{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:43:12Z","timestamp":1742913792061,"version":"3.40.3"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030900212"},{"type":"electronic","value":"9783030900229"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-90022-9_5","type":"book-chapter","created":{"date-parts":[[2021,11,3]],"date-time":"2021-11-03T08:06:08Z","timestamp":1635926768000},"page":"79-98","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["An Empirical Study on Mobile Payment Credential Leaks and Their Exploits"],"prefix":"10.1007","author":[{"given":"Shangcheng","family":"Shi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xianbo","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kyle","family":"Zeng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ronghai","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wing Cheong","family":"Lau","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,11,4]]},"reference":[{"key":"5_CR1","unstructured":"Anzhi: Anzhi App Market (2021). http:\/\/www.anzhi.com"},{"key":"5_CR2","unstructured":"Apkpure: Apkpure App Market (2021). https:\/\/apkpure.com"},{"key":"5_CR3","unstructured":"Ayrey, D.: trufflehog (2021). https:\/\/github.com\/dxa4481\/truffleHog"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Chen, T., Guestrin, C.: Xgboost: a scalable tree boosting system. In: ACM SIGKDD 2016 (2016)","DOI":"10.1145\/2939672.2939785"},{"key":"5_CR5","unstructured":"Chen, Y., et al.: Devils in the guidance: predicting logic vulnerabilities in payment syndication services through automated documentation analysis. In: USENIX Security 2019 (2019)"},{"key":"5_CR6","doi-asserted-by":"crossref","unstructured":"Dong, S., et al.: Understanding android obfuscation techniques: a large-scale investigation in the wild. In: EAI SecureComm 2018 (2018)","DOI":"10.1007\/978-3-030-01701-9_10"},{"key":"5_CR7","unstructured":"eth0izzle: shhgit: find github secrets in real time (2021). https:\/\/github.com\/eth0izzle\/shhgit"},{"key":"5_CR8","unstructured":"GitHub: Github Search API (2021). https:\/\/developer.github.com\/v3\/search"},{"key":"5_CR9","unstructured":"Google: Google BigQuery (2021). https:\/\/cloud.google.com\/bigquery"},{"key":"5_CR10","unstructured":"Kumar, R., Kishore, S., Lu, H., Prakash, A.: Security analysis of unified payments interface and payment apps in India. In: USENIX Security 2020 (2020)"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Meli, M., McNiece, M.R., Reaves, B.: How bad can it git? characterizing secret leakage in public github repositories. In: NDSS 2019 (2019)","DOI":"10.14722\/ndss.2019.23418"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Mulliner, C., Robertson, W., Kirda, E.: Virtualswindle: an automated attack against in-app billing on android. In: ACM ASIACCS 2014 (2014)","DOI":"10.1145\/2590296.2590335"},{"key":"5_CR13","unstructured":"Openwall: John the Ripper (2021). https:\/\/www.openwall.com\/john"},{"key":"5_CR14","unstructured":"Reaves, B., Scaife, N., Bates, A., Traynor, P., Butler, K.R.: Mo(bile) money, mo(bile) problems: analysis of branchless banking applications in the developing world. In: USENIX Security 2015 (2015)"},{"key":"5_CR15","unstructured":"Rice, Z.: Gitleaks: Audit git repos for secrets (2021). https:\/\/github.com\/zricethezav\/gitleaks"},{"key":"5_CR16","unstructured":"Savvy, M.: Amazing stats demonstrating the unstoppable rise of mobile payments globally (2020). https:\/\/www.merchantsavvy.co.uk\/mobile-payment-stats-trends"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Shi, S., Wang, X., Lau, W.C.: MoSSOT: an automated blackbox tester for single sign-on vulnerabilities in mobile applications. In: ACM ASIACCS 2019 (2019)","DOI":"10.1145\/3321705.3329801"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Sun, F., Xu, L., Su, Z.: Detecting logic vulnerabilities in e-commerce applications. In: NDSS 2014 (2014)","DOI":"10.14722\/ndss.2014.23351"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Viennot, N., Garcia, E., Nieh, J.: A measurement study of google play categories and subject descriptors. In: ACM SIGMETRICS 2014 (2014)","DOI":"10.1145\/2591971.2592003"},{"key":"5_CR20","unstructured":"Wandoujia: Wandoujia App Market (2021). https:\/\/www.wandoujia.com"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Wang, R., Chen, S., Wang, X.F., Qadeer, S.: How to shop for free online security analysis of cashier-as-a-service based web stores. In: IEEE S&P 2011 (2011)","DOI":"10.1109\/SP.2011.26"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Wen, H., Li, J., Zhang, Y., Gu, D.: An empirical study of SDK credential misuse in iOS apps. In: APSEC 2018 (2018)","DOI":"10.1109\/APSEC.2018.00040"},{"key":"5_CR23","unstructured":"Wikipedia: Client Certificate (2021). https:\/\/en.wikipedia.org\/wiki\/client_certificate"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Yang, R., Lau, W.C., Shi, S.: Breaking and fixing mobile app authentication with OAuth2.0-based protocols. In: ACNS 2017 (2017)","DOI":"10.1007\/978-3-319-61204-1_16"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Yang, W., et al.: Show me the money! finding flawed implementations of third-party in-app payment in android apps. In: NDSS 2017 (2017)","DOI":"10.14722\/ndss.2017.23091"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Wu, L., Wang, Z., Jiang, X.: Harvesting developer credentials in android apps. In: ACM WiSec 2015 (2015)","DOI":"10.1145\/2766498.2766499"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Zuo, C., Lin, Z., Zhang, Y.: Why does your data leak? uncovering the data leakage in cloud from mobile apps. In: IEEE S&P 2018 (2018)","DOI":"10.1109\/SP.2019.00009"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-90022-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,3]],"date-time":"2021-11-03T08:07:37Z","timestamp":1635926857000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-90022-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030900212","9783030900229"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-90022-9_5","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"4 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SecureComm","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security and Privacy in Communication Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 September 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"securecomm2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/securecomm.eai-conferences.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"143","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"56","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}