com/2020/09/01/how-to-get-iphone-software-without-using-apples-app-store.html, 9 2020, (Accessed on 04/21/2021).

[4]

A. Ha, "Daily Crunch: Snapchat is getting mini apps," https://techcrunch.com/2020/06/12/daily-crunch-snapchat-is-getting-mini-apps/, 06 2020, (Accessed on 04/21/2021).

[5]

"How brands are using WeChat mini programs," https://mavsocial.com/wechat-mini-programs-for-brands/, 2018.

[6]

H. Lu, L. Xing, Y. Xiao, Y. Zhang, X. Liao, X. Wang, and X. Wang, "Demystifying resource management risks in emerging mobile app-in-app ecosystems," in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 569--585.

[7]

"Number of monthly active WeChat users from 2nd quarter 2011 to 3rd quarter 2020," https://www.statista.com/statistics/255778/number-of-active-wechat-messenger-accounts/, 3 2020, (Accessed on 04/21/2021).

[8]

"WeChat data, insights and statistics: user profile, behaviours, usages, market trends," https://wechatwiki.com/wechat-resources/wechat-data-insight-trend-statistics/, 03 2019, (Accessed on 04/21/2021).

[9]

"The total size of all subpackages of a Mini Program cannot exceed 12 MB," https://developers.weixin.qq.com/miniprogram/en/dev/framework/subpackages.html, 06 2020, (Accessed on 04/21/2021).

[10]

A. Rafi, "Android app size limit increased from 50 MB to 4GB," https://www.androidguys.com/news/android-app-size-limit-increased-from-50mb-to-4gb/, 5 2012, (Accessed on 04/21/2021).

[11]

N. Viennot, E. Garcia, and J. Nieh, "A measurement study of google play," in The 2014 ACM international conference on Measurement and modeling of computer systems, 06 2014, pp. 221--233.

[12]

S. Seneviratne, H. Kolamunna, and A. Seneviratne, "A measurement study of tracking in paid mobile applications," in Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 6 2015, pp. 1--6.

[13]

H. Wang, H. Li, and Y. Guo, "Understanding the evolution of mobile app ecosystems: A longitudinal measurement study of google play," in The World Wide Web Conference, 09 2019, pp. 1988--1999.

Digital Library

[14]

H. Wang, Z. Liu, J. Liang, N. Vallina-Rodriguez, Y. Guo, L. Li, J. Tapiador, J. Cao, and G. Xu, "Beyond google play: A large-scale comparative study of chinese android app markets," in Proceedings of the Internet Measurement Conference 2018, 2018, pp. 293--307.

[15]

W. Liu, G. Zhang, J. Chen, Y. Zou, and W. Ding, "A measurement-based study on application popularity in android and ios app stores," in Proceedings of the 2015 Workshop on Mobile Big Data, 2015, pp. 13--18.

[16]

C. A. Kardous and P. B. Shaw, "Evaluation of smartphone sound measurement applications (apps) using external microphones-a follow-up study," The Journal of the acoustical society of America, vol. 140, no. 4, pp. EL327--EL333, 2016.

[17]

"WeChat mini program development guide," https://developers.weixin.qq.com/miniprogram/en/dev/framework/, 08 2017, (Accessed on 04/21/2021).

[18]

"Reference documentation for mini program frameworks," https://developers.weixin.qq.com/miniprogram/en/dev/reference/, 08 2020, (Accessed on 04/21/2021).

[19]

"WeChat account protection," https://help.wechat.com/cgi-bin/micromsg-bin/oshelpcenter?opcode=2&lang=en&plat=android&id=170417vMBnEB170417InAF36&Channel=helpcenter, 08 2020, (Accessed on 04/21/2021).

[20]

H. Liu, P. Gao, and Y. Xiao, "New words discovery method based on word segmentation result," in 2018 IEEE/ACIS 17th International Conference on Computer and Information Science. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 645--648.

[21]

"Introduction to android hook framework Xposed," https://programmer.ink/think/introduction-to-android-hook-framework-xposed.html, 06 2019, (Accessed on 04/21/2021).

[22]

"WeChat API categories," https://developers.weixin.qq.com/miniprogram/en/dev/api/, 03 2020, (Accessed on 04/21/2021).

[23]

"Directory structure (offical document)," https://developers.weixin.qq.com/miniprogram/en/dev/framework/structure.html, 03 2020, (Accessed on 04/21/2021).

