0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Security Analysis of MiniApps: Vulnerabilities, Exploits, and a Tailored Mitigation Framework
Authors :
Keyhan Mohammadi
1
Arman Moradi
2
Reza Ebrahimi Atani
3
1- Dept. of Computer Engineering University of Guilan Rasht, Iran
2- Dept. of Computer Engineering University of Guilan Rasht, Iran
3- Dept. of Computer Engineering University of Guilan Rasht, Iran
Keywords :
Telegram MiniApps،WebView Exploits،Man in the Middle Attacks،Data Leakage،Sandbox Isolation،Web3Auth
Abstract :
Telegram MiniApps and WeChat Mini Programs represent two leading implementations of the superApp sub application paradigm, each combining centralized backend ser- vices with lightweight, embedded client interfaces. While both platforms enable rich user experiences, they also introduce significant security risks through architectural and implemen- tation flaws. In this paper, we present a comparative analysis of vulnerabilities in Telegram MiniApps and WeChat Mini Programs, drawing from documented exploits and empirical testing. For WeChat, prior studies reveal widespread issues including sensitive data leakage, weak permission enforcement, and cross MiniApp request forgery, affecting millions of deployed apps. For Telegram, we identify unproxied frontend–backend communication leaking IPs and server endpoints, insecure HTTP defaults in the Bot API enabling man in the middle attacks, and inadequate auditing of TON blockchain smart contracts. We further analyze adversarial MiniApps exploiting WebView sandbox weaknesses for malware delivery, cryptomining, and cryptocurrency phishing. Building on these findings, we propose a comprehensive mitigation framework tailored to Telegram but informed by lessons from WeChat’s vulnerabilities. Our approach includes mandatory HTTPS, Telegram-hosted proxying, sandbox isolation, automated malicious activity detection, and AI-assisted code auditing. The results highlight the urgent need for platform level reforms across superApp ecosystems to align rapid feature growth with strong user privacy and security guarantees.
Papers List
List of archived papers
PowerLinear Activation Functions with application to the first layer of CNNs
Kamyar Nasiri - Kamaledin Ghiasi-Shirazi
An Exploratory Study of the Relationship between SATD and Other Software Development Activities
Shima Esfandiari - Ashkan Sami
Enhanced Duplicate Bug Report Detection in Anonymized Environments: A Parallelized Multi-Task Learning Framework
Alireza Shorafa - Abolfazl Zarghani
Synthetic Trajectory Sharing Indoors under Privacy Constraints
Mahdi Soltanpour - Vahideh Moghtadaiee - Mina Alishahi
A Novel Method For Fake News Detection Based on Propagation Tree
Mansour Davoudi - Mohammad Reza Moosavi - Mohammad Hadi Sadreddini
Intelligent Adaptive Control of Wheeled Mobile Robots with MLP Neural Networks under Input Constraints
Soheil Sheikh ahmadi - Arash Rahmani
Improvement of Credit Scoring by LSTM Autoencoder Model
Milad Sattari Maleki - Seyedeh Niusha Motevallian - Faezehsadat Hosseini - Mohammad Sabokrou - Hamidreza Soltanalizadeh Maleki
Investigating the Behavior of Generation Z Customers in Online Banking Services (Case Study of a Bank of Iran)
Elham Mahmoudabadi - Esmaeil Mollaahmadi
Time Series Analysis by Bi-GRU for Forecasting Bitcoin Trends based on Sentiment Analysis
Fatemeh Saadatmand - Mohammad Ali Zare Chahoki
A Review on Secure Data Storage and Data Sharing Technics in Blockchain-based IoT Healthcare Systems
Seyedeh Somayeh Fatemi Nasab - Davoud Bahrepour - Seyed Reza Kamel Tabbakh
more
Samin Hamayesh - Version 43.7.0
