乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T22:22:31Z","timestamp":1730326951278,"version":"3.28.0"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","funder":[{"name":"Natural Sciences and Engineering Research Council of Canada (NSERC)"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,16]]},"DOI":"10.1145\/3607199.3607236","type":"proceedings-article","created":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T22:30:51Z","timestamp":1696372251000},"page":"727-743","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case"],"prefix":"10.1145","author":[{"ORCID":"http:\/\/orcid.org\/0009-0003-2092-5457","authenticated-orcid":false,"given":"Supraja","family":"Baskaran","sequence":"first","affiliation":[{"name":"Concordia University, Canada"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-6376-4062","authenticated-orcid":false,"given":"Lianying","family":"Zhao","sequence":"additional","affiliation":[{"name":"Carleton University, Canada"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-9630-5858","authenticated-orcid":false,"given":"Mohammad","family":"Mannan","sequence":"additional","affiliation":[{"name":"Concordia University, Canada"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-4284-8646","authenticated-orcid":false,"given":"Amr","family":"Youssef","sequence":"additional","affiliation":[{"name":"Concordia University, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Adchina. 2022. The power of the Baidu super-app. Available at: https:\/\/www.adchina.io\/what-is-baidu\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Alipay. 2022. Mini-app framework demystified. Available at: https:\/\/juejin.cn\/post\/7137478354042617869."},{"key":"e_1_3_2_1_3_1","unstructured":"Alipay. 2023. Get access token API. Available at: https:\/\/miniprogram.alipay.com\/docs\/miniprogram\/mpdev\/v2_applytoken."},{"key":"e_1_3_2_1_4_1","unstructured":"Baidu. 2023. Get access Token API. Available at: https:\/\/smartprogram.baidu.com\/docs\/develop\/serverapi\/serverapilist\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Baidu. 2023. Get session key API. Available at: https:\/\/smartprogram.baidu.com\/docs\/develop\/api\/open\/getSessionKey\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Baidu. 2023. Mini-app directory structure. Available at: https:\/\/smartprogram.baidu.com\/docs\/develop\/framework\/app_service\/."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3417113.3422154"},{"key":"e_1_3_2_1_8_1","unstructured":"ByteDance. 2023. Duoyin. https:\/\/developer.open-douyin.com\/docs\/resource\/zh-CN\/mini-app\/introduction\/overview\/."},{"key":"e_1_3_2_1_9_1","unstructured":"ByteDance. 2023. Tiktok - Overseas version of Duoyin. https:\/\/www.tiktok.com\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Ao Cheng Gang Ren Taeho Hong Kichan Nam and Chulmo Koo. 2019. An exploratory analysis of travel-related WeChat mini program usage: affordance theory perspective. In Information and Communication Technologies in Tourism(ENTER\u201921). Cham."},{"key":"e_1_3_2_1_11_1","unstructured":"Chinese article. 2022. Extracting WeChat mini-apps under Windows. Online blog article (in Chinese). Available at: https:\/\/zone.huoxian.cn\/d\/883-pcfirda."},{"key":"e_1_3_2_1_12_1","unstructured":"DingTalk. 2023. Mini-app API documentation. Available at: https:\/\/open.dingtalk.com\/document\/orgapp\/how-to-call-apis."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Shuaike Dong Menghao Li Wenrui Diao Xiangyu Liu Jian Liu Zhou Li Fenghao Xu Kai Chen Xiaofeng Wang and Kehuan Zhang. 2018. Understanding Android obfuscation techniques: A large-scale investigation in the wild. In Security and Privacy in Communication Networks(SecureComm\u201918). Cham.","DOI":"10.1007\/978-3-030-01701-9_10"},{"key":"e_1_3_2_1_14_1","unstructured":"Duoyin. 2023. Get access Token API. Available at: https:\/\/microapp.bytedance.com\/docs\/zh-CN\/mini-app\/develop\/server\/interface-request-credential\/get-access-token\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Duoyin. 2023. Safety guidelines. Available at: https:\/\/developer.open-douyin.com\/docs\/resource\/zh-CN\/mini-app\/develop\/guide\/anquankaifa\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE5003.2020.00032"},{"key":"e_1_3_2_1_17_1","unstructured":"GitHub. 2023. WeChat mini-apps unpacker. Available at: https:\/\/github.com\/Ryan-Miao\/wxappUnpacker."},{"key":"e_1_3_2_1_18_1","unstructured":"GitHub. 2023. Wxapkg decryptor. Available at: https:\/\/github.com\/BlackTrace\/pc_wxapkg_decrypt."},{"volume-title":"How are extraversion, exhibitionism, and gender associated with posting selfies on WeChat friends","year":"2018","author":"Guo Mingjia","key":"e_1_3_2_1_19_1","unstructured":"Mingjia Guo, Ru-De Liu, Yi Ding, Biying Hu, Rui Zhen, Ying Liu, and Ronghuan Jiang. 2018. How are extraversion, exhibitionism, and gender associated with posting selfies on WeChat friends\u2019 circle in Chinese teenagers?Personality and Individual Differences 127 (June 2018), 114\u2013116."