{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T20:24:07Z","timestamp":1773779047752,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["2330264"],"award-info":[{"award-number":["2330264"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3645001","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"830-842","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["RootFree Attacks: Exploiting Mobile Platform's Super Apps From Desktop"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3310-4258","authenticated-orcid":false,"given":"Chao","family":"Wang","sequence":"first","affiliation":[{"name":"The Ohio State University, Columbus, OH, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7786-0231","authenticated-orcid":false,"given":"Yue","family":"Zhang","sequence":"additional","affiliation":[{"name":"Drexel University, Philadelphia, PA, United States of America"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6527-5994","authenticated-orcid":false,"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The Ohio State University, Columbus, OH, United States of America"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"\"How facebook apple google copied china's wechat messaging app \" https:\/\/exbulletin.com\/tech\/274959\/."},{"key":"e_1_3_2_1_2_1","unstructured":"\"Intel's dropping of sgx prevents ultra hd blu-ray playback on pcs - ghacks tech news \" https:\/\/www.ghacks.net\/2022\/01\/14\/intels-dropping-of-sgx-prevents-ultra-hd-blu-ray-playback-on-pcs\/."},{"key":"e_1_3_2_1_3_1","unstructured":"\"The race to create the world's next super-app - bbc news \" https:\/\/www.bbc.com\/news\/business-55929418."},{"key":"e_1_3_2_1_4_1","unstructured":"\"Secure enclave - apple support \" https:\/\/support.apple.com\/guide\/security\/secure-enclave-sec59b0b31ff\/web."},{"key":"e_1_3_2_1_5_1","unstructured":"\"Security-enhanced linux in android \" https:\/\/source.android.com\/security\/selinux."},{"key":"e_1_3_2_1_6_1","unstructured":"\"What is a super app and why haven't they gone global?\" https:\/\/www.cnbc.com\/video\/2021\/07\/16\/what-is-a-super-app-and-why-havent-they-gone-global.html."},{"key":"e_1_3_2_1_7_1","unstructured":"\"Windows sandbox - windows security | microsoft docs \" https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/windows-sandbox\/windows-sandbox-overview."},{"key":"e_1_3_2_1_8_1","volume-title":"Qualcomm-icsi-ogi features for asr.\" in INTERSPEECH","author":"Adami A. G.","year":"2002","unstructured":"A. G. Adami, L. Burget, S. Dupont, H. Garudadri, F. Grezl, H. Hermansky, P. Jain, S. S. Kajarekar, N. Morgan, and S. Sivadas, \"Qualcomm-icsi-ogi features for asr.\" in INTERSPEECH, 2002."},{"key":"e_1_3_2_1_9_1","unstructured":"Alan Bavosa \"No-code Jailbreak & Root Prevention in iOS & Android apps \" 2020 Available athttps:\/\/www.appdome.com\/blog\/jailbreak-detection-root-detection\/."},{"key":"e_1_3_2_1_10_1","first-page":"55","volume-title":"Binary compatible graphics support in android for running ios apps,\" in Proceedings of the 18th ACM\/IFIP\/USENIX Middleware Conference","author":"Andrus J.","year":"2017","unstructured":"J. Andrus, N. AlDuaij, and J. Nieh, \"Binary compatible graphics support in android for running ios apps,\" in Proceedings of the 18th ACM\/IFIP\/USENIX Middleware Conference, 2017, pp. 55--67."},{"key":"e_1_3_2_1_11_1","first-page":"15","volume-title":"IEEE","author":"Ayoade G.","year":"2018","unstructured":"G. Ayoade, V. Karande, L. Khan, and K. Hamlen, \"Decentralized iot data management using blockchain and trusted execution environment,\" in 2018 IEEE International Conference on Information Reuse and Integration (IRI). IEEE, 2018, pp. 15--22."},{"key":"e_1_3_2_1_12_1","first-page":"16","volume-title":"Implementation of the aes-128 on virtex-5 fpgas,\" in International Conference on Cryptology in Africa","author":"Bulens P.","year":"2008","unstructured":"P. Bulens, F.-X. Standaert, J.-J. Quisquater, P. Pellegrin, and G. Rouvroy, \"Implementation of the aes-128 on virtex-5 fpgas,\" in International Conference on Cryptology in Africa. Springer, 2008, pp. 16--26."