Yuqing Yang

yang DOT 5656 AT osu DOT edu

ORCID  DBLP  Google Scholar Twitter

Willkommen! I am a final year PhD Candidate advised by Prof. Zhiqiang Lin in OSU. I am also a member of the SecLab at OSU.

My research interest lies in web security for emerging platforms, such as super apps. I focus in vulnerability and malware detection in these platforms, especially on the cliend-side.

Before joining OSU, I received my B.Eng. degree in Nanjing University supervised by Prof. Fengyuan Xu. I also worked in Shanghai Jiao Tong University and Shanghai Qizhi Institute, after my graduation.

About Me My Calendar Music Scores My Friends

Quick Facts About Me:

  • I won the 2024 Concerto Competition and will be playing Yellow River Piano Concerto as Soloist in BPO!
  • I joined the MiniApp Working Group of W3C Standards Organization serving as an Invited Expert since 11/1/2024.
  • I initiated the AEGIS Symposium in 2020, with the Security Rising Star group hitting over 700 members by 2024, marking a significant and lively community among young security researches. If you are interested in participating via WeChat, Whatsapp, or Discord, feel free to contact me!
  • For NJU alumni: I co-founded of the NJU-CS-Flyers alumni network and am the Alumni Liason (校友联络员) of Software Institute (class of 2020). Should you need any help connecting with your alumni, feel free to drop me an email.

    • Publications

  • [NDSS'25] Understanding the Miniapp Malware: Identification, Dissection, and Characterization.
    Yuqing Yang, Yue Zhang, Zhiqiang Lin.
    To appear in The Network and Distributed System Security Symposium (NDSS), 2025

  • [arxiv] SoK: Decoding the Super App Enigma: The Security Mechanisms, Threats, and Trade-offs in OS-alike Apps. [pdf]
    Yuqing Yang, Chao Wang, Yue Zhang, Zhiqiang Lin.
    arxiv preprint (in submission).

  • [CCS'23] Don't Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. [bib] [pdf]
    Yue Zhang, Yuqing Yang, Zhiqiang Lin.
    The ACM Conference on Computer and Communications Security (CCS), 2023

  • [ICSE'23] TAINTMINI: Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis. [pdf] [bib] [code]
    Chao Wang, Ronny Ko, Yue Zhang, Yuqing Yang, Zhiqiang Lin.
    The International Conference on Software Engineering (ICSE), 2023
    (acceptance rate: 26%)

  • [CCS'22b] Cross Miniapp Request Forgery: Root Causes, Attacks, and Vulnerability Detection. [bib] [pdf] [slides] [code]
    Yuqing Yang, Yue Zhang, Zhiqiang Lin.
    The ACM Conference on Computer and Communications Security (CCS), 2022
    (acceptance rate: 22%)

  • [CCS'22a] Detecting and Measuring Misconfigured Manifest in Android Apps. [bib] [pdf] [slides]
    Yuqing Yang, Mohamed Elsabagh, Chaoshun Zuo, Ryan Johnson, Angelos Stavrou, Zhiqiang Lin.
    The ACM Conference on Computer and Communications Security (CCS), 2022
    (acceptance rate: 22%)

  • [SIGMETRICS'21] A measurement study of Wechat Mini-apps. [bib] [pdf] [code]
    Yue Zhang, Bayan Turkistani, Allen Yuqing Yang, Chaoshun Zuo, Zhiqiang Lin.
    The ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems(SIGMETRICS), 2021.
    (acceptance rate: 12%)

    • Talks and Slides

  • Dissecting the Security Risks in Super Apps, Peking University, Zhejiang University, Fudan University, Nanjing University, and CUHK, 06/2023
  • When Super Apps Become Operating Systems: The Good, The Bad, and The Ugly, 06/08/2023, [slides]
  • RTFM! On the misconfiguration of Android Manifest from a Security Perspective, Nanjing University, 12/14/2022

    • Academic Services

  • TOPS'24, reviewer
  • TIFS'24, reviewer
  • IEEE ICCCN'23, sub reviewer
  • SecureComm'22, reviewer

    • Teaching Services

  • Computer Network (Spring 2020)

    • Lecture series invited by Feng Liu on cybersecurity and CTF contest.


  • Cyber Attack and Defence Lab (Fall 2019)

    • Lectures invited by Jian Chen on CTF, Committee and organizer of 3rd NJU TrinityCTF contest in 2020.


  • Computer Network (Spring 2019)

    • Joined the TA team while taking the course, revised the lab guide


  • Cyber Attack and Defence Lab (Fall 2019)

    • Lectures invited by Jian Chen on CTF, Committee and organizer of 2nd NJU TrinityCTF contest in 2019.



    Misc

    1. Music is a fundamental and indispensable part of my life. I served in OSU's Buckeye Philharmonic Orchestra (2021~), Nanjing University Symphony Orchestra (2016~2020), NJU Piano Association (2016~2020) separately.


    2. I had been learning Kendo (Japanese Fencing) since 2021 and an active member in OSU Kendo Club, a club associated with East-Central U.S. Kendo Federation (ECUSKF).


    3. I am the Alumni Liaison of SWI (class of 2020).


    4. I co-founded NJU-CS-Flyers, an alumni network for CS/SE students abroad.


    5. I co-founded Aegis-readers, a group with computer science researchers in cybersecurity. Part of the members can be seen here.