0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Security Analysis of MiniApps: Vulnerabilities, Exploits, and a Tailored Mitigation Framework
Authors :
Keyhan Mohammadi
1
Arman Moradi
2
Reza Ebrahimi Atani
3
1- Dept. of Computer Engineering University of Guilan Rasht, Iran
2- Dept. of Computer Engineering University of Guilan Rasht, Iran
3- Dept. of Computer Engineering University of Guilan Rasht, Iran
Keywords :
Telegram MiniApps،WebView Exploits،Man in the Middle Attacks،Data Leakage،Sandbox Isolation،Web3Auth
Abstract :
Telegram MiniApps and WeChat Mini Programs represent two leading implementations of the superApp sub application paradigm, each combining centralized backend ser- vices with lightweight, embedded client interfaces. While both platforms enable rich user experiences, they also introduce significant security risks through architectural and implemen- tation flaws. In this paper, we present a comparative analysis of vulnerabilities in Telegram MiniApps and WeChat Mini Programs, drawing from documented exploits and empirical testing. For WeChat, prior studies reveal widespread issues including sensitive data leakage, weak permission enforcement, and cross MiniApp request forgery, affecting millions of deployed apps. For Telegram, we identify unproxied frontend–backend communication leaking IPs and server endpoints, insecure HTTP defaults in the Bot API enabling man in the middle attacks, and inadequate auditing of TON blockchain smart contracts. We further analyze adversarial MiniApps exploiting WebView sandbox weaknesses for malware delivery, cryptomining, and cryptocurrency phishing. Building on these findings, we propose a comprehensive mitigation framework tailored to Telegram but informed by lessons from WeChat’s vulnerabilities. Our approach includes mandatory HTTPS, Telegram-hosted proxying, sandbox isolation, automated malicious activity detection, and AI-assisted code auditing. The results highlight the urgent need for platform level reforms across superApp ecosystems to align rapid feature growth with strong user privacy and security guarantees.
Papers List
List of archived papers
YOLOatt-Med: YOLO-Based Attention Mechanism for Medical Image Classification
Fatemeh Naserizadeh - Erfan Akbarnezhad Sany - Parsa Sinichi - Seyyed Abed Hosseini
Community-Based QoE Enhancement for User-Generated Content Live Streaming
Reza Saeedinia - S.Omid Fatemi - Daniele Lorenzi - Farzad Tashtarian - Christian Timmerer
Automating Theory of Mind Assessment with a LLaMA-3-Powered Chatbot: Enhancing Faux Pas Detection in Autism
Avisa Fallah - Ali Keramati - Mohammad Ali Nazari - Fatemeh Sadat Mirfazeli
Classification of benign and malignant tumors in Digital Breast Tomosynthesis images using Radiomic-based methods
Farangis Sajadi moghadam - Saeid Rashidi
Dynamic Hand Gesture Recognition with 2DCNN-LSTM and Improved Keyframe Extraction
Narjes Heidari - Javid Norouzi - Mohammad Sadegh Helfroush - Habibollah Danyal
Averting Mode Collapse for Generative Zero-Shot Learning
Shayan Ramazi - Setare Shabani
Bipartite link prediction improvement using the effective utilization of edge betweenness centrality
Sadegh Sulaimany Sulaimany - Yasin Amini
Explainable Error Detection Method for Structured Data using HoloDetect framework
Abolfazl Mohajeri Khorasani - Sahar Ghassabi - Behshid Behkamal - Mostafa Milani
Improving LoRaWAN Scalability for IoT Applications using Context Information
Hamed Mahmoudi - Behrouz ShahgholiGhahfarokhi
A Novel Approach for Image-Text Matching Cross-Modal Space Learning
Amirreza Ebrahimi - Mohammad Javad Parseh - Pejman Rasti
more
Samin Hamayesh - Version 43.7.0
