MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
CoRR(2024)
摘要
The advent of MiniApps, operating within larger SuperApps, has revolutionized
user experiences by offering a wide range of services without the need for
individual app downloads. However, this convenience has raised significant
privacy concerns, as these MiniApps often require access to sensitive data,
potentially leading to privacy violations. Our research addresses the critical
gaps in the analysis of MiniApps' privacy practices, especially focusing on
WeChat MiniApps in the Android ecosystem. Despite existing privacy regulations
and platform guidelines, there is a lack of effective mechanisms to safeguard
user privacy fully. We introduce MiniScope, a novel two-phase hybrid analysis
approach, specifically designed for the MiniApp environment. This approach
overcomes the limitations of existing static analysis techniques by
incorporating dynamic UI exploration for complete code coverage and accurate
privacy practice identification. Our methodology includes modeling UI
transition states, resolving cross-package callback control flows, and
automated iterative UI exploration. This allows for a comprehensive
understanding of MiniApps' privacy practices, addressing the unique challenges
of sub-package loading and event-driven callbacks. Our empirical evaluation of
over 120K MiniApps using MiniScope demonstrates its effectiveness in
identifying privacy inconsistencies. The results reveal significant issues,
with 5.7
collection. These findings emphasize the urgent need for more precise privacy
monitoring systems and highlight the responsibility of SuperApp operators to
enforce stricter privacy measures.
更多查看译文
AI 理解论文
溯源树
样例
![](https://originalfileserver.aminer.cn/sys/aminer/pubs/mrt_preview.jpeg)
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要