The rising popularity of mini-programs deployed on super-app platforms has drawn significant attention due to their convenience. However, developers’ improper handling of data permission application in mini-programs has raised concerns about non-compliance and violations. Unfortunately, existing tools lack the capability to support the construction of a universal function call graph for the mini-program and the literature lacks a comprehensive and systematic study of the abusive issues. To bridge this gap, this paper introduces an automated tool, MiniChecker, to uncover the abusive permission request behavior in mini-programs. It defines five primary categories of abusive issues, namely homepage pop-up, overlaying pop-up, bothering pop-up, repeating pop-up, and looping pop-up, based on the request behavior features. MiniChecker achieves a detection precision rate of 82.4% and a recall rate of 95.3% on our benchmark, and identifies 3,866 risky mini-programs out of 20,000 real-world mini-programs. Our analysis reveals inherent design flaws in the mini-program permission mechanism, and we have shared our findings with several mini-program platforms.