{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T06:31:15Z","timestamp":1763706675129,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-sa\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2154404;CNS-1910133;CNS-2046361"],"award-info":[{"award-number":["CNS-2154404;CNS-1910133;CNS-2046361"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,26]]},"DOI":"10.1145\/3605762.3624434","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T04:01:12Z","timestamp":1700712072000},"page":"41-45","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["MiniTaintDev: Unveiling Mini-App Vulnerabilities through Dynamic Taint Analysis"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-0051-8385","authenticated-orcid":false,"given":"Jianjia","family":"Yu","sequence":"first","affiliation":[{"name":"Johns Hopkins University, Baltimore, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0812-0173","authenticated-orcid":false,"given":"Zifeng","family":"Kang","sequence":"additional","affiliation":[{"name":"Johns Hopkins University, Baltimore, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9618-4830","authenticated-orcid":false,"given":"Yinzhi","family":"Cao","sequence":"additional","affiliation":[{"name":"Johns Hopkins University, Baltimore, MD, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. About Mini Programs. https:\/\/developers.weixin.qq.com\/miniprogram\/en\/ dev\/framework\/quickstart\/.  [n. d.]. About Mini Programs. https:\/\/developers.weixin.qq.com\/miniprogram\/en\/ dev\/framework\/quickstart\/."},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. How Many People Use WeChat? User Statistics Trends (Aug 2023) (Source: https:\/\/www.bankmycell.com\/blog\/number-of-wechat-users\/).  [n. d.]. How Many People Use WeChat? User Statistics Trends (Aug 2023) (Source: https:\/\/www.bankmycell.com\/blog\/number-of-wechat-users\/)."},{"volume-title":"d.]. Number of monthly active users of WeChat Mini Programs in China from","year":"2020","key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. Number of monthly active users of WeChat Mini Programs in China from September 2020 to May 2023. https:\/\/www.statista.com\/statistics\/1228315\/chinanumber-of-wechat-mini-program-monthly-active-users\/. [n. d.]. Number of monthly active users of WeChat Mini Programs in China from September 2020 to May 2023. https:\/\/www.statista.com\/statistics\/1228315\/chinanumber-of-wechat-mini-program-monthly-active-users\/."},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. nw.js. https:\/\/nwjs.io\/.  [n. d.]. nw.js. https:\/\/nwjs.io\/."},{"key":"e_1_3_2_1_5_1","unstructured":"[n. d.]. Overview: Weixin public doc. Overview | Weixin public doc. (n.d.). https: \/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/devtools\/devtools.html.  [n. d.]. Overview: Weixin public doc. Overview | Weixin public doc. (n.d.). https: \/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/devtools\/devtools.html."},{"key":"e_1_3_2_1_6_1","unstructured":"[n. d.]. Scene value list. https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/ reference\/scene-list.html.  [n. d.]. Scene value list. https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/ reference\/scene-list.html."},{"key":"e_1_3_2_1_7_1","unstructured":"[n. d.]. WeChat mini-app API. https:\/\/developers.weixin.qq.com\/miniprogram\/ en\/dev\/api\/.  [n. d.]. WeChat mini-app API. https:\/\/developers.weixin.qq.com\/miniprogram\/ en\/dev\/api\/."},{"key":"e_1_3_2_1_8_1","unstructured":"[n. d.]. WeChat mini-app execution environments. https:\/\/developers.weixin.qq. com\/miniprogram\/dev\/framework\/runtime\/env.html.  [n. d.]. WeChat mini-app execution environments. https:\/\/developers.weixin.qq. com\/miniprogram\/dev\/framework\/runtime\/env.html."},{"key":"e_1_3_2_1_9_1","unstructured":"[n. d.]. WeChat Mini Apps Risk Data Leaks. https:\/\/timebusinessnews.com\/wechatmini-apps-risk-data-leaks\/.  [n. d.]. WeChat Mini Apps Risk Data Leaks. https:\/\/timebusinessnews.com\/wechatmini-apps-risk-data-leaks\/."},{"key":"e_1_3_2_1_10_1","unstructured":"[n. d.]. WeChat mini programs for banking pose ?significant' risks of personal data leakage says report. https:\/\/www.scmp.com\/tech\/tech-trends\/article\/3142239\/ wechat-mini-programs-banking-pose-significant-risks-personal-data.  [n. d.]. WeChat mini programs for banking pose ?significant' risks of personal data leakage says report. https:\/\/www.scmp.com\/tech\/tech-trends\/article\/3142239\/ wechat-mini-programs-banking-pose-significant-risks-personal-data."