pith. sign in

arxiv: 2604.15637 · v1 · submitted 2026-04-17 · 💻 cs.CR

Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence

Haoling Zhou (1) , Shixuan Zhao (1) , Chao Wang (1) , Zhiqiang Lin (1) ((1) The Ohio State University) This is my paper

Pith reviewed 2026-05-10 08:35 UTC · model grok-4.3

classification 💻 cs.CR
keywords token theftApple Intelligenceaccess token replaycross-device attackAI securityprivacy designusage limit bypassanonymous authentication
0
0 comments X

The pith

Apple Intelligence's anonymous access tokens can be stolen from one device and replayed on another to bypass the attacker's usage limits.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines Apple Intelligence's claimed privacy-focused design, which uses a two-stage process to issue anonymous access tokens for its generative AI features. By analyzing network traffic and reverse engineering the client software, the authors identify that these tokens lack binding to a specific device. This allows an attacker to extract tokens from a victim's device and apply them on a separate device, with all rate limits still enforced against the original owner. The resulting Serpent attack succeeds on current macOS versions and shows that an attacker who has already exhausted their own quota can immediately resume service use. The work concludes that simple anonymization of identity is insufficient to secure such services without additional cryptographic measures to enforce non-transferability.

Core claim

The paper establishes that Apple Intelligence's two-stage anonymous access token mechanism, as observed through traffic analysis and reverse engineering, permits practical cross-device replay attacks. Tokens stolen from a victim device remain valid when presented from an attacker's device, allowing continued access to the AI service even after the attacker's personal usage allowance is depleted, while limits continue to apply only to the victim.

What carries the argument

The Serpent attack, which exploits the two-stage anonymous access token issuance process that lacks device-specific cryptographic binding to prevent replay across devices.

If this is right

  • An attacker whose own Apple Intelligence quota is exhausted can immediately regain full access by stealing and replaying a victim's tokens.
  • The attack works across different devices and operating systems, as shown on macOS 26 Tahoe.
  • Anonymizing user identity alone does not prevent token transfer in built-in AI services.
  • Enforcing non-transferability requires explicit cryptographic binding of tokens to the legitimate user or device.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Other generative AI services that rely on anonymous or loosely bound tokens may face similar replay risks if they do not add device-specific cryptography.
  • Service providers could mitigate this by incorporating hardware-backed attestations or per-device keys during token issuance.
  • Audits of privacy claims in consumer AI platforms should specifically test for cross-device token usability rather than assuming anonymity suffices.

Load-bearing premise

The token flows captured by traffic analysis and reverse engineering match Apple's actual design and contain no hidden device-binding cryptography that would block cross-device use.

What would settle it

A successful demonstration that a stolen token is rejected when presented from any device other than the original one, due to cryptographic checks that tie validity to the issuing device.

Figures

Figures reproduced from arXiv: 2604.15637 by Chao Wang (1), Haoling Zhou (1), Shixuan Zhao (1), Zhiqiang Lin (1) ((1) The Ohio State University).

Figure 1
Figure 1. Figure 1: Security components of Apple Intelligence [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Authentication protocol of Apple Intelligence [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: The token format of TGT and OTT following RFC 9578. The [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Swift code logics of CloudBoard in PCC showing the default result bypass [PITH_FULL_IMAGE:figures/full_fig_p007_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Workflow of the token fetching of privatecloudcomputed A key question here is where are the tokens stored on the device. Apple’s public documentation does not offer any information on it. The source code published on GitHub, while including some clues, also does not point to the on-device storage of the token. To find out how the tokens are handled, we reverse engineered the Apple Intelligence subsystem on… view at source ↗
Figure 6
Figure 6. Figure 6: TGT now saves to the iCloud keychain on macOS 26.2 after Apple deployed [PITH_FULL_IMAGE:figures/full_fig_p014_6.png] view at source ↗
read the original abstract

