Abstract
A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host app to build an ecosystem around (much like Google Play and Apple AppStore), enrich the host's functionalities, and offer mobile users elevated convenience without leaving the host app. It has been reported that there are over millions of mini-apps in WeChat. However, little information is known about these mini-apps at an aggregated level. In this paper, we present MiniCrawler, the first scalable and open source WeChat mini-app crawler that has indexed over 1,333,308 mini-apps. It leverages a number of reverse engineering techniques to uncover the interfaces and APIs in WeChat for crawling the mini-apps. With the crawled mini-apps, we then measure their resource consumption, API usage, library usage, obfuscation rate, app categorization, and app ratings at an aggregated level. The details of how we develop MiniCrawler and our measurement results are reported in this paper.
- C. Lee, "WeChat launches mini-app feature," https://www.zdnet.com/article/wechat-launches-mini-app-feature/, 01 2017, (Accessed on 04/21/2021).Google Scholar
- L. Eadicicco, "How facebook, Apple, Google copied china's WeChat messaging app - business insider," https://www.businessinsider.com/facebook-apple-google-copied-wechat-app-trump-executive-order-2020--8, 08 2020, (Accessed on 04/21/2021).Google Scholar
- K. Leswing, "Three ways to get iPhone software without using Apple's App Store," https://www.cnbc.com/2020/09/01/how-to-get-iphone-software-without-using-apples-app-store.html, 9 2020, (Accessed on 04/21/2021).Google Scholar
- A. Ha, "Daily Crunch: Snapchat is getting mini apps," https://techcrunch.com/2020/06/12/daily-crunch-snapchat-is-getting-mini-apps/, 06 2020, (Accessed on 04/21/2021).Google Scholar
- "How brands are using WeChat mini programs," https://mavsocial.com/wechat-mini-programs-for-brands/, 2018.Google Scholar
- H. Lu, L. Xing, Y. Xiao, Y. Zhang, X. Liao, X. Wang, and X. Wang, "Demystifying resource management risks in emerging mobile app-in-app ecosystems," in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 569--585.Google Scholar
- "Number of monthly active WeChat users from 2nd quarter 2011 to 3rd quarter 2020," https://www.statista.com/statistics/255778/number-of-active-wechat-messenger-accounts/, 3 2020, (Accessed on 04/21/2021).Google Scholar
- "WeChat data, insights and statistics: user profile, behaviours, usages, market trends," https://wechatwiki.com/wechat-resources/wechat-data-insight-trend-statistics/, 03 2019, (Accessed on 04/21/2021).Google Scholar
- "The total size of all subpackages of a Mini Program cannot exceed 12 MB," https://developers.weixin.qq.com/miniprogram/en/dev/framework/subpackages.html, 06 2020, (Accessed on 04/21/2021).Google Scholar
- A. Rafi, "Android app size limit increased from 50 MB to 4GB," https://www.androidguys.com/news/android-app-size-limit-increased-from-50mb-to-4gb/, 5 2012, (Accessed on 04/21/2021).Google Scholar
- N. Viennot, E. Garcia, and J. Nieh, "A measurement study of google play," in The 2014 ACM international conference on Measurement and modeling of computer systems, 06 2014, pp. 221--233.Google Scholar
- S. Seneviratne, H. Kolamunna, and A. Seneviratne, "A measurement study of tracking in paid mobile applications," in Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 6 2015, pp. 1--6.Google Scholar
- H. Wang, H. Li, and Y. Guo, "Understanding the evolution of mobile app ecosystems: A longitudinal measurement study of google play," in The World Wide Web Conference, 09 2019, pp. 1988--1999.Google Scholar
Digital Library
- H. Wang, Z. Liu, J. Liang, N. Vallina-Rodriguez, Y. Guo, L. Li, J. Tapiador, J. Cao, and G. Xu, "Beyond google play: A large-scale comparative study of chinese android app markets," in Proceedings of the Internet Measurement Conference 2018, 2018, pp. 293--307.Google Scholar
- W. Liu, G. Zhang, J. Chen, Y. Zou, and W. Ding, "A measurement-based study on application popularity in android and ios app stores," in Proceedings of the 2015 Workshop on Mobile Big Data, 2015, pp. 13--18.Google Scholar
- C. A. Kardous and P. B. Shaw, "Evaluation of smartphone sound measurement applications (apps) using external microphones-a follow-up study," The Journal of the acoustical society of America, vol. 140, no. 4, pp. EL327--EL333, 2016.Google Scholar
Cross Ref
- "WeChat mini program development guide," https://developers.weixin.qq.com/miniprogram/en/dev/framework/, 08 2017, (Accessed on 04/21/2021).Google Scholar
- "Reference documentation for mini program frameworks," https://developers.weixin.qq.com/miniprogram/en/dev/reference/, 08 2020, (Accessed on 04/21/2021).Google Scholar
- "WeChat account protection," https://help.wechat.com/cgi-bin/micromsg-bin/oshelpcenter?opcode=2&lang=en&plat=android&id=170417vMBnEB170417InAF36&Channel=helpcenter, 08 2020, (Accessed on 04/21/2021).Google Scholar
- H. Liu, P. Gao, and Y. Xiao, "New words discovery method based on word segmentation result," in 2018 IEEE/ACIS 17th International Conference on Computer and Information Science. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 645--648.Google Scholar