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1088\/1742-6596\/1087\/6\/062040"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660460.2660463"},{"volume-title":"Examining WeChat users","year":"2014","author":"Lien Che\u00a0Hui","key":"e_1_3_2_1_22_1","unstructured":"Che\u00a0Hui Lien and Yang Cao. 2014. Examining WeChat users\u2019 motivations, trust, attitudes, and positive word-of-mouth: Evidence from China. Computers in human behavior 41 (December 2014), 104\u2013111."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3383923.3383938"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.apjon.2022.100166"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417255"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23418"},{"key":"e_1_3_2_1_27_1","unstructured":"Microsoft. 2023. Detect secrets - credentials scanning tool. Available at: https:\/\/microsoft.github.io\/code-with-engineering-playbook\/continuous-integration\/dev-sec-ops\/secret-management\/recipes\/detect-secrets\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Mitre. 2023. CWE top 25. Available at: https:\/\/cwe.mitre.org\/top25\/archive\/2022\/2022_cwe_top25.html."},{"key":"e_1_3_2_1_29_1","unstructured":"NPM. 2023. wx-server-sdk - Cloud call npm Package. Available at: https:\/\/www.npmjs.com\/package\/wx-server-sdk."},{"key":"e_1_3_2_1_30_1","unstructured":"NVD. 2023. CVSS calculator. Available at: https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator."},{"key":"e_1_3_2_1_31_1","unstructured":"OWASP. 2023. OWASP top 10 API. Available at: https:\/\/owasp.org\/www-project-api-security\/."},{"key":"e_1_3_2_1_32_1","unstructured":"Paytm. 2023. Mini-app API documentation. Available at: https:\/\/business.paytm.com\/docs\/api\/miniapps\/login-flow\/getaccesstoken."},{"volume-title":"29th USENIX Security Symposium (USENIX Security 20)","year":"2020","author":"Possemato Andrea","key":"e_1_3_2_1_33_1","unstructured":"Andrea Possemato and Yanick Fratantonio. 2020. Towards HTTPS everywhere on Android: We are not there yet. In 29th USENIX Security Symposium (USENIX Security 20)(USENIX\u201920). Boston, MA, USA."},{"key":"e_1_3_2_1_34_1","unstructured":"Postman. 2023. Postman API platform. Available at: https:\/\/www.postman.com\/."},{"key":"e_1_3_2_1_35_1","unstructured":"Property Guru for Business. 2023. The power of the WeChat super-app. Available at: https:\/\/www.propertyguruforbusiness.com\/publications\/the-power-of-the-wechat-super-app."},{"key":"e_1_3_2_1_36_1","unstructured":"QQ. 2023. Mini-app API Documentation. Available at: https:\/\/q.qq.com\/wiki\/develop\/miniprogram\/server\/open_port\/port_use.html."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMSNETS48256.2020.9027350"},{"key":"e_1_3_2_1_38_1","unstructured":"Scmp.com. 2021. WeChat mini programs for banking pose \u2018significant\u2019 risks of personal data leakage. Available at: https:\/\/www.scmp.com\/tech\/tech-trends\/article\/3142239\/wechat-mini-programs-banking-pose-significant-risks-personal-data."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329801"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.5555\/2820518.2820570"},{"key":"e_1_3_2_1_41_1","unstructured":"Sixthtone. 2020. China\u2019s \u2018mini-apps\u2019 have big privacy issues report says. Available at: https:\/\/www.sixthtone.com\/news\/1006196."},{"key":"e_1_3_2_1_42_1","unstructured":"Tencent. 2023. Tencent cloud API overview. Available at: https:\/\/cloud.tencent.com\/document\/api\/876\/34809."},{"key":"e_1_3_2_1_43_1","unstructured":"Time Business News. 2021. WeChat mini-apps Risk Data Leaks. Available at: https:\/\/timebusinessnews.com\/wechat-mini-apps-risk-data-leaks\/."},{"volume-title":"department of health and human services","year":"2018","author":"S.","key":"e_1_3_2_1_44_1","unstructured":"U.S. department of health and human services. 2018. The Belmont report - Ethical principles and guidelines for the protection of human subjects of research. Available at: https:\/\/www.hhs.gov\/ohrp\/regulations-and-policy\/belmont-report\/read-the-belmont-report\/index.html."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991105"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818024"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Yin Wang Ming Fan Junfeng Liu Junjie Tao Wuxia Jin Qi Xiong Yuhao Liu Qinghua Zheng and Ting Liu. 2023. Do as you say: Consistency detection of data practice in program code and privacy policy in mini-app. Available at: https:\/\/arxiv.org\/pdf\/2302.13860.pdf.","DOI":"10.1109\/TSE.2024.3479288"},{"key":"e_1_3_2_1_48_1","unstructured":"Web archive. 2022. Extracting WeChat mini-apps using frida. Online blog article (in Chinese). Available at: https:\/\/web.archive.org\/web\/20221215183356\/https:\/\/www.ljczero.top\/article\/2022\/9\/5\/144.html."