Apple Intelligence is a generative AI (GenAI) service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and authorization design using anonymous access tokens. In this paper, we present our investigation into this token issuance mechanism with a goal to reveal possible vulnerabilities using traffic analysis, reverse engineering, and cross comparison with Apple's public documentation. Specifically, we present the Serpent attack, the first practical cross-device token replay attack against Apple Intelligence that allows the attacker to steal the access tokens from the victim's device and utilise them on a different device, with all usage rate-limited against the victim. We have achieved successful attacks on the latest macOS 26 Tahoe and demonstrated that an attacker, who even has used up its own allowance, can immediately regain access to Apple Intelligence service. We have responsibly disclosed the vulnerabilities to the vendors and received confirmation from Apple with CVE assigned and bounty given. Our results highlight a general lesson for built-in AI services: Anonymising identity does not by itself make the AI service secure; Enforcing non-transferability requires cryptographic binding to the rightful user.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The manuscript investigates the two-stage anonymous access token mechanism used by Apple Intelligence. Through traffic analysis and reverse engineering, the authors identify and demonstrate the Serpent attack: a practical cross-device token replay that extracts tokens from a victim's device for use on an attacker's device. Usage remains rate-limited against the victim, allowing an attacker who has exhausted their own quota to regain access. The attack is shown to succeed on macOS 26 Tahoe; responsible disclosure produced Apple confirmation, CVE assignment, and a bounty payment. The paper concludes that anonymization alone does not guarantee security without cryptographic binding to the legitimate user.

Significance. If the empirical findings hold, the work is significant for exposing a concrete token-replay vulnerability in a production privacy-focused GenAI service from a major vendor. The external validation via Apple's CVE and bounty payment provides independent corroboration that strengthens the central claim. The result supplies a clear, falsifiable lesson for designers of built-in AI services: non-transferability requires explicit cryptographic binding rather than relying on anonymization. The reproducible demonstration on current hardware and the absence of free parameters or fitted models are notable strengths.

minor comments (2)
  1. [Abstract] Abstract: the reference to 'macOS 26 Tahoe' should specify whether this is a released version, beta, or internal codename, as this affects the reader's ability to reproduce the exact environment.
  2. [Methodology] The description of the traffic-analysis and reverse-engineering steps would benefit from an explicit list of tools and packet-capture configurations used to observe the two-stage token issuance, improving verifiability for other researchers.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for their positive review, accurate summary of the Serpent attack, and recommendation to accept the manuscript. The external validation via Apple's CVE assignment and bounty payment is correctly noted as strengthening the empirical claims.

Circularity Check

0 steps flagged

No significant circularity; empirical attack demonstration with external vendor confirmation

full rationale

The paper presents an empirical security analysis based on traffic analysis, reverse engineering of Apple Intelligence's token issuance, and successful cross-device replay attacks on macOS. It reports vendor confirmation via CVE assignment and bounty payout, which constitutes independent external validation rather than self-referential logic. No mathematical derivations, fitted parameters, equations, or load-bearing self-citations appear in the provided text. The central claim reduces to observed behavior and responsible disclosure, not to any input that is redefined or predicted by construction within the paper itself. This is a standard non-circular empirical security report.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim depends on the accuracy of reverse-engineered token behavior matching Apple's claimed two-stage anonymous design; no free parameters or invented entities are introduced.

axioms (1)
  • domain assumption Apple's anonymous access tokens are extractable via traffic analysis and lack device-specific cryptographic binding
    Derived from successful attack demonstration and comparison with public documentation.

pith-pipeline@v0.9.0 · 5532 in / 1179 out tokens · 49648 ms · 2026-05-10T08:35:02.618926+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

48 extracted references · 48 canonical work pages

  1. [1]

    Creating distribution-signed code for macOS | Apple Developer Documentation.https: //developer.apple.com/documentation/xcode/creating-distribution-signed-code-f or-the-mac

    Apple. Creating distribution-signed code for macOS | Apple Developer Documentation.https: //developer.apple.com/documentation/xcode/creating-distribution-signed-code-f or-the-mac

    work page

  2. [2]

    Keychain Access Groups Entitlement | Apple Developer Documentation

    Apple. Keychain Access Groups Entitlement | Apple Developer Documentation. https: //developer.apple.com/documentation/bundleresources/entitlements/keychain-acc ess-groups

    work page

  3. [3]