- "Introduction to android hook framework Xposed," https://programmer.ink/think/introduction-to-android-hook-framework-xposed.html, 06 2019, (Accessed on 04/21/2021).Google Scholar
- "WeChat API categories," https://developers.weixin.qq.com/miniprogram/en/dev/api/, 03 2020, (Accessed on 04/21/2021).Google Scholar
- "Directory structure (offical document)," https://developers.weixin.qq.com/miniprogram/en/dev/framework/structure.html, 03 2020, (Accessed on 04/21/2021).Google Scholar
- "WXML," https://developers.weixin.qq.com/miniprogram/en/dev/reference/wxml/, 03 2020, (Accessed on 04/21/2021).Google Scholar
- "WXSS," https://developers.weixin.qq.com/miniprogram/en/dev/framework/view/wxss.html, 03 2020, (Accessed on 04/21/2021).Google Scholar
- "Configuration of server domain name (WeChat official document)," https://developers.weixin.qq.com/miniprogram/en/dev/framework/ability/network.html, 2020.Google Scholar
- A. Mahajan, Burp Suite Essentials. hskip 1em plus 0.5em minus 0.4emrelax Packt Publishing Ltd, 2014.Google Scholar
- "Dex to java decompiler," https://github.com/skylot/jadx, 06 2015, (Accessed on 04/21/2021).Google Scholar
- S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi, "ASM: A programmable interface for extending android security," in 23rd USENIX Security Symposium, 2014, pp. 1005--1019.Google Scholar
- "Account security," https://007.qq.com/account-guard.html?ADTAG=index.block, 01 2020, (Accessed on 04/21/2021).Google Scholar
- C. Chen, K. Wu, V. Srinivasan, and X. Zhang, "Battling the internet water army: Detection of hidden paid posters," in 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2013, pp. 116--120.Google Scholar
- L. Zhong, "Ranking of the most commonly used 1,000 chinese characters," https://www.thn21.com/base/zi/17300.html, (Accessed on 04/21/2021).Google Scholar
- ""Jieba" (Chinese for "to stutter") chinese text segmentation: built to be the best python chinese word segmentation module." https://github.com/fxsjy/jieba, (Accessed on 02/01/2021).Google Scholar
- "Xposed," https://repo.xposed.info/, (Accessed on 02/01/2021).Google Scholar
- "Weixin mini program platform operation rules," https://developers.weixin.qq.com/miniprogram/en/product/, 2020.Google Scholar
- C. Zuo, H. Wen, Z. Lin, and Y. Zhang, "Automatic fingerprinting of vulnerable ble iot devices with static uuids from mobile apps," in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1469--1483.Google Scholar
- J. Desjardins, "How many millions of lines of code does it take?" https://www.visualcapitalist.com/millions-lines-of-code/, 02 2017, (Accessed on 04/21/2021).Google Scholar
- T. J. McCabe, "A complexity measure," IEEE Transactions on software Engineering, no. 4, pp. 308--320, 1976.Google Scholar
Digital Library
- R. E. Zapata, R. G. Kula, B. Chinthanet, T. Ishio, K. Matsumoto, and A. Ihara, "Towards smoother library migrations: A look at vulnerable dependency migrations at function level for npm javascript packages," in 2018 IEEE International Conference on Software Maintenance and Evolution. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 559--563.Google Scholar
- "WeChat miniapp evaluation," https://developers.weixin.qq.com/community/develop/article/doc/00028a270781c01547b81c2565b013, 2019, (Accessed on 04/21/2021).Google Scholar
- S. M. Mirtaheri, M. E. Dincktürk, S. Hooshmand, G. V. Bochmann, G.-V. Jourdan, and I. V. Onut, "A brief history of web crawlers," arXiv preprint arXiv:1405.0749, 2014.Google Scholar
- M. Ali, M. E. Joorabchi, and A. Mesbah, "Same app, different app stores: A comparative study," in 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2017, pp. 79--90.Google Scholar
- H. Wang, H. Li, L. Li, Y. Guo, and G. Xu, "Why are android apps removed from google play? a large-scale empirical study," in 2018 IEEE/ACM 15th International Conference on Mining Software Repositories. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 231--242.Google Scholar
- H. Wang, Z. Liu, Y. Guo, X. Chen, M. Zhang, G. Xu, and J. Hong, "An explorative study of the mobile app ecosystem from app developers' perspective," in Proceedings of the 26th International Conference on World Wide Web, 2017, pp. 163--172.Google Scholar
- M. Zheng, M. Sun, and J. C. Lui, "Droidray: a security evaluation system for customized android firmwares," in Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014, pp. 471--482.Google Scholar
- M. Elsabagh, R. Johnson, A. Stavrou, C. Zuo, Q. Zhao, and Z. Lin, "FIRMSCOPE: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware," in 29th USENIX Security Symposium, Aug. 2020.Google Scholar
Index Terms
A Measurement Study of Wechat Mini-Apps
Recommendations
A Measurement Study of Wechat Mini-Apps
SIGMETRICS '21A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host ...
A Measurement Study of Wechat Mini-Apps
SIGMETRICS '21: Abstract Proceedings of the 2021 ACM SIGMETRICS / International Conference on Measurement and Modeling of Computer SystemsA new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host ...
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big DataMobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...






Comments