{"id":"https://openalex.org/W4387298286","doi":"https://doi.org/10.1145/3607199.3607236","title":"Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case","display_name":"Measuring the Leakage and Exploitability of Authentication Secrets in Super-apps: The WeChat Case","publication_year":2023,"publication_date":"2023-10-03","ids":{"openalex":"https://openalex.org/W4387298286","doi":"https://doi.org/10.1145/3607199.3607236"},"language":"en","primary_location":{"id":"doi:10.1145/3607199.3607236","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607236","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102869701","display_name":"Supraja Baskaran","orcid":"https://orcid.org/0009-0003-2092-5457"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Supraja Baskaran","raw_affiliation_strings":["Concordia University, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075517496","display_name":"Lianying Zhao","orcid":"https://orcid.org/0000-0002-6376-4062"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Lianying Zhao","raw_affiliation_strings":["Carleton University, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5055898168","display_name":"Mohammad Mannan","orcid":"https://orcid.org/0000-0002-9630-5858"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Mohammad Mannan","raw_affiliation_strings":["Concordia University, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia University, Canada"],"affiliations":[{"raw_affiliation_string":"Concordia University, Canada","institution_ids":["https://openalex.org/I60158472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102869701"],"corresponding_institution_ids":["https://openalex.org/I60158472"],"apc_list":null,"apc_paid":null,"fwci":1.6302,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.84938967,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"727","last_page":"743"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6949014663696289},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6829702854156494},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.576524019241333},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.5631191730499268},{"id":"https://openalex.org/keywords/app-store","display_name":"App store","score":0.557394802570343},{"id":"https://openalex.org/keywords/smartphone-app","display_name":"Smartphone app","score":0.5527434349060059},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.42172113060951233},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40382835268974304},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.344923198223114}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6949014663696289},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6829702854156494},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.576524019241333},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.5631191730499268},{"id":"https://openalex.org/C2779794324","wikidata":"https://www.wikidata.org/wiki/Q3814081","display_name":"App store","level":2,"score":0.557394802570343},{"id":"https://openalex.org/C3017619522","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Smartphone app","level":2,"score":0.5527434349060059},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.42172113060951233},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40382835268974304},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.344923198223114}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3607199.3607236","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3607199.3607236","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1983898203","https://openalex.org/W2066384704","https://openalex.org/W2087226776","https://openalex.org/W2218971720","https://openalex.org/W2559870021","https://openalex.org/W2895489719","https://openalex.org/W2904279077","https://openalex.org/W2945355808","https://openalex.org/W2947593054","https://openalex.org/W2956553712","https://openalex.org/W2962909855","https://openalex.org/W2963159097","https://openalex.org/W2994341512","https://openalex.org/W3010949534","https://openalex.org/W3021036449","https://openalex.org/W3097802856","https://openalex.org/W3103666600","https://openalex.org/W3123154329","https://openalex.org/W4281754643","https://openalex.org/W4308391531","https://openalex.org/W4308986918","https://openalex.org/W4385489203","https://openalex.org/W4403391441","https://openalex.org/W6797170146"],"related_works":["https://openalex.org/W2890710341","https://openalex.org/W785354139","https://openalex.org/W2938393566","https://openalex.org/W2741784227","https://openalex.org/W2022990508","https://openalex.org/W2646326259","https://openalex.org/W2266456067","https://openalex.org/W1570613514","https://openalex.org/W2395151315","https://openalex.org/W4382704556"],"abstract_inverted_index":{"Super-apps":[0],"such":[1,37],"as":[2,38],"WeChat":[3],"and":[4,16,27,41,52,56],"Baidu":[5],"host":[6],"millions":[7],"of":[8,19,25,102],"mini-apps,":[9],"which":[10,74],"are":[11],"very":[12],"popular":[13],"among":[14],"users":[15],"developers":[17],"because":[18],"the":[20,39,44,48,60,81,89,105,113],"mini-apps\u2019":[21],"convenience,":[22],"lightweight,":[23],"ease":[24],"sharing,":[26],"not":[28],"requiring":[29],"explicit":[30],"installation.":[31],"Such":[32],"ecosystems":[33],"involve":[34],"several":[35],"entities,":[36],"super-app":[40,45,82,92,110],"mini-app":[42,49,61,90,106],"clients,":[43],"backend":[46],"server,":[47,51],"developer":[50],"other":[53],"hosting":[54],"platforms":[55],"services":[57,111],"used":[58],"by":[59,96],"developer.":[62],"To":[63],"support":[64],"various":[65],"user-level":[66],"functionalities,":[67],"these":[68],"components":[69],"must":[70],"authenticate":[71],"each":[72],"other,":[73],"differs":[75],"from":[76],"regular":[77],"user":[78],"authentication":[79,93,103],"to":[80,91,108],"platform.":[83],"In":[84],"this":[85],"paper,":[86],"we":[87],"explore":[88],"problem":[94],"caused":[95],"insecure":[97],"development":[98],"practices.":[99],"This":[100],"type":[101],"allows":[104],"code":[107],"access":[109],"on":[112],"developer\u2019s":[114],"behalf.":[115]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}