{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:39:19Z","timestamp":1742913559691,"version":"3.40.3"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031477478"},{"type":"electronic","value":"9783031477485"}],"license":[{"start":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T00:00:00Z","timestamp":1699401