},{"key":"e_1_3_2_1_49_1","unstructured":"WeChat. 2023. Cloud base. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/dev\/wxcloud\/basis\/capabilities.html."},{"key":"e_1_3_2_1_50_1","unstructured":"WeChat. 2023. Cloud initialization. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/wxcloud\/guide\/init.html."},{"key":"e_1_3_2_1_51_1","unstructured":"WeChat. 2023. code2Session API. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/api-backend\/open-api\/login\/auth.code2Session.html."},{"key":"e_1_3_2_1_52_1","unstructured":"WeChat. 2023. Devtool stable version update log. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/dev\/devtools\/stable.html."},{"key":"e_1_3_2_1_53_1","unstructured":"WeChat. 2023. Error codes developer error codes. Available at: https:\/\/developers.weixin.qq.com\/doc\/oplatform\/en\/Return_codes\/Return_code_descriptions.html."},{"key":"e_1_3_2_1_54_1","unstructured":"WeChat. 2023. get access token API. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/dev\/OpenApiDoc\/mp-access-token\/getAccessToken.html."},{"key":"e_1_3_2_1_55_1","unstructured":"WeChat. 2023. IDE devtool. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/devtools\/download.html."},{"key":"e_1_3_2_1_56_1","unstructured":"WeChat. 2023. Mini-app directory structure. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/framework\/structure.html."},{"key":"e_1_3_2_1_57_1","unstructured":"WeChat. 2023. Mini-app server domain name information. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/framework\/ability\/network.html."},{"key":"e_1_3_2_1_58_1","unstructured":"WeChat. 2023. Safety guidelines by WeChat. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/framework\/security.html#Code-Management-and-Leaks."},{"key":"e_1_3_2_1_59_1","unstructured":"WeChat. 2023. Server-side API classification. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/en\/dev\/api-backend\/."},{"key":"e_1_3_2_1_60_1","unstructured":"WeChat. 2023. Server-side API classification v2. Available at: https:\/\/developers.weixin.qq.com\/miniprogram\/dev\/OpenApiDoc\/."},{"key":"e_1_3_2_1_61_1","unstructured":"WeChat. 2023. Tencent cloud hosting. Available at: https:\/\/developers.weixin.qq.com\/minigame\/dev\/wxcloudrun\/src\/practice\/call.html."},{"key":"e_1_3_2_1_62_1","unstructured":"WeChat. 2023. WeChat. Available at: https:\/\/www.wechat.com\/."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2018.00040"},{"key":"e_1_3_2_1_64_1","unstructured":"Wikipedia. 2023. Baidu. Available at: https:\/\/en.wikipedia.org\/wiki\/Baidu."},{"key":"e_1_3_2_1_65_1","unstructured":"Wikipedia. 2023. ICP license. Available at: https:\/\/en.wikipedia.org\/wiki\/ICP_license."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.102358"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560597"},{"key":"e_1_3_2_1_68_1","unstructured":"Jianyi Zhang Leixin Yang Yuyang Han Zhi Sun and Zixiao Xiang. 2022. A small leak will sink many ships: Vulnerabilities related to mini programs permissions. In Syposium on Security Trust & Privacy in Computing(COMPSAC\u201923). Torino Italy."},{"volume-title":"31st USENIX Security Symposium(USENIX\u201922)","year":"2022","author":"Zhang Lei","key":"e_1_3_2_1_69_1","unstructured":"Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. 2022. Identity confusion in webview-based mobile app-in-app ecosystems. In 31st USENIX Security Symposium(USENIX\u201922). Boston, MA."},{"key":"e_1_3_2_1_70_1","first-page":"2","article-title":"A measurement study of Wechat mini-apps","volume":"5","author":"Zhang Yue","year":"2021","unstructured":"Yue Zhang, Bayan Turkistani, Allen\u00a0Yuqing Yang, Chaoshun Zuo, and Zhiqiang Lin. 2021. A measurement study of Wechat mini-apps. ACM SIGMETRICS Performance Evaluation Review 5, 2 (June 2021), 1\u201325.","journal-title":"ACM SIGMETRICS Performance Evaluation Review"},{"volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security(CCS\u201923)","year":"2023","author":"Zhang Yue","key":"e_1_3_2_1_71_1","unstructured":"Yue Zhang, Yuqing Yang, and Zhiqiang Lin. 2023. Don\u2019t leak your keys: Understanding, measuring, and exploiting the AppSecret leaks in mini-programs. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security(CCS\u201923). Copenhagen, Denmark."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2019.0865"}],"event":{"name":"RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID 2023","location":"Hong Kong China"},"container-title":["Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607236","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,16]],"date-time":"2024-10-16T10:41:13Z","timestamp":1729075273000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607236"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":72,"alternative-id":["10.1145\/3607199.3607236","10.1145\/3607199"],"URL":"https:\/\/doi.org\/10.1145\/3607199.3607236","relation":{},"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}