skip to main content
research-article

A Measurement Study of Wechat Mini-Apps

Published:04 June 2021Publication History
Skip Abstract Section

Abstract

A new mobile computing paradigm, dubbed mini-app, has been growing rapidly over the past few years since being introduced by WeChat in 2017. In this paradigm, a host app allows its end-users to install and run mini-apps inside itself, enabling the host app to build an ecosystem around (much like Google Play and Apple AppStore), enrich the host's functionalities, and offer mobile users elevated convenience without leaving the host app. It has been reported that there are over millions of mini-apps in WeChat. However, little information is known about these mini-apps at an aggregated level. In this paper, we present MiniCrawler, the first scalable and open source WeChat mini-app crawler that has indexed over 1,333,308 mini-apps. It leverages a number of reverse engineering techniques to uncover the interfaces and APIs in WeChat for crawling the mini-apps. With the crawled mini-apps, we then measure their resource consumption, API usage, library usage, obfuscation rate, app categorization, and app ratings at an aggregated level. The details of how we develop MiniCrawler and our measurement results are reported in this paper.

References

  1. C. Lee, "WeChat launches mini-app feature," https://www.zdnet.com/article/wechat-launches-mini-app-feature/, 01 2017, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  2. L. Eadicicco, "How facebook, Apple, Google copied china's WeChat messaging app - business insider," https://www.businessinsider.com/facebook-apple-google-copied-wechat-app-trump-executive-order-2020--8, 08 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  3. K. Leswing, "Three ways to get iPhone software without using Apple's App Store," https://www.cnbc.com/2020/09/01/how-to-get-iphone-software-without-using-apples-app-store.html, 9 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  4. A. Ha, "Daily Crunch: Snapchat is getting mini apps," https://techcrunch.com/2020/06/12/daily-crunch-snapchat-is-getting-mini-apps/, 06 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  5. "How brands are using WeChat mini programs," https://mavsocial.com/wechat-mini-programs-for-brands/, 2018.Google ScholarGoogle Scholar
  6. H. Lu, L. Xing, Y. Xiao, Y. Zhang, X. Liao, X. Wang, and X. Wang, "Demystifying resource management risks in emerging mobile app-in-app ecosystems," in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 569--585.Google ScholarGoogle Scholar
  7. "Number of monthly active WeChat users from 2nd quarter 2011 to 3rd quarter 2020," https://www.statista.com/statistics/255778/number-of-active-wechat-messenger-accounts/, 3 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  8. "WeChat data, insights and statistics: user profile, behaviours, usages, market trends," https://wechatwiki.com/wechat-resources/wechat-data-insight-trend-statistics/, 03 2019, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  9. "The total size of all subpackages of a Mini Program cannot exceed 12 MB," https://developers.weixin.qq.com/miniprogram/en/dev/framework/subpackages.html, 06 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  10. A. Rafi, "Android app size limit increased from 50 MB to 4GB," https://www.androidguys.com/news/android-app-size-limit-increased-from-50mb-to-4gb/, 5 2012, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  11. N. Viennot, E. Garcia, and J. Nieh, "A measurement study of google play," in The 2014 ACM international conference on Measurement and modeling of computer systems, 06 2014, pp. 221--233.Google ScholarGoogle Scholar
  12. S. Seneviratne, H. Kolamunna, and A. Seneviratne, "A measurement study of tracking in paid mobile applications," in Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 6 2015, pp. 1--6.Google ScholarGoogle Scholar
  13. H. Wang, H. Li, and Y. Guo, "Understanding the evolution of mobile app ecosystems: A longitudinal measurement study of google play," in The World Wide Web Conference, 09 2019, pp. 1988--1999.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. H. Wang, Z. Liu, J. Liang, N. Vallina-Rodriguez, Y. Guo, L. Li, J. Tapiador, J. Cao, and G. Xu, "Beyond google play: A large-scale comparative study of chinese android app markets," in Proceedings of the Internet Measurement Conference 2018, 2018, pp. 293--307.Google ScholarGoogle Scholar
  15. W. Liu, G. Zhang, J. Chen, Y. Zou, and W. Ding, "A measurement-based study on application popularity in android and ios app stores," in Proceedings of the 2015 Workshop on Mobile Big Data, 2015, pp. 13--18.Google ScholarGoogle Scholar
  16. C. A. Kardous and P. B. Shaw, "Evaluation of smartphone sound measurement applications (apps) using external microphones-a follow-up study," The Journal of the acoustical society of America, vol. 140, no. 4, pp. EL327--EL333, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  17. "WeChat mini program development guide," https://developers.weixin.qq.com/miniprogram/en/dev/framework/, 08 2017, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  18. "Reference documentation for mini program frameworks," https://developers.weixin.qq.com/miniprogram/en/dev/reference/, 08 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  19. "WeChat account protection," https://help.wechat.com/cgi-bin/micromsg-bin/oshelpcenter?opcode=2&lang=en&plat=android&id=170417vMBnEB170417InAF36&Channel=helpcenter, 08 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  20. H. Liu, P. Gao, and Y. Xiao, "New words discovery method based on word segmentation result," in 2018 IEEE/ACIS 17th International Conference on Computer and Information Science. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 645--648.Google ScholarGoogle Scholar
