Yuqing Yang

yuqing DOT yang AT cispa DOT de

ORCID  DBLP  Google Scholar Twitter

Willkommen! I am a postdoctoral researcher in CISPA Helmholtz Center for Information Security. I am also a member of the W3C Miniapp Working Group.

 

I obtained my PhD in April, 2025 from OSU. During my PhD, I was advised by Prof. Zhiqiang Lin, working closely with Dr. Yue Zhang and Dr. Chaoshun Zuo. I have also been privileged to have collaborated with Prof. Shinan Liu at Hong Kong University, Prof. Yan Long at Boston University, Prof. Yan Shoshitaishvili at ASU.

Now in CISPA, I have worked with great researchers including my advisor Dr. Giancarlo Pellegrino, Dr. Maximilian Golla and Dr. Sven Burgiel.

 

My research interest lies in 1) security analysis for vulnerability and malware detection, 2) security modeling of sensitive and malicious behavior of applications, and 3) security measurement and evaluation at scale on applications and platforms for emerging web and mobile platforms. I particularly focus on improving static techniques to support complex and dynamic features to improve the accuracy of vulnerability and malware detection.

 

I am on the job market! I am looking for faculty positions of the 2026 - 2027 academic year.

About Me My Calendar Music Scores My Friends

Publications

  1. [IEEE Security and Privacy] The Rise of Miniapps: A New Frontier with Security Challenges in Mobile Apps.
    Yuqing Yang, Chao Wang, Zhiqiang Lin.
    IEEE Security & Privacy, 2025

  2. [SaTS'25 @ CCS] Stealthy Trackers: Uncovering Permission-less Fingerprinting in WeChat Miniapps. [bib] [pdf]
    Yuqing Yang, Zhiqiang Lin.
    The 3rd ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS @ CCS), 2025
    Distinguished Paper Award

  3. [WiSec'25] ARMOUR US: Android Runtime Zero-permission Sensor Usage Monitoring from User Space. [bib] [pdf]
    Yan Long, Jiancong Cui, Yuqing Yang, Tobias Alam, Zhiqiang Lin, Kevin Fu.
    The 18th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2025

  4. [NDSS'25] Understanding the Miniapp Malware: Identification, Dissection, and Characterization. [bib] [pdf]
    Yuqing Yang, Yue Zhang, Zhiqiang Lin.
    The Network and Distributed System Security Symposium (NDSS), 2025

  5. [arxiv] SoK: Decoding the Super App Enigma: The Security Mechanisms, Threats, and Trade-offs in OS-alike Apps. [pdf]
    Yuqing Yang, Chao Wang, Yue Zhang, Zhiqiang Lin.
    Arxiv preprint, 2024.

  6. [CCS'23] Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. [bib] [pdf]
    Yue Zhang, Yuqing Yang, Zhiqiang Lin.
    The ACM Conference on Computer and Communications Security (CCS), 2023

  7. [ICSE'23] TAINTMINI: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. [pdf] [bib] [code]
    Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, Zhiqiang Lin.
    The International Conference on Software Engineering (ICSE), 2023

  8. [CCS'22b] Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection. [bib] [pdf] [slides] [code]
    Yuqing Yang, Yue Zhang, Zhiqiang Lin.
    The ACM Conference on Computer and Communications Security (CCS), 2022

  9. [CCS'22a] Detecting and Measuring Misconfigured Manifest in Android Apps. [bib] [pdf] [slides]
    Yuqing Yang, Mohamed Elsabagh, Chaoshun Zuo, Ryan Johnson, Angelos Stavrou, Zhiqiang Lin.
    The ACM Conference on Computer and Communications Security (CCS), 2022

  10. [SIGMETRICS'21] A measurement study of Wechat Mini-apps. [bib] [pdf] [code]
    Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, Zhiqiang Lin.
    The ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems(SIGMETRICS), 2021.

Talks and Slides

  • Dissecting the Security Risks in Super Apps, Peking University, Zhejiang University, Fudan University, Nanjing University, and CUHK, 06/2023
  • When Super Apps Become Operating Systems: The Good, The Bad, and The Ugly, 06/08/2023, [slides]
  • RTFM! On the misconfiguration of Android Manifest from a Security Perspective, Nanjing University, 12/14/2022

    • Academic Services

    Organization Committee Member:

  • ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS): 25

    • Technical Program Committee (TPC) Member:

  • The ACM Web Conference (WWW): 26
  • SIG SIDAR Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA): 26
  • ACM Workshop on Security and Privacy of AI-Empowered Mobile Super Apps (SaTS): 25

    • Other Reviewer Services:

  • Computer Networks Journal (ComNet): 25
  • IEEE Transactions on Information Forensics and Security (TIFS): 24, 25
  • ACM Transactions on Privacy and Security (TOPS): 24
  • IEEE International Conference on Computer Communications and Networks (ICCCN): 23
  • EAI International Conference on Security and Privacy in Communication Networks (SecureComm): 22

    • Teaching Services

  • Computer Network (Spring 2020)

    • Lecture series invited by Feng Liu on cybersecurity and CTF contest.


  • Cyber Attack and Defence Lab (Fall 2019)

    • Lectures invited by Jian Chen on CTF, Committee and organizer of 3rd NJU TrinityCTF contest in 2020.


  • Computer Network (Spring 2019)

    • Joined the TA team while taking the course, revised the lab guide


  • Cyber Attack and Defence Lab (Fall 2019)

    • Lectures invited by Jian Chen on CTF, Committee and organizer of 2nd NJU TrinityCTF contest in 2019.