[24]

"WXML," https://developers.weixin.qq.com/miniprogram/en/dev/reference/wxml/, 03 2020, (Accessed on 04/21/2021).

[25]

"WXSS," https://developers.weixin.qq.com/miniprogram/en/dev/framework/view/wxss.html, 03 2020, (Accessed on 04/21/2021).

[26]

"Configuration of server domain name (WeChat official document)," https://developers.weixin.qq.com/miniprogram/en/dev/framework/ability/network.html, 2020.

[27]

A. Mahajan, Burp Suite Essentials. hskip 1em plus 0.5em minus 0.4emrelax Packt Publishing Ltd, 2014.

[28]

"Dex to java decompiler," https://github.com/skylot/jadx, 06 2015, (Accessed on 04/21/2021).

[29]

S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi, "ASM: A programmable interface for extending android security," in 23rd USENIX Security Symposium, 2014, pp. 1005--1019.

[30]

"Account security," https://007.qq.com/account-guard.html?ADTAG=index.block, 01 2020, (Accessed on 04/21/2021).

[31]

C. Chen, K. Wu, V. Srinivasan, and X. Zhang, "Battling the internet water army: Detection of hidden paid posters," in 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2013, pp. 116--120.

[32]

L. Zhong, "Ranking of the most commonly used 1,000 chinese characters," https://www.thn21.com/base/zi/17300.html, (Accessed on 04/21/2021).

[33]

""Jieba" (Chinese for "to stutter") chinese text segmentation: built to be the best python chinese word segmentation module." https://github.com/fxsjy/jieba, (Accessed on 02/01/2021).

[34]

"Xposed," https://repo.xposed.info/, (Accessed on 02/01/2021).

[35]

"Weixin mini program platform operation rules," https://developers.weixin.qq.com/miniprogram/en/product/, 2020.

[36]

C. Zuo, H. Wen, Z. Lin, and Y. Zhang, "Automatic fingerprinting of vulnerable ble iot devices with static uuids from mobile apps," in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1469--1483.

[37]

J. Desjardins, "How many millions of lines of code does it take?" https://www.visualcapitalist.com/millions-lines-of-code/, 02 2017, (Accessed on 04/21/2021).

[38]

T. J. McCabe, "A complexity measure," IEEE Transactions on software Engineering, no. 4, pp. 308--320, 1976.

Digital Library

[39]

R. E. Zapata, R. G. Kula, B. Chinthanet, T. Ishio, K. Matsumoto, and A. Ihara, "Towards smoother library migrations: A look at vulnerable dependency migrations at function level for npm javascript packages," in 2018 IEEE International Conference on Software Maintenance and Evolution. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 559--563.

[40]

"WeChat miniapp evaluation," https://developers.weixin.qq.com/community/develop/article/doc/00028a270781c01547b81c2565b013, 2019, (Accessed on 04/21/2021).

[41]

S. M. Mirtaheri, M. E. Dincktürk, S. Hooshmand, G. V. Bochmann, G.-V. Jourdan, and I. V. Onut, "A brief history of web crawlers," arXiv preprint arXiv:1405.0749, 2014.

[42]

M. Ali, M. E. Joorabchi, and A. Mesbah, "Same app, different app stores: A comparative study," in 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2017, pp. 79--90.

[43]

H. Wang, H. Li, L. Li, Y. Guo, and G. Xu, "Why are android apps removed from google play? a large-scale empirical study," in 2018 IEEE/ACM 15th International Conference on Mining Software Repositories. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 231--242.

[44]

H. Wang, Z. Liu, Y. Guo, X. Chen, M. Zhang, G. Xu, and J. Hong, "An explorative study of the mobile app ecosystem from app developers' perspective," in Proceedings of the 26th International Conference on World Wide Web, 2017, pp. 163--172.

[45]

M. Zheng, M. Sun, and J. C. Lui, "Droidray: a security evaluation system for customized android firmwares," in Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014, pp. 471--482.

[46]

M. Elsabagh, R. Johnson, A. Stavrou, C. Zuo, Q. Zhao, and Z. Lin, "FIRMSCOPE: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware," in 29th USENIX Security Symposium, Aug. 2020.