  21. "Introduction to android hook framework Xposed," https://programmer.ink/think/introduction-to-android-hook-framework-xposed.html, 06 2019, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  22. "WeChat API categories," https://developers.weixin.qq.com/miniprogram/en/dev/api/, 03 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  23. "Directory structure (offical document)," https://developers.weixin.qq.com/miniprogram/en/dev/framework/structure.html, 03 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  24. "WXML," https://developers.weixin.qq.com/miniprogram/en/dev/reference/wxml/, 03 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  25. "WXSS," https://developers.weixin.qq.com/miniprogram/en/dev/framework/view/wxss.html, 03 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  26. "Configuration of server domain name (WeChat official document)," https://developers.weixin.qq.com/miniprogram/en/dev/framework/ability/network.html, 2020.Google ScholarGoogle Scholar
  27. A. Mahajan, Burp Suite Essentials. hskip 1em plus 0.5em minus 0.4emrelax Packt Publishing Ltd, 2014.Google ScholarGoogle Scholar
  28. "Dex to java decompiler," https://github.com/skylot/jadx, 06 2015, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  29. S. Heuser, A. Nadkarni, W. Enck, and A.-R. Sadeghi, "ASM: A programmable interface for extending android security," in 23rd USENIX Security Symposium, 2014, pp. 1005--1019.Google ScholarGoogle Scholar
  30. "Account security," https://007.qq.com/account-guard.html?ADTAG=index.block, 01 2020, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  31. C. Chen, K. Wu, V. Srinivasan, and X. Zhang, "Battling the internet water army: Detection of hidden paid posters," in 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2013, pp. 116--120.Google ScholarGoogle Scholar
  32. L. Zhong, "Ranking of the most commonly used 1,000 chinese characters," https://www.thn21.com/base/zi/17300.html, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  33. ""Jieba" (Chinese for "to stutter") chinese text segmentation: built to be the best python chinese word segmentation module." https://github.com/fxsjy/jieba, (Accessed on 02/01/2021).Google ScholarGoogle Scholar
  34. "Xposed," https://repo.xposed.info/, (Accessed on 02/01/2021).Google ScholarGoogle Scholar
  35. "Weixin mini program platform operation rules," https://developers.weixin.qq.com/miniprogram/en/product/, 2020.Google ScholarGoogle Scholar
  36. C. Zuo, H. Wen, Z. Lin, and Y. Zhang, "Automatic fingerprinting of vulnerable ble iot devices with static uuids from mobile apps," in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019, pp. 1469--1483.Google ScholarGoogle Scholar
  37. J. Desjardins, "How many millions of lines of code does it take?" https://www.visualcapitalist.com/millions-lines-of-code/, 02 2017, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  38. T. J. McCabe, "A complexity measure," IEEE Transactions on software Engineering, no. 4, pp. 308--320, 1976.Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. R. E. Zapata, R. G. Kula, B. Chinthanet, T. Ishio, K. Matsumoto, and A. Ihara, "Towards smoother library migrations: A look at vulnerable dependency migrations at function level for npm javascript packages," in 2018 IEEE International Conference on Software Maintenance and Evolution. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 559--563.Google ScholarGoogle Scholar
  40. "WeChat miniapp evaluation," https://developers.weixin.qq.com/community/develop/article/doc/00028a270781c01547b81c2565b013, 2019, (Accessed on 04/21/2021).Google ScholarGoogle Scholar
  41. S. M. Mirtaheri, M. E. Dincktürk, S. Hooshmand, G. V. Bochmann, G.-V. Jourdan, and I. V. Onut, "A brief history of web crawlers," arXiv preprint arXiv:1405.0749, 2014.Google ScholarGoogle Scholar
  42. M. Ali, M. E. Joorabchi, and A. Mesbah, "Same app, different app stores: A comparative study," in 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2017, pp. 79--90.Google ScholarGoogle Scholar
  43. H. Wang, H. Li, L. Li, Y. Guo, and G. Xu, "Why are android apps removed from google play? a large-scale empirical study," in 2018 IEEE/ACM 15th International Conference on Mining Software Repositories. hskip 1em plus 0.5em minus 0.4emrelax IEEE, 2018, pp. 231--242.Google ScholarGoogle Scholar
  44. H. Wang, Z. Liu, Y. Guo, X. Chen, M. Zhang, G. Xu, and J. Hong, "An explorative study of the mobile app ecosystem from app developers' perspective," in Proceedings of the 26th International Conference on World Wide Web, 2017, pp. 163--172.Google ScholarGoogle Scholar
  45. M. Zheng, M. Sun, and J. C. Lui, "Droidray: a security evaluation system for customized android firmwares," in Proceedings of the 9th ACM symposium on Information, computer and communications security, 2014, pp. 471--482.Google ScholarGoogle Scholar
  46. M. Elsabagh, R. Johnson, A. Stavrou, C. Zuo, Q. Zhao, and Z. Lin, "FIRMSCOPE: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware," in 29th USENIX Security Symposium, Aug. 2020.Google ScholarGoogle Scholar

Index Terms

  1. A Measurement Study of Wechat Mini-Apps

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems
        Proceedings of the ACM on Measurement and Analysis of Computing Systems  Volume 5, Issue 2
        POMACS
        June 2021
        424 pages
        EISSN:2476-1249
        DOI:10.1145/3469656
        Issue’s Table of Contents

        Copyright © 2021 Owner/Author

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 4 June 2021
        Published in pomacs Volume 5, Issue 2

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!