Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis

Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang

TL;DR

MiniScope tackles the privacy-inconsistency problem in WeChat MiniApps by introducing a two-phase hybrid analysis that jointly handles sub-package loading, UI state transitions, and event-driven callback control flow. Central to the approach are three interconnected graphs—UTG (UI State Transition Graph), CCFG (Callback Control Flow Graph), and UDFG (Universal Data Flow Graph)—merged into a unified MDG (MiniApp Dependency Graph) to guide both static and dynamic analysis. The framework combines a directed UI explorer with a privacy detector that includes Frida-based runtime monitoring and an LLM-driven privacy policy analysis to cross-validate actual data practices against declared policies, achieving near-perfect detection in experiments (Precision 99.2%, Recall 95.6%, F1 97.4%). Large-scale evaluation on 127,460 MiniApps reveals substantial privacy risks, with 5.7% over-collection and 33.4% over-claim among those with policies, underscoring urgent needs for tighter privacy monitoring by SuperApp operators. The work demonstrates practical impact through responsible disclosure to thousands of developers, provides open-source tooling, and suggests broad applicability of the approach to other MiniApp ecosystems beyond WeChat.”

Abstract

The advent of MiniApps, operating within larger SuperApps, has revolutionized user experiences by offering a wide range of services without the need for individual app downloads. However, this convenience has raised significant privacy concerns, as these MiniApps often require access to sensitive data, potentially leading to privacy violations. Despite existing privacy regulations and platform guidelines, there is a lack of effective mechanisms to safeguard user privacy fully. To address this critical gap, we introduce MiniScope, a novel two-phase hybrid analysis approach, specifically designed for the MiniApp environment. This approach overcomes the limitations of existing static analysis techniques by incorporating UI transition states analysis, cross-package callback control flow resolution, and automated iterative UI exploration. This allows for a comprehensive understanding of MiniApps' privacy practices, addressing the unique challenges of sub-package loading and event-driven callbacks. Our empirical evaluation of over 120K MiniApps using MiniScope demonstrates its effectiveness in identifying privacy inconsistencies. The results reveal significant issues, with 5.7% of MiniApps over-collecting private data and 33.4% overclaiming data collection. We have responsibly disclosed our findings to 2,282 developers, receiving 44 acknowledgments. These findings emphasize the urgent need for more precise privacy monitoring systems and highlight the responsibility of SuperApp operators to enforce stricter privacy measures.

MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis

TL;DR

MiniScope tackles the privacy-inconsistency problem in WeChat MiniApps by introducing a two-phase hybrid analysis that jointly handles sub-package loading, UI state transitions, and event-driven callback control flow. Central to the approach are three interconnected graphs—UTG (UI State Transition Graph), CCFG (Callback Control Flow Graph), and UDFG (Universal Data Flow Graph)—merged into a unified MDG (MiniApp Dependency Graph) to guide both static and dynamic analysis. The framework combines a directed UI explorer with a privacy detector that includes Frida-based runtime monitoring and an LLM-driven privacy policy analysis to cross-validate actual data practices against declared policies, achieving near-perfect detection in experiments (Precision 99.2%, Recall 95.6%, F1 97.4%). Large-scale evaluation on 127,460 MiniApps reveals substantial privacy risks, with 5.7% over-collection and 33.4% over-claim among those with policies, underscoring urgent needs for tighter privacy monitoring by SuperApp operators. The work demonstrates practical impact through responsible disclosure to thousands of developers, provides open-source tooling, and suggests broad applicability of the approach to other MiniApp ecosystems beyond WeChat.”

Abstract

The advent of MiniApps, operating within larger SuperApps, has revolutionized user experiences by offering a wide range of services without the need for individual app downloads. However, this convenience has raised significant privacy concerns, as these MiniApps often require access to sensitive data, potentially leading to privacy violations. Despite existing privacy regulations and platform guidelines, there is a lack of effective mechanisms to safeguard user privacy fully. To address this critical gap, we introduce MiniScope, a novel two-phase hybrid analysis approach, specifically designed for the MiniApp environment. This approach overcomes the limitations of existing static analysis techniques by incorporating UI transition states analysis, cross-package callback control flow resolution, and automated iterative UI exploration. This allows for a comprehensive understanding of MiniApps' privacy practices, addressing the unique challenges of sub-package loading and event-driven callbacks. Our empirical evaluation of over 120K MiniApps using MiniScope demonstrates its effectiveness in identifying privacy inconsistencies. The results reveal significant issues, with 5.7% of MiniApps over-collecting private data and 33.4% overclaiming data collection. We have responsibly disclosed our findings to 2,282 developers, receiving 44 acknowledgments. These findings emphasize the urgent need for more precise privacy monitoring systems and highlight the responsibility of SuperApp operators to enforce stricter privacy measures.
Paper Structure (29 sections, 7 figures, 8 tables, 1 algorithm)

This paper contains 29 sections, 7 figures, 8 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Features of MiniApps
  4. Comparison with Native/Web Apps
  5. Motivating Example
  6. Challenges for Hybrid Analysis of MiniApps
  7. Insights for Potential Solutions
  8. Methodology
  9. MiniApp Dependency Graph Generator
  10. Analyzing UI State Transitions
  11. Analyzing Callback Control Flows
  12. Merging into MinApp Dependency Graph
  13. Directed UI Explorer
  14. Fuzzing Matching between WXML Component and UI Widget Tree
  15. Task-directed UI Exploration Strategy
  16. ...and 14 more sections

Figures (7)

  • Figure 1: Architecture of MiniApps.
  • Figure 2: Code snippet of cross-file/cross-package privacy practices. Subfigure (a), (b), and (c) illustrate cross-file privacy practices in the initially loaded main package, subfigure (a) and (d) represent cross-subpackage privacy practices (i.e., FNs in previous static-only approaches, but identified by MiniScope), and subfigure (e) and (f) demonstrates dead code (unused function and orphaned page, respectively) without entry points (i.e., FPs generated in previous DFA-only approaches, but excluded by MiniScope).
  • Figure 3: The architecture and workflow of MiniScope.
  • Figure 4: A simplified UTG example of Express MiniApp. Corresponding to \ref{['fig:Code Snippet']}, in Event 1, the user triggers ontap event of <navigator>, leading to a transition from pages/myInfo to pages/takePhoto; in Event 2, the user triggers ontap event of <button text="manual input">, and the corresponding event handler callback function naveToCheckID is executed, naveToCheckID callback function, resulting in a transition from pages/myInfo to pages/checkID.
  • Figure 5: MDG representation of the code snippet presented in \ref{['fig:Code Snippet']}. The Black lines represent AST edges; the Green Lines represent UTG edges; the Purple Lines represent CCFG edges; and the Pink Lines represent UDFG edges. For simplicity, some AST nodes and edges have been omitted.
  • ...and 2 more figures