    XPC | Apple Developer Documentation.https://developer.apple.com/document ation/xpc

    Apple. XPC | Apple Developer Documentation.https://developer.apple.com/document ation/xpc

    work page

  4. [4]

    iCloud Private Relay Overview.https://www.apple.com/privacy/docs/iCloud_Pr ivate_Relay_Overview_Dec2021.PDF, 2021

    Apple. iCloud Private Relay Overview.https://www.apple.com/privacy/docs/iCloud_Pr ivate_Relay_Overview_Dec2021.PDF, 2021

    work page 2021

  5. [5]

    Apple Intelligence - Apple.https://www.apple.com/apple-intelligence/, 2024

    Apple. Apple Intelligence - Apple.https://www.apple.com/apple-intelligence/, 2024

    work page 2024

  6. [6]

    Secure Enclave - Apple Support.https://support.apple.com/guide/security/sec ure-enclave-sec59b0b31ff/web, 2024

    Apple. Secure Enclave - Apple Support.https://support.apple.com/guide/security/sec ure-enclave-sec59b0b31ff/web, 2024

    work page 2024

  7. [7]

    Keychain Services

    Apple. Keychain Services. https://developer.apple.com/documentation/security/key chain-services, 2025

    work page 2025

  8. [8]

    Balasupramanian, Ben George Ephrem, and Imad Salim Al-Barwani

    N. Balasupramanian, Ben George Ephrem, and Imad Salim Al-Barwani. User pattern based online fraud detection and prevention using big data analytics and self organizing maps. In2017 International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT), pages 691–694, 2017.doi:10.1109/ICICICT1.2017.8342647

    work page doi:10.1109/icicict1.2017.8342647 2017

  9. [9]

    Mitchell

    Adam Barth, Collin Jackson, and John C. Mitchell. Robust defenses for cross-site request forgery. InProceedings of the 15th ACM Conference on Computer and Communications Security, CCS ’08, page 75–88, New York, NY, USA, 2008. Association for Computing Machinery. doi:10.1145/1455770.1455782

    work page doi:10.1145/1455770.1455782 2008

  10. [10]

    Sok: Oblivious pseudorandom functions

    Sílvia Casacuberta, Julia Hesse, and Anja Lehmann. Sok: Oblivious pseudorandom functions. In2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P), pages 625–646, 2022.doi:10.1109/EuroSP53844.2022.00045

    work page doi:10.1109/eurosp53844.2022.00045 2022

  11. [11]

    Sofia Celi, Alex Davidson, Steven Valdez, and Christopher A. Wood. RFC 9578: Privacy Pass Issuance Protocols.https://www.rfc-editor.org/rfc/rfc9578.html

    work page

  12. [12]

    Microsoft Outlook for Mac - Apple Community.https://discussions

    Apple Community. Microsoft Outlook for Mac - Apple Community.https://discussions. apple.com/thread/252714597?sortBy=rank

    work page arXiv

  13. [13]

    What is my "login" keychain password? My

    Apple Community. What is my "login" keychain password? My ... - Apple Community. https://discussions.apple.com/thread/254424961?sortBy=rank

    work page arXiv

  14. [14]

    Privacy pass: Bypassing internet challenges anonymously.Proceedings on Privacy Enhancing Technologies, 2018(3):164–180, 2018.doi:10.1515/popets-2018-0026

    Alexander Davidson. Privacy pass: Bypassing internet challenges anonymously.Proceedings on Privacy Enhancing Technologies, 2018(3):164–180, 2018.doi:10.1515/popets-2018-0026

    work page doi:10.1515/popets-2018-0026 2018

  15. [15]

    Ask Different. Transparent network proxy for Apple system services wants to use the "login" keychain - Ask Different.https://apple.stackexchange.com/questions/457623/transpa rent-network-proxy-for-apple-system-services-wants-to-use-the-login-key. 19

    work page

  16. [16]

    IT Leaders Share Cost of API Incidents, Concerns Over AI Threats | Kong Inc

    Kong Inc. IT Leaders Share Cost of API Incidents, Concerns Over AI Threats | Kong Inc. https://konghq.com/blog/enterprise/cost-of-api-security-incidents-2025

    work page 2025

  17. [17]

    Formal verification of privacy pass

    Kristiana Ivanova, Daniel Gardham, and Stephan Wesemeyer. Formal verification of privacy pass. Cryptology ePrint Archive, Paper 2025/2022, 2025. URL:https://eprint.iacr.org/ 2025/2022

    work page 2025

  18. [18]

    Advanced api security techniques and service management.International Journal of Emerging Research in Engineering and Technology, 3(4):63–74, Dec

    Sandeep Kumar Jangam, Nagireddy Karri, and Partha Sarathi Reddy Pedda Muntala. Advanced api security techniques and service management.International Journal of Emerging Research in Engineering and Technology, 3(4):63–74, Dec. 2022. URL:https://ijeret.org/index.p hp/ijeret/article/view/261,doi:10.63282/3050-922X.IJERET-V3I4P108

    work page doi:10.63282/3050-922x.ijeret-v3i4p108 2022

  19. [19]

    Reliable protection against session fixation attacks

    Martin Johns, Bastian Braun, Michael Schrank, and Joachim Posegga. Reliable protection against session fixation attacks. InProceedings of the 2011 ACM Symposium on Applied Computing, SAC ’11, page 1531–1537, New York, NY, USA, 2011. Association for Computing Machinery.doi:10.1145/1982185.1982511

    work page doi:10.1145/1982185.1982511 2011

  20. [20]

    Chris Karlof, Umesh Shankar, J. D. Tygar, and David Wagner. Dynamic pharming attacks and locked same-origin policies for web browsers. InProceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, page 58–71, New York, NY, USA, 2007. Association for Computing Machinery.doi:10.1145/1315245.1315254

    work page doi:10.1145/1315245.1315254 2007

  21. [21]

    (in-)security of cookies in https: Cookie theft by removing cookie flags.IEEE Transactions on Information Forensics and Security, 15:1204–1215, 2020.doi:10.1109/TIFS.2019.2938416

    Hyunsoo Kwon, Hyunjae Nam, Sangtae Lee, Changhee Hahn, and Junbeom Hur. (in-)security of cookies in https: Cookie theft by removing cookie flags.IEEE Transactions on Information Forensics and Security, 15:1204–1215, 2020.doi:10.1109/TIFS.2019.2938416

    work page doi:10.1109/tifs.2019.2938416 2020

  22. [22]

    OPENAI_API_KEY

    Albert John Lastima. I just searched “OPENAI_API_KEY” on GitHub and found thousands of exposed credentials. https://www.linkedin.com/posts/albert-maquiling-784612138 _cybersecurity-openai-apikeys-activity-7345806283880480769-G_DL/

    work page

  23. [23]

    Optimizing Leak Detection in Open-source Platforms with Machine Learning Techniques

    Sofiane Lounici, Marco Rosa, Carlo Maria Negri, Slim Trabelsi, and Melek Önen. Optimizing Leak Detection in Open-source Platforms with Machine Learning Techniques. InProceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP), pages 145–159. SCITEPRESS, 2021.doi:10.5220/0010238101450159

    work page doi:10.5220/0010238101450159 2021

  24. [24]

    Android’s sensitive data leakage detection based on api monitoring

    MengShanshan, Yang Xiaohui, Song Yubo, ZhuKelong, and Chen Fei. Android’s sensitive data leakage detection based on api monitoring. InInternational Conference on Cyberspace Technology (CCT 2014), pages 1–4, 2014.doi:10.1049/cp.2014.1340

    work page doi:10.1049/cp.2014.1340 2014

  25. [25]

    xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs - Krebs on Security

    Krebs on Security. xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs - Krebs on Security. https://krebsonsecurity.com/2025/05/xai-dev-leaks-api-key-for-private-space x-tesla-llms/

    work page 2025

  26. [26]

    API Reference - OpenAI API.https://platform.openai.com/docs/api-referen ce/authentication

    OpenAI. API Reference - OpenAI API.https://platform.openai.com/docs/api-referen ce/authentication

    work page

  27. [27]

    osy/AMFIExemption: Grant private entitlements to OSX aps.https://github.com/osy /AMFIExemption

    osy. osy/AMFIExemption: Grant private entitlements to OSX aps.https://github.com/osy /AMFIExemption

    work page

  28. [28]

    Tommy Pauly, Steven Valdez, and Christopher A. Wood. RFC 9577: The Privacy Pass HTTP Authentication Scheme.https://www.rfc-editor.org/rfc/rfc9577.html. 20

    work page

  29. [29]

    This keeps popping up how do i get rid of this: r/mac.https://www.reddit.com/r /mac/comments/zuqdzi/this_keeps_popping_up_how_do_i_get_rid_of_this/

    Reddit. This keeps popping up how do i get rid of this: r/mac.https://www.reddit.com/r /mac/comments/zuqdzi/this_keeps_popping_up_how_do_i_get_rid_of_this/

    work page

  30. [30]

    Private Cloud Compute: A new frontier for AI privacy in the cloud - Apple Security Research.https://security.apple.com/blog/private-cloud-compute/, 2024

    Apple Security Research. Private Cloud Compute: A new frontier for AI privacy in the cloud - Apple Security Research.https://security.apple.com/blog/private-cloud-compute/, 2024

    work page 2024

  31. [31]

    Private Cloud Compute Security Guide | Documentation.https: //security.apple.com/documentation/private-cloud-compute, 2024

    Apple Security Research. Private Cloud Compute Security Guide | Documentation.https: //security.apple.com/documentation/private-cloud-compute, 2024

    work page 2024

  32. [32]

    Secrets in Source Code: Reducing False Positives Using Machine Learning

    Aakanksha Saha, Tamara Denning, Vivek Srikumar, and Sneha Kumar Kasera. Secrets in Source Code: Reducing False Positives Using Machine Learning. InProceedings of the 2020 International Conference on COMmunication Systems & NETworkS (COMSNETS), pages 168–175. IEEE, 2020.doi:10.1109/COMSNETS48256.2020.9027350

    work page doi:10.1109/comsnets48256.2020.9027350 2020

  33. [33]

    Gps-based geolocation of consumer ip addresses

    James Saxon and Nick Feamster. Gps-based geolocation of consumer ip addresses. In Oliver Hohlfeld, Giovane Moura, and Cristel Pelsser, editors,Passive and Active Measurement, pages 122–151, Cham, 2022. Springer International Publishing.doi:10.1007/978-3-030-98785-5_6

    work page doi:10.1007/978-3-030-98785-5_6 2022

  34. [34]

    More guidelines than rules: Csrf vulnerabilities from noncompliant oauth 2.0 implementations

    Ethan Shernan, Henry Carter, Dave Tian, Patrick Traynor, and Kevin Butler. More guidelines than rules: Csrf vulnerabilities from noncompliant oauth 2.0 implementations. InProceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9148, DIMVA 2015, page 239–260, Berlin, Heidelberg, 2015. S...

    work page doi:10.1007/978-3-319-20550-2_13 2015

  35. [35]

    Detecting and Mitigating Secret-Key Leaks in Source Code Repositories

    Vibha Singhal Sinha, Diptikalyan Saha, Pankaj Dhoolia, Rohan Padhye, and Senthil Mani. Detecting and Mitigating Secret-Key Leaks in Source Code Repositories. InProceedings of the 12th Working Conference on Mining Software Repositories (MSR), pages 396–400. IEEE, 2015. doi:10.1109/MSR.2015.48

    work page doi:10.1109/msr.2015.48 2015

  36. [36]

    In Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26-27 May 2019, Montreal, Canada

    Vibha Singhal Sinha, Diptikalyan Saha, Pankaj Dhoolia, Rohan Padhye, and Senthil Mani. Detecting and mitigating secret-key leaks in source code repositories. In2015 IEEE/ACM 12th Working Conference on Mining Software Repositories, pages 396–400, 2015.doi:10.1109/MSR. 2015.48

    work page doi:10.1109/msr 2015

  37. [37]

    Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves.https://arxiv.org/abs/2510.09272, 2025.arXiv:2510.09272

    Moritz Steffin and Jiska Classen. Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves.https://arxiv.org/abs/2510.09272, 2025.arXiv:2510.09272

    work page arXiv 2025

  38. [38]

    Martin Thomson and Christopher A. Wood. RFC 9458: Oblivious HTTP.https://www.rf c-editor.org/rfc/rfc9458.html

    work page

  39. [39]

    Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services

    Rui Wang, Shuo Chen, and XiaoFeng Wang. Signing me onto your accounts through facebook and google: A traffic-guided security study of commercially deployed single-sign-on web services. In2012 IEEE Symposium on Security and Privacy, pages 365–379, 2012. doi: 10.1109/SP.2012.30

    work page doi:10.1109/sp.2012.30 2012

  40. [40]

    CVE Record: CVE-2017-7150.https://www.cve.org/CVERecord?id=CVE-2 017-7150

    Patrick Wardle. CVE Record: CVE-2017-7150.https://www.cve.org/CVERecord?id=CVE-2 017-7150

    work page 2017

  41. [41]

    How far are app secrets from being stolen? a case study on android.Empirical Softw

    Lili Wei, Heqing Huang, Shing-Chi Cheung, and Kevin Li. How far are app secrets from being stolen? a case study on android.Empirical Softw. Engg., 30(3), April 2025. doi: 10.1007/s10664-024-10607-9. 21

    work page doi:10.1007/s10664-024-10607-9 2025

  42. [42]

    SecretHunter: A Large-scale Secret Scanner for Public Git Repositories

    Elliott Wen, Jia Wang, and Jens Dietrich. SecretHunter: A Large-scale Secret Scanner for Public Git Repositories. InProceedings of the 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 123–130. IEEE, 2022.doi:10.1109/TrustCom56396.2022.00028

    work page doi:10.1109/trustcom56396.2022.00028 2022

  43. [43]

    Cosmological Aspects of Higgs Vacuum Metastability ,

    Haohuang Wen, Juanru Li, Yuanyuan Zhang, and Dawu Gu. An empirical study of sdk credential misuse in ios apps. In2018 25th Asia-Pacific Software Engineering Conference (APSEC), pages 258–267, 2018.doi:10.1109/APSEC.2018.00040

    work page doi:10.1109/apsec.2018.00040 2018

  44. [44]

    Apress, Berkeley, CA, 2023

    Yvonne Wilson and Abhishek Hingnikar.Logout, pages 219–231. Apress, Berkeley, CA, 2023. doi:10.1007/978-1-4842-8261-8_13

    work page doi:10.1007/978-1-4842-8261-8_13 2023

  45. [45]

    The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps

    Jiale Zhang, Yue Zhang, Yuqing Yang, and Zhiqiang Lin. The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps. InProceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, 2025. The Internet Society

    work page 2025

  46. [46]

    Don’t Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs

    Yue Zhang, Yuqing Yang, and Zhiqiang Lin. Don’t Leak Your Keys: Understanding, Measuring, and Exploiting the AppSecret Leaks in Mini-Programs. InProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, CCS ’23, page 2411–2425, Copenhagen, Denmark, 2023. Association for Computing Machinery.doi:10.1145/3576915.3616591

    work page doi:10.1145/3576915.3616591 2023

  47. [47]

    In: Proceedings of the 2nd International Workshop on Software Health

    Chaoshun Zuo, Zhiqiang Lin, and Yinqian Zhang. Why Does Your Data Leak? Uncovering the Data Leakage in Cloud from Mobile Apps. In2019 IEEE Symposium on Security and Privacy (SP), pages 1296–1310, San Francisco, CA, 2019.doi:10.1109/SP.2019.00009

    work page doi:10.1109/sp.2019.00009 2019

  48. [48]

    Atomic Stealer: Dissecting 2024’s Most Notorious macOS Infostealer

    Sıla Özeren Hacıoğlu. Atomic Stealer: Dissecting 2024’s Most Notorious macOS Infostealer. https://www.picussecurity.com/resource/blog/atomic-stealer-amos-macos-threa t-analysis. 22

    work page 2024