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3605762.3624426"},{"key":"e_1_3_2_1_14_1","volume-title":"Uncovering and exploiting hidden apis in mobile super apps,\" in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","author":"Chao W.","year":"2023","unstructured":"W. Chao, Y. Zhang, and Z. Lin, \"Uncovering and exploiting hidden apis in mobile super apps,\" in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2490301.2451145"},{"key":"e_1_3_2_1_16_1","volume-title":"especially for iOS and messaging apps","author":"DAN","year":"2019","unstructured":"DAN GOODIN, \"Zeroday exploit prices are higher than ever, especially for iOS and messaging apps,\" 2019, Available athttps:\/\/www.reddit.com\/r\/apple\/comments\/adoka8\/zeroday_exploit_prices_are_higher_than_ever\/."},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/backlinko.com\/tiktok-users","author":"Dean B.","year":"2022","unstructured":"B. Dean, \"Tiktok user statistics (2022),\" https:\/\/backlinko.com\/tiktok-users."},{"key":"e_1_3_2_1_18_1","volume-title":"The IDA pro book. no starch press","author":"Eagle C.","year":"2011","unstructured":"C. Eagle, The IDA pro book. no starch press, 2011."},{"key":"e_1_3_2_1_19_1","volume-title":"reverse-engineers, and security researchers.\" https:\/\/frida.re\/docs\/android\/","year":"2012","unstructured":"Frida, \"Firda-dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.\" https:\/\/frida.re\/docs\/android\/, 2012."},{"key":"e_1_3_2_1_20_1","unstructured":"T. GRAZIANI \"What are wechat mini-programs? a simple introduction - walk-thechat \" https:\/\/walkthechat.com\/wechat-mini-programs-simple-introduction\/."},{"key":"e_1_3_2_1_21_1","unstructured":"M. Inc. \"Mediatek inc.\" https:\/\/www.mediatek.com\/."},{"key":"e_1_3_2_1_22_1","unstructured":"T. Inc \"55+ wechat statistics - 2022 update \" https:\/\/99firms.com\/blog\/wechat-statistics\/#gref."},{"key":"e_1_3_2_1_23_1","volume-title":"RFC","volume":"6070","author":"Josefsson S.","year":"2011","unstructured":"S. Josefsson, \"Pkcs# 5: Password-based key derivation function 2 (pbkdf2) test vectors,\" Internet Engineering Task Force (IETF), RFC Editor, RFC, vol. 6070, 2011."},{"key":"e_1_3_2_1_24_1","volume-title":"L4\/darwin: Evolving unix,\" in Conference for Unix, Linux and Open Source Professionals","author":"Lee G.","year":"2006","unstructured":"G. Lee and C. Gray, \"L4\/darwin: Evolving unix,\" in Conference for Unix, Linux and Open Source Professionals, Melbourne, Vic, Australia, 2006."},{"key":"e_1_3_2_1_25_1","first-page":"569","volume-title":"Demystifying resource management risks in emerging mobile app-in-app ecosystems,\" in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Lu H.","year":"2020","unstructured":"H. Lu, L. Xing, Y. Xiao, Y. Zhang, X. Liao, X. Wang, and X. Wang, \"Demystifying resource management risks in emerging mobile app-in-app ecosystems,\" in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 569--585."},{"key":"e_1_3_2_1_26_1","unstructured":"J. Rutkowska \"Subverting vistatm kernel for fun and profit \" Black Hat Briefings 2006."},{"key":"e_1_3_2_1_27_1","volume-title":"Applied cryptography: protocols, algorithms, and source code in C. john wiley & sons","author":"Schneier B.","year":"2007","unstructured":"B. Schneier, Applied cryptography: protocols, algorithms, and source code in C. john wiley & sons, 2007."},{"key":"e_1_3_2_1_28_1","unstructured":"statista \"Number of mobile monthly active users across alibaba's online shopping properties from 3rd quarter 2017 to 3rd quarter 2020 \" https:\/\/www.statista.com\/statistics\/663464\/alibaba-cumulative-active-mobile-users-taobao-tmall\/ 2020."},{"key":"e_1_3_2_1_29_1","unstructured":"Tencent \"WeChat Chinese Documentation \" https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/api\/ 06 2020."},{"key":"e_1_3_2_1_30_1","unstructured":"Tencent \"WeChat English Documentation \" https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/api\/ 06 2020."},{"key":"e_1_3_2_1_31_1","unstructured":"B. Toulas \"New intel chips won't play blu-ray disks due to sgx deprecation \" https:\/\/www.bleepingcomputer.com\/news\/security\/new-intel-chips-wont-play-blu-ray-disks-due-to-sgx-deprecation\/ 2022."},{"key":"e_1_3_2_1_32_1","first-page":"1224","volume-title":"Communication and Electronic Technology (MIPRO). IEEE","author":"\u00d0uranec A.","year":"2020","unstructured":"A. \u00d0uranec, S. Grui\u010di\u0107, and M. \u017dagar, \"Forensic analysis of windows 10 sandbox,\" in 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO). IEEE, 2020, pp. 1224--1229."