Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Utilizing Large LanguageModels to Detect Privacy Leaks in Mini-App Code (2402.07367v1)

Published 12 Feb 2024 in cs.CR

Abstract: Mini-applications, commonly referred to as mini-apps, are compact software programs embedded within larger applications or platforms, offering targeted functionality without the need for separate installations. Typically web-based or cloud-hosted, these mini-apps streamline user experiences by providing focused services accessible through web browsers or mobile apps. Their simplicity, speed, and integration capabilities make them valuable additions to messaging platforms, social media networks, e-commerce sites, and various digital environments. WeChat Mini Programs, a prominent feature of China's leading messaging app, exemplify this trend, offering users a seamless array of services without additional downloads. Leveraging WeChat's extensive user base and payment infrastructure, Mini Programs facilitate efficient transactions and bridge online and offline experiences, shaping China's digital landscape significantly. This paper investigates the potential of employing LLMs to detect privacy breaches within WeChat Mini Programs. Given the widespread use of Mini Programs and growing concerns about data privacy, this research seeks to determine if LLMs can effectively identify instances of privacy leakage within this ecosystem. Through meticulous analysis and experimentation, we aim to highlight the efficacy of LLMs in safeguarding user privacy and security within the WeChat Mini Program environment, thereby contributing to a more secure digital landscape.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (25)
  1. Samuel R Bowman “Eight things to know about large language models” In arXiv preprint arXiv:2304.00612, 2023
  2. “Shared Account Problem in Super Apps” In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 47–50
  3. “A survey on evaluation of large language models” In arXiv preprint arXiv:2307.03109, 2023
  4. Wang Chao, Yue Zhang and Zhiqiang Lin “Uncovering and Exploiting Hidden APIs in Mobile Super Apps” In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023
  5. “The future landscape of large language models in medicine” In Communications Medicine 3.1 Nature Publishing Group UK London, 2023, pp. 141
  6. “Large Language Models for Software Engineering: Survey and Open Problems”, 2023 arXiv:2310.03533 [cs.SE]
  7. “A survey on large language models: Applications, challenges, limitations, and practical usage” In TechRxiv, 2023
  8. “Large language models for software engineering: A systematic literature review” In arXiv preprint arXiv:2308.10620, 2023
  9. “Demystifying resource management risks in emerging mobile app-in-app ecosystems” In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 569–585
  10. “Large language models in medicine” In Nature medicine 29.8 Nature Publishing Group US New York, 2023, pp. 1930–1940
  11. “TAINTMINI: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis” In ICSE
  12. Chao Wang, Yue Zhang and Zhiqiang Lin “One Size Does Not Fit All: Uncovering and Exploiting Cross Platform Discrepant APIs in WeChat” In 31st USENIX Security Symposium (USENIX Security 23), 2023
  13. “Characterizing and detecting bugs in WeChat mini-programs” In Proceedings of the 44th International Conference on Software Engineering, 2022, pp. 363–375
  14. “Towards a Better Super-App Architecture from a Browser Security Perspective” In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 23–28
  15. “A Survey on LLM-gernerated Text Detection: Necessity, Methods, and Future Directions” In arXiv preprint arXiv:2310.14724, 2023
  16. Xiaodong Wu, Ran Duan and Jianbing Ni “Unveiling Security, Privacy, and Ethical Concerns of ChatGPT”, 2023 arXiv:2307.14192 [cs.CR]
  17. Yuqing Yang, Yue Zhang and Zhiqiang Lin “Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection” In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 3079–3092
  18. “A survey on large language model (llm) security and privacy: The good, the bad, and the ugly” In arXiv preprint arXiv:2312.02003, 2023
  19. “Identity Confusion in {{\{{WebView-based}}\}} Mobile App-in-app Ecosystems” In 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 1597–1613
  20. “A Measurement Study of Wechat Mini-Apps” In SIGMETRICS ’21: ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer Systems, Virtual Event, China, June 14-18, 2021 ACM, 2021, pp. 19–20 DOI: 10.1145/3410220.3460106
  21. Yue Zhang, Yuqing Yang and Zhiqiang Lin “Don’t Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs.” In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023
  22. “TrustedDomain Compromise Attack in App-in-app Ecosystems” In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 51–57
  23. “A survey of large language models” In arXiv preprint arXiv:2303.18223, 2023
  24. “kNN-ICL: Compositional Task-Oriented Parsing Generalization with Nearest Neighbor In-Context Learning”, 2023 arXiv:2312.10771 [cs.CL]
  25. Yanjie Zhao, Yue Zhang and Haoyu Wang “Potential Risks Arising from the Absence of Signature Verification in Miniapp Plugins” In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Superapps, 2023, pp. 59–64

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now