0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Security Analysis of MiniApps: Vulnerabilities, Exploits, and a Tailored Mitigation Framework
Authors :
Keyhan Mohammadi
1
Arman Moradi
2
Reza Ebrahimi Atani
3
1- Dept. of Computer Engineering University of Guilan Rasht, Iran
2- Dept. of Computer Engineering University of Guilan Rasht, Iran
3- Dept. of Computer Engineering University of Guilan Rasht, Iran
Keywords :
Telegram MiniApps،WebView Exploits،Man in the Middle Attacks،Data Leakage،Sandbox Isolation،Web3Auth
Abstract :
Telegram MiniApps and WeChat Mini Programs represent two leading implementations of the superApp sub application paradigm, each combining centralized backend ser- vices with lightweight, embedded client interfaces. While both platforms enable rich user experiences, they also introduce significant security risks through architectural and implemen- tation flaws. In this paper, we present a comparative analysis of vulnerabilities in Telegram MiniApps and WeChat Mini Programs, drawing from documented exploits and empirical testing. For WeChat, prior studies reveal widespread issues including sensitive data leakage, weak permission enforcement, and cross MiniApp request forgery, affecting millions of deployed apps. For Telegram, we identify unproxied frontend–backend communication leaking IPs and server endpoints, insecure HTTP defaults in the Bot API enabling man in the middle attacks, and inadequate auditing of TON blockchain smart contracts. We further analyze adversarial MiniApps exploiting WebView sandbox weaknesses for malware delivery, cryptomining, and cryptocurrency phishing. Building on these findings, we propose a comprehensive mitigation framework tailored to Telegram but informed by lessons from WeChat’s vulnerabilities. Our approach includes mandatory HTTPS, Telegram-hosted proxying, sandbox isolation, automated malicious activity detection, and AI-assisted code auditing. The results highlight the urgent need for platform level reforms across superApp ecosystems to align rapid feature growth with strong user privacy and security guarantees.
Papers List
List of archived papers
Intensity-Image Reconstruction Using Event Camera Data by Changing in LSTM Update
Arezoo Rahmati Soltangholi - Ahad Harati - Abedin Vahedian
An Advanced Dual Attention-based U-Net Using Breast Ultrasound Data for Image Segmentation
Erfan Akbarnezhad Sany - Niloufar Asghari - Fatemeh Naserizadeh - Seyyed Abed Hosseini
LPCNet: Lane detection by lane points correction network in challenging environments based on deep learning
Sina BaniasadAzad - Seyed Mohammadreza Mousavi mirkolaei
Fatty Liver Level Recognition Using Particle Swarm Optimization (PSO) Image Segmentation and Analysis
Seyed Muhammad Hossein Mousavi - Vyacheslav Lyashenko - Atiye Ilanloo - S. Younes Mirinezhad
Distinguishing Abstracts of Human-Written and ChatGPT-Generated Papers in the Field of Computer Science
Mohsen Arzani - Hamed Vahdat-Nejad - Matin Hossein-Pour
Effect of Tissue Excitation in Breast Cancer Detection from Ultrasound RF Time Series: Phantom studies
Elaheh Norouzi Ghehi - Ali Fallah - Saeid Rashidi - Maryam Mehdizadeh Dastjerdi
TriMAE: Fashion visual search with Triplet Masked Auto Encoder Vision Transformer
Lachin Zamani - Reza Azmi
Adaptive Prioritization in Experience Replay Using Feedback from Multiple Learning Signals
Seyed Hossein Mostafavi - Mohammad Bagher Naghibi Sistani
Lempel-Ziv-based Hyper-Heuristic Solution for Longest Common Subsequence Problem
Mahdi Nasrollahi - Reza Shami Tanha - Mohsen Hooshmand
Introducing Meta-Contrastive Adaptive Autoencoder to Tackle Cold-Start Challenges in Sparse Domains
Hossein Rashid - Erfan Arzhmand - Fatemeh Hosseini
more
Samin Hamayesh - Version 43.7.0