},{"key":"e_1_3_2_1_33_1","unstructured":"C. Wang R. Ko Y. Zhang Y. Yang and Z. Lin \"Taintmini: Detecting flow of sensitive data in mini-programs with static taint analysis \" in ICSE."},{"key":"e_1_3_2_1_34_1","volume-title":"One size does not fit all: Uncovering and exploiting cross platform discrepant apis in wechat,\" in 31st USENIX Security Symposium (USENIX Security 23)","author":"Wang C.","year":"2023","unstructured":"C. Wang, Y. Zhang, and Z. Lin, \"One size does not fit all: Uncovering and exploiting cross platform discrepant apis in wechat,\" in 31st USENIX Security Symposium (USENIX Security 23), 2023."},{"key":"e_1_3_2_1_35_1","first-page":"363","volume-title":"Wei et al., \"Characterizing and detecting bugs in wechat mini-programs,\" in Proceedings of the 44th International Conference on Software Engineering","author":"Wang T.","year":"2022","unstructured":"T. Wang, Q. Xu, X. Chang, W. Dou, J. Zhu, J. Xie, Y. Deng, J. Yang, J. Yang, J. Wei et al., \"Characterizing and detecting bugs in wechat mini-programs,\" in Proceedings of the 44th International Conference on Software Engineering, 2022, pp. 363--375."},{"key":"e_1_3_2_1_36_1","first-page":"23","volume-title":"Towards a better super-app architecture from a browser security perspective,\" in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps","author":"Wang Y.","year":"2023","unstructured":"Y. Wang, Y. Yao, S. Shi, W. Chen, and L. Huang, \"Towards a better super-app architecture from a browser security perspective,\" in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 23--28."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1984.5010248"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560597"},{"key":"e_1_3_2_1_39_1","first-page":"1597","volume-title":"Identity confusion in {WebView-based} mobile app-in-app ecosystems,\" in 31st USENIX Security Symposium (USENIX Security 22)","author":"Zhang L.","year":"2022","unstructured":"L. Zhang, Z. Zhang, A. Liu, Y. Cao, X. Zhang, Y. Chen, Y. Zhang, G. Yang, and M. Yang, \"Identity confusion in {WebView-based} mobile app-in-app ecosystems,\" in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 1597--1613."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3410220.3460106"},{"key":"e_1_3_2_1_41_1","volume-title":"Don't leak your keys: Understanding, measuring, and exploiting the appsecret leaks in mini-programs.\" in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","author":"Zhang Y.","year":"2023","unstructured":"Y. Zhang, Y. Yang, and Z. Lin, \"Don't leak your keys: Understanding, measuring, and exploiting the appsecret leaks in mini-programs.\" in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023."},{"key":"e_1_3_2_1_42_1","first-page":"51","volume-title":"Trusted-domain compromise attack in app-in-app ecosystems,\" in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps","author":"Zhang Z.","year":"2023","unstructured":"Z. Zhang, Z. Zhang, K. Lian, G. Yang, L. Zhang, Y. Zhang, and M. Yang, \"Trusted-domain compromise attack in app-in-app ecosystems,\" in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 51--57."},{"key":"e_1_3_2_1_43_1","first-page":"59","volume-title":"Potential risks arising from the absence of signature verification in miniapp plugins,\" in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps","author":"Zhao Y.","year":"2023","unstructured":"Y. Zhao, Y. Zhang, and H. Wang, \"Potential risks arising from the absence of signature verification in miniapp plugins,\" in Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 59--64."}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","location":"Singapore Singapore","acronym":"ASIA CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3645001","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:06Z","timestamp":1750290246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3645001"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":43,"alternative-id":["10.1145\/3634737.3645001","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3645001","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}