1、#BHAS BlackHatEventsMini-App But Great Impact:New Ways to Compromise Mobile AppsIES Red Team of ByteDance#BHAS BlackHatEventsAbout us Security researchers and developers at IES Red Team of ByteDance Privacy and data protection researches involving Apps and Systems Security bug hunters including Mobi
2、le,Web and Cloud Speakers at Black Hat USA/Europe/Aisa,Black Hat USA Arsenal#BHAS BlackHatEvents1.Introduction of Mini-Apps2.Risk Assessment3.Further Exploit4.Security Recommendations5.ConcolusionOutline#BHAS BlackHatEvents1.Introduction of Mini-Apps#BHAS BlackHatEventsMini-Apps and Super AppsMini-a
3、pp-hybrid solution-Web technologies-Integrates with the capabilities of native apps.Super app-Native app-Host and Support for Mini-apps-Provide resources#BHAS BlackHatEventsComparison Study FeatureMini-appWeb App(Chrome)Native App(Android)DeployedpacgakeWeb resourcesapkEngineWebView/NativeV8/JavaScr
4、iptCoreBlink/Gecko/WebKitV8/JavaScriptCoreART/DalvikDependenciesSuper appBrowserAndroid OS#BHAS BlackHatEventsAPI&Security MechanismFile API:-x.saveFIle-x.openFIle-x.downloadFile-x.Network API:-x.request-x.fetch-x.upload-x.Location API:-x.getLocation-x.queryGPS-x.updateLocation-.Media API:-x.openCam
5、era-x.openMicrophone-x.accessAlbum-x.SecurityPermission Check-Vertical-HorizontalSandbox-Data Storage-Code Execution-Runtime Environment#BHAS BlackHatEvents2.Risk Assessment#BHAS BlackHatEventsWeb AppNative AppMini-AppAccess ControlSandbox Storage-?Same-origin policy-?Process isolation?Comparsion an
6、d Risk Assessment#BHAS BlackHatEventsRisk AssessmentFileManager APIOperationreadFileSyncreadwriteFileSyncwriteunzipwriteRiskVunl Super-AppsRelative path in parameter2/9Symbolic link in parameter3/9Filename with relative path in zip file5/9API for File AccessRisk for File Access#BHAS BlackHatEventsFi