0% Complete
Home
/
15th International Conference on Computer and Knowledge Engineering
Security Analysis of MiniApps: Vulnerabilities, Exploits, and a Tailored Mitigation Framework
Authors :
Keyhan Mohammadi
1
Arman Moradi
2
Reza Ebrahimi Atani
3
1- Dept. of Computer Engineering University of Guilan Rasht, Iran
2- Dept. of Computer Engineering University of Guilan Rasht, Iran
3- Dept. of Computer Engineering University of Guilan Rasht, Iran
Keywords :
Telegram MiniApps،WebView Exploits،Man in the Middle Attacks،Data Leakage،Sandbox Isolation،Web3Auth
Abstract :
Telegram MiniApps and WeChat Mini Programs represent two leading implementations of the superApp sub application paradigm, each combining centralized backend ser- vices with lightweight, embedded client interfaces. While both platforms enable rich user experiences, they also introduce significant security risks through architectural and implemen- tation flaws. In this paper, we present a comparative analysis of vulnerabilities in Telegram MiniApps and WeChat Mini Programs, drawing from documented exploits and empirical testing. For WeChat, prior studies reveal widespread issues including sensitive data leakage, weak permission enforcement, and cross MiniApp request forgery, affecting millions of deployed apps. For Telegram, we identify unproxied frontend–backend communication leaking IPs and server endpoints, insecure HTTP defaults in the Bot API enabling man in the middle attacks, and inadequate auditing of TON blockchain smart contracts. We further analyze adversarial MiniApps exploiting WebView sandbox weaknesses for malware delivery, cryptomining, and cryptocurrency phishing. Building on these findings, we propose a comprehensive mitigation framework tailored to Telegram but informed by lessons from WeChat’s vulnerabilities. Our approach includes mandatory HTTPS, Telegram-hosted proxying, sandbox isolation, automated malicious activity detection, and AI-assisted code auditing. The results highlight the urgent need for platform level reforms across superApp ecosystems to align rapid feature growth with strong user privacy and security guarantees.
Papers List
List of archived papers
Attention Transfer in Self-Regulated Networks for Recognizing Human Actions from Still Images
Masoumeh Chapariniya - Sara Vesali Barazande - Seyed Sajad Ashrafi - Shahriar B.Shokouhi
FaaScaler: An Automatic Vertical and Horizontal Scaler for Serverless Computing Environments
Zahra Rezaei - Saeid Abrishami - Seid Nima Moeintaghavi
Transformer-Gather, Fuzzy-Reconsider: A Scalable Hybrid Framework for Entity Resolution
Mohammadreza Sharifi - Danial Ahmadzadeh
Classification of Audio Streaming in Network Traffic Based on Machine Learning Methods
Mohammad Nikbakht - Mehdi Teimouri
A Comprehensive Dataset of Real-scene Images for Text Detection and Recognition in Persian
Iman Souzanchi - Ramin Rahimi - Mohammad Ali Majidi Anvari - Atefeh Baniasadi - Ashkan Sadeghi - Mohammad Reza Mohammadi
Load Frequency Control of Geothermal Power Plant Incorporated Two-Area Hydro-Thermal System with AC-DC Lines
Shanker J Gambhire - Malligunta Kiran Kumar - Hossein Shahinzadeh - Mohammad-hossein Fayaz-dastgerdi - B. Srikanth Goud - Ch.Naga sai Kalyan
Virtual Network Embedding based on Univariate Distribution Estimation
Arezoo Jahani
Blind Load-Balancing Algorithm using Double-Q-learning in the Fog Environment
Niloofar Tahmasebi pouya - Mehdi Agha Sarram
Efficient Vision Transformer for Accurate Traffic Sign Detection
Javad Mirzapour Kaleybar - Hooman Khaloo - Avaz Naghipour
Deep Learning-Driven Beamforming Optimization for High-Performance 5G Planar Antenna Arrays
Rahman Mohammadi - Seyed Reza Razavi Pour
more
Samin Hamayesh - Version 43.7.0
