Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case

Supraja Baskaran; Lianying Zhao; Mohammad Mannan; Amr Youssef

doi:10.1145/3607199.3607236

What is it about?

Mini-apps are convenient and install-free apps that run on a super-app (e.g., WeChat), which are used for all purposes regular apps can achieve and beyond. The estimated number of WeChat mimi-apps crossed 7 million in 2022. Each mini-app needs a developer server for business logic/storage, which needs to get authenticated with the WeChat server with an app secret. We found a lot of mini-apps hardcode such app secrets in the package and this can lead to bad consequences including impersonating the mini-app business owner.

This page is a summary of: Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case, October 2023, ACM (Association for Computing Machinery),
DOI: 10.1145/3607199.3607236.
You can read the full text:

Read

Contributors

The following have contributed to this page

Lianying Zhao
Carleton University

Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case

What is it about?

Contributors

Discover more

Medical Research

Life Sciences

Physical Sciences

Technology and Engineering

Environmental Research

Arts and Humanities

Social Sciences

Business and Management

Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case

What is it about?

Featured Image

Read the Original

Contributors

Share this page:

Discover more

Medical Research

Life Sciences

Physical Sciences

Technology and Engineering

Environmental Research

Arts and Humanities

Social Sciences

Business and Management