},{"key":"e_1_3_2_1_11_1","volume-title":"Measuring the Leakage and Exploitability of Authentication Secrets in Superapps: The WeChat Case. arXiv preprint arXiv:2307.09317","author":"Baskaran Supraja","year":"2023","unstructured":"Supraja Baskaran , Lianying Zhao , Mohammad Mannan , and Amr Youssef . 2023. Measuring the Leakage and Exploitability of Authentication Secrets in Superapps: The WeChat Case. arXiv preprint arXiv:2307.09317 ( 2023 ). Supraja Baskaran, Lianying Zhao, Mohammad Mannan, and Amr Youssef. 2023. Measuring the Leakage and Exploitability of Authentication Secrets in Superapps: The WeChat Case. arXiv preprint arXiv:2307.09317 (2023)."},{"key":"e_1_3_2_1_12_1","volume-title":"Probe the Proto: Measuring ClientSide Prototype Pollution Vulnerabilities of One Million Real-world Websites. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022","author":"Kang Zifeng","year":"2022","unstructured":"Zifeng Kang , Song Li , and Yinzhi Cao . 2022 . Probe the Proto: Measuring ClientSide Prototype Pollution Vulnerabilities of One Million Real-world Websites. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022 , San Diego, California, USA, April 24--28 , 2022. The Internet Society. https:\/\/www.ndsssymposium.org\/ndss-paper\/auto-draft-207\/ Zifeng Kang, Song Li, and Yinzhi Cao. 2022. Probe the Proto: Measuring ClientSide Prototype Pollution Vulnerabilities of One Million Real-world Websites. In 29th Annual Network and Distributed System Security Symposium, NDSS 2022, San Diego, California, USA, April 24--28, 2022. The Internet Society. https:\/\/www.ndsssymposium.org\/ndss-paper\/auto-draft-207\/"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_14_1","volume-title":"MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps","author":"Li Wei","year":"2023","unstructured":"Wei Li , Borui Yang , Hangyu Ye , Liyao Xiang , Qingxiao Tao , Xinbing Wang , and Chenghu Zhou . 2023. MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps . IEEE Transactions on Dependable and Secure Computing ( 2023 ). Wei Li, Borui Yang, Hangyu Ye, Liyao Xiang, Qingxiao Tao, Xinbing Wang, and Chenghu Zhou. 2023. MiniTracker: Large-Scale Sensitive Information Tracking in Mini Apps. IEEE Transactions on Dependable and Secure Computing (2023)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3421842"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417255"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23009"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00086"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560597"},{"key":"e_1_3_2_1_21_1","volume-title":"Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Zhang Lei","year":"2022","unstructured":"Lei Zhang , Zhibo Zhang , Ancong Liu , Yinzhi Cao , Xiaohan Zhang , Yanjun Chen , Yuan Zhang , Guangliang Yang , and Min Yang . 2022 . Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium (USENIX Security 22) . USENIX Association, Boston, MA, 1597--1613. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/zhang-lei Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. 2022. Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 1597--1613. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/zhang-lei"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3410220.3460106"},{"key":"e_1_3_2_1_23_1","volume-title":"Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in MiniPrograms. ArXiv abs\/2306.08151","author":"Zhang Yue","year":"2023","unstructured":"Yue Zhang , Yuqing Yang , and Zhiqiang Lin . 2023. Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in MiniPrograms. ArXiv abs\/2306.08151 ( 2023 ). https:\/\/api.semanticscholar.org\/ CorpusID :2591655 Yue Zhang, Yuqing Yang, and Zhiqiang Lin. 2023. Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in MiniPrograms. ArXiv abs\/2306.08151 (2023). https:\/\/api.semanticscholar.org\/ CorpusID:2591655"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Copenhagen Denmark","acronym":"CCS '23"},"container-title":["Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605762.3624434","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605762.3624434","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3605762.3624434","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:11Z","timestamp":1750178771000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3605762.3624434"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":23,"alternative-id":["10.1145\/3605762.3624434","10.1145\/3605762"],"URL":"https:\/\/doi.org\/10.1145\/3605762.3624434","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}