Understanding Privacy Over-collection in WeChat Sub-app Ecosystem

Nowadays the app-in-app paradigm is becoming increasingly popular, and sub-apps have become an important form of mobile applications. WeChat, the leading app-in-app platform, provides millions of sub-apps that can be used for online shopping, financing, social networking, etc. However, privacy issues in this new ecosystem have not been well understood. This paper performs the first systematic study of privacy over-collection in sub-apps (denoted as SPO), where sub-apps actually collect more privacy data than they claim in their privacy policies. We propose a taxonomy of privacy for this ecosystem and a framework named SPOChecker to automatically detect SPO in real-world sub-apps. Based on SPOChecker, we collect 5,521 popular and representative WeChat sub-apps and conduct a measurement study to understand SPO from three aspects: its landscape, accountability, and defense methods. The result is worrisome, that more than half of all studied sub-apps do not provide users with privacy policies. Among 2,511 sub-apps that provide privacy policies, 489 (19.47%) of them contain SPO. We look into the detailed characteristics of SPO, figure out possible reasons and the responsibilities of stakeholders in the ecosystem, and rethink current defense methods. The measurement leads to several insightful findings that can help the community to better understand SPO and protect privacy in sub-apps.