Cited By

Wang YFan MZhou HWang HJin WLi JChen WLi SZhang YHan DLiu TFilkov VRay BZhou M(2024)MiniChecker: Detecting Data Privacy Risk of Abusive Permission Request Behavior in Mini-ProgramsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695534(1667-1679)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695534
Zhang YMukhopadhyay RChaintreau A(2024)Network Fairness Ambivalence: When does social network capital mitigate or amplify unfairness?Proceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36560178:2(1-28)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3656017
Wang YFan MLiu JTao JJin WWang HXiong QLiu T(2024)Do as You Say: Consistency Detection of Data Practice in Program Code and Privacy Policy in Mini-AppIEEE Transactions on Software Engineering10.1109/TSE.2024.347928850:12(3225-3248)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3479288
Show More Cited By

Index Terms

A Measurement Study of Wechat Mini-Apps
1. Networks
  1. Network performance evaluation
    1. Network measurement
2. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

A Measurement Study of Wechat Mini-Apps
SIGMETRICS '21

A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host ...
A Measurement Study of Wechat Mini-Apps
SIGMETRICS '21: Abstract Proceedings of the 2021 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer Systems

A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host ...
Detect Counterfeit Mini-apps: A Case Study on WeChat
SaTS '24: Proceedings of the ACM Workshop on Secure and Trustworthy Superapps

The rapid growth of mini-apps within super apps like WeChat has revolutionized mobile app ecosystems, but it has also introduced new security challenges. This paper presents the first comprehensive study of counterfeit mini-apps in the WeChat ecosystem. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems

Proceedings of the ACM on Measurement and Analysis of Computing Systems Volume 5, Issue 2

POMACS

June 2021

424 pages

EISSN:2476-1249

DOI:10.1145/3469656

Editors:
Augustin Chaintreau
Columbia University
,
Leana Golubchik
University of Southern California
,
Zhi-Li Zhang
University of Minnesota

Issue’s Table of Contents

Copyright © 2021 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2021

Published in POMACS Volume 5, Issue 2

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
711
Total Downloads

Downloads (Last 12 months)180
Downloads (Last 6 weeks)13

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang YFan MZhou HWang HJin WLi JChen WLi SZhang YHan DLiu TFilkov VRay BZhou M(2024)MiniChecker: Detecting Data Privacy Risk of Abusive Permission Request Behavior in Mini-ProgramsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695534(1667-1679)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695534
Zhang YMukhopadhyay RChaintreau A(2024)Network Fairness Ambivalence: When does social network capital mitigate or amplify unfairness?Proceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36560178:2(1-28)Online publication date: 29-May-2024
https://dl.acm.org/doi/10.1145/3656017
Wang YFan MLiu JTao JJin WWang HXiong QLiu T(2024)Do as You Say: Consistency Detection of Data Practice in Program Code and Privacy Policy in Mini-AppIEEE Transactions on Software Engineering10.1109/TSE.2024.347928850:12(3225-3248)Online publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3479288
Li SYang ZYang YLiu DYang M(2024)Identifying Cross-User Privacy Leakage in Mobile Mini-Apps at a Large ScaleIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.335619719(3135-3147)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3356197
Zhao YZhang YWang HLin ZLiao X(2023)Potential Risks Arising from the Absence of Signature Verification in Miniapp PluginsProceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps10.1145/3605762.3624433(59-64)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3605762.3624433
Zhang ZZhang ZLian KYang GZhang LZhang YYang MLin ZLiao X(2023)TrustedDomain Compromise Attack in App-in-app EcosystemsProceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps10.1145/3605762.3624430(51-57)Online publication date: 26-Nov-2023
https://doi.org/10.1145/3605762.3624430
Yan ZFan MWang YShi JWang HLiu TLin ZLiao X(2023)MUID: Detecting Sensitive User Inputs in Miniapp EcosystemsProceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps10.1145/3605762.3624429(17-21)Online publication date: 26-Nov-2023
https://doi.org/10.1145/3605762.3624429
Wang YYao YShi SChen WHuang LLin ZLiao X(2023)Towards a Better Super-App Architecture from a Browser Security PerspectiveProceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps10.1145/3605762.3624427(23-28)Online publication date: 26-Nov-2023
https://doi.org/10.1145/3605762.3624427
Hu JWei LLiu YCheung SJust RFraser G(2023)ωTest: WebView-Oriented Testing for Android ApplicationsProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598112(992-1004)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598112
Tang SZhang ZZhang YZhou JGuo YLiu SGuo SLi YMa LXue YLiu Y(2023)A Survey on Automated Driving System Testing: Landscapes and TrendsACM Transactions on Software Engineering and Methodology10.1145/357964232:5(1-62)Online publication date: 24-Jul-2023
https://dl.acm.org/doi/10.1145/3579642
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents