Skip to content

MiniApp Security Model

Non-negotiables

  • All money movement requires a native confirmation sheet.
  • Miniapps are capability-based and default-deny.
  • Authenticated network traffic is proxied via Emali 2.0 for auditing.
  • Miniapp bundles are signed; the super-app verifies integrity before execution.

Threats Addressed

  • Token exfiltration
  • Phishing inside WebView
  • Partner supply chain compromise
  • API abuse and repudiation