Abstract:The advent of MiniApps, operating within larger SuperApps, has revolutionized user experiences by offering a wide range of services without the need for individual app downloads. However, this convenience has raised significant privacy concerns, as these MiniApps often require access to sensitive data, potentially leading to privacy violations. Our research addresses the critical gaps in the analysis of MiniApps' privacy practices, especially focusing on WeChat MiniApps in the Android ecosystem. Despite existing privacy regulations and platform guidelines, there is a lack of effective mechanisms to safeguard user privacy fully. We introduce MiniScope, a novel two-phase hybrid analysis approach, specifically designed for the MiniApp environment. This approach overcomes the limitations of existing static analysis techniques by incorporating dynamic UI exploration for complete code coverage and accurate privacy practice identification. Our methodology includes modeling UI transition states, resolving cross-package callback control flows, and automated iterative UI exploration. This allows for a comprehensive understanding of MiniApps' privacy practices, addressing the unique challenges of sub-package loading and event-driven callbacks. Our empirical evaluation of over 120K MiniApps using MiniScope demonstrates its effectiveness in identifying privacy inconsistencies. The results reveal significant issues, with 5.7% of MiniApps over-collecting private data and 33.4% overclaiming data collection. These findings emphasize the urgent need for more precise privacy monitoring systems and highlight the responsibility of SuperApp operators to enforce stricter privacy measures.
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: in SuperApps, the privacy issues brought by MiniApps. Although existing privacy regulations and platform guidelines already exist, there is still a lack of effective mechanisms to comprehensively protect user privacy, especially in the unique application environment of MiniApps.
### Problem Background
As a lightweight mobile application, MiniApps can provide a variety of services without downloading an independent application, which greatly enhances the user experience. However, these MiniApps usually need to access sensitive system resources (such as cameras, Bluetooth) and user data (such as location information, phone numbers, email accounts), which raises potential privacy leakage risks. Especially in the SuperApps ecosystem, third - party developers may access and use this information without the explicit consent of users.
### Limitations of Existing Methods
Existing privacy analysis techniques mainly rely on taint analysis, but when applied to MiniApps, they encounter two main challenges:
1. **Sub - package Loading Mechanism**: Different from traditional applications, MiniApps adopt a sub - package dynamic loading mechanism. Only the main package is loaded during cold start, and other sub - packages are dynamically loaded as needed. Therefore, relying solely on static analysis cannot trigger sub - package loading, resulting in insufficient code coverage and a relatively high false - negative rate.
2. **Event - Driven Callbacks**: MiniApps are based on frameworks and event - driven. Existing methods mainly focus on sensitive data flows while ignoring event - driven callbacks, which may lead to a large number of false - positive results because some taint paths may be unreachable.
### The Method Proposed in the Paper
To solve the above problems, the paper proposes **MiniScope**, a two - stage iterative hybrid analysis method specifically designed for the MiniApps environment. Specifically, the innovations of MiniScope include:
- **UI Transition State Modeling**: By analyzing UI state transitions, cross - package callback control flows, and automated iterative UI exploration, it fills the research gaps in sub - package loading and callback analysis.
- **Two - Stage Iterative Hybrid Analysis**: In the first stage, the complete package is obtained by dynamically loading sub - packages; in the second stage, accurate privacy practice identification is carried out, combining the results of static and dynamic analysis, cross - validating the declared privacy policies, and detecting privacy inconsistencies.
### Experimental Verification
The paper conducted an empirical evaluation on more than 120,000 MiniApps. The results show that MiniScope improves the precision by 7.9% and the recall rate by 23.5% compared with the existing state - of - the - art technology TaintMini in identifying privacy - related practices. In addition, the experiment found that 5.7% of MiniApps secretly over - collect private data, and 33.4% of MiniApps over - declare the data they actually collect. These findings emphasize the urgency of implementing a more accurate privacy monitoring system and highlight the responsibility of SuperApps operators to strengthen privacy measures.
### Main Contributions
1. **Novel Technology**: A new two - stage hybrid analysis method is introduced, covering UI transition state modeling, detailed cross - package callback control flow parsing, and automated iterative UI exploration.
2. **Practical Implementation and Application**: A fully - automatic tool named MiniScope is implemented, and its performance and effectiveness in comprehensively detecting MiniApps privacy inconsistencies are demonstrated.
3. **Empirical Evaluation and Real - World Impact**: Through a comprehensive evaluation of 120,000 MiniApps, the widespread problems of over - collecting and over - declaring privacy information are revealed, and these findings are reported to 2,282 developers, receiving 44 confirmations and recognitions.
In conclusion, this paper aims to solve the privacy problems in the MiniApps environment through MiniScope, fill the gaps in existing technologies, and provide a valuable reference for future research and practice.