Yuqing Yang

yuqing DOT yang AT cispa DOT de

ORCID  DBLP  Google Scholar Twitter

Willkommen! I am a postdoctoral researcher in CISPA Helmholtz Center for Information Security. I am also a member of the W3C Miniapp Working Group.   I obtained my PhD in April, 2025 from OSU. During my PhD, I was advised by Prof. Zhiqiang Lin, working closely with Dr. Yue Zhang and Dr. Chaoshun Zuo. I have also been privileged to have collaborated with Prof. Yan Long at Boston University and Prof. Yan Shoshitaishvili at ASU.   My research interest lies in 1) security analysis for vulnerability and malware detection, 2) security modeling of sensitive and malicious behavior of applications, and 3) security measurement and evaluation at scale on applications and platforms for emerging web and mobile platforms. I particularly focusing on improving static techniques to support complex and dynamic features to improve the accuracy of vulnerability and malware detection.   I am on the job market! I am looking for faculty positions of the 2026 - 2027 academic year.

Publications

1. [IEEE Security and Privacy] The Rise of Miniapps: A New Frontier with Security Challenges in Mobile Apps.
   Yuqing Yang, Chao Wang, Zhiqiang Lin.
   IEEE Security & Privacy, 2025


2. [SaTS'25 @ CCS] Stealthy Trackers: Uncovering Permission-less Fingerprinting in WeChat Miniapps. [bib] [pdf]
   Yuqing Yang, Zhiqiang Lin.
   The 3rd ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS @ CCS), 2025
   Distinguished Paper Award


3. [WiSec'25] ARMOUR US: Android Runtime Zero-permission Sensor Usage Monitoring from User Space. [bib] [pdf]
   Yan Long, Jiancong Cui, Yuqing Yang, Tobias Alam, Zhiqiang Lin, Kevin Fu.
   The 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2025


4. [NDSS'25] Understanding the Miniapp Malware: Identification, Dissection, and Characterization. [bib] [pdf]
   Yuqing Yang, Yue Zhang, Zhiqiang Lin.
   The Network and Distributed System Security Symposium (NDSS), 2025


5. [arxiv] SoK: Decoding the Super App Enigma: The Security Mechanisms, Threats, and Trade-offs in OS-alike Apps. [pdf]
   Yuqing Yang, Chao Wang, Yue Zhang, Zhiqiang Lin.
   Arxiv preprint, 2024.


6. [CCS'23] Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. [bib] [pdf]
   Yue Zhang, Yuqing Yang, Zhiqiang Lin.
   The ACM Conference on Computer and Communications Security (CCS), 2023


7. [ICSE'23] TAINTMINI: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. [pdf] [bib] [code]
   Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, Zhiqiang Lin.
   The International Conference on Software Engineering (ICSE), 2023


8. [CCS'22b] Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection. [bib] [pdf] [slides] [code]
   Yuqing Yang, Yue Zhang, Zhiqiang Lin.
   The ACM Conference on Computer and Communications Security (CCS), 2022


9. [CCS'22a] Detecting and Measuring Misconfigured Manifest in Android Apps. [bib] [pdf] [slides]
   Yuqing Yang, Mohamed Elsabagh, Chaoshun Zuo, Ryan Johnson, Angelos Stavrou, Zhiqiang Lin.
   The ACM Conference on Computer and Communications Security (CCS), 2022


10. [SIGMETRICS'21] A measurement study of Wechat Mini-apps. [bib] [pdf] [code]
    Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, Zhiqiang Lin.
    The ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems(SIGMETRICS), 2021.

Talks and Slides

Academic Services

Teaching Services

Lecture series invited by Feng Liu on cybersecurity and CTF contest.

Lectures invited by Jian Chen on CTF, Committee and organizer of 3rd NJU TrinityCTF contest in 2020.

Joined the TA team while taking the course, revised the lab guide

Lectures invited by Jian Chen on CTF, Committee and organizer of 2nd NJU TrinityCTF contest in 2019.