WeChat Mini Programs have become an essential part of everyday life for the general public, with a wide range of applications, high usage frequency, and involvement in numerous industries. But are WeChat Mini Programs safe? What are some common security vulnerabilities found in these mini-programs?
I. No Installation = No Risk?NO!
1. Proliferation of Counterfeit Mini Programs
The nature of mini-programs is web interaction, making the communications more susceptible to being hacked. Moreover, as it is difficult to obfuscate or encrypt the source code of mini-programs, there has been a surge in counterfeit versions.
In the past, developing a counterfeit app could take a week, but now a counterfeit mini-program can be launched in just one or two days.
Furthermore, mini-programs can be spread through mechanisms like "fission" and "social sharing", which often leads to scenarios where the "counterfeit" version spreads faster and has more users than the "authentic" ones.
2. Potential Authorization Risks
WeChat Mini-Programs serve as a bridge between app developers and users, with all their information exchanges passing through the WeChat platform. As a result, WeChat can access all network requests and store data. Some mini-program operators lure users into providing their authorization under the guise of "necessary login permissions," thereby gaining access to user information for infringing on user rights.
There was a recent case in point. Ms. Zhang, a citizen, reported that after logging into a certain mini program, she kept receiving prompts to bind her mobile phone number, with warnings that she couldn't continue browsing the website without doing so. However, once she bound her number, she began receiving an incessant stream of telemarketing calls, which greatly disrupted her life.
3. Phishing Risks
With the continuous expansion of mini-program applications, everyone will be able to participate in developing mini-programs in the future. If unscrupulous merchants develop phishing WeChat Mini Programs, embed Trojans in the pages, and somehow circumvent WeChat's review process, it could lead to the leakage of user information and financial losses.
II. How to Guard Against WeChat Mini-Program Threats?
1. Enhance Screening and Identifying
To protect against the information security risks of WeChat mini-programs, it's crucial to use the “authentic" versions rather than the "counterfeit" ones. For example, when entering a mini-program, please first check the owner company and associated official accounts to determine its legitimacy. When faced with mini-programs that offer similar functions, please prefer to use those from well-known brands or those you are familiar with or have used before. Avoid scanning QR codes to enter mini-programs indiscriminately and be cautious about using the "Nearby Mini-Programs" feature, etc.
2. Beware of Bundling Traps
Be cautious of mini-programs that "request" various permissions, such as "accessing location information," "reading text messages," "accessing contacts," "connecting to the internet," "using the camera," etc. If you have already granted these permissions, please disable them after using the mini-program. Pay special attention to the authenticity and reliability of mini-programs that require you to enter sensitive personal information or bind your mobile phone number to avoid falling victim to online fraud, harassment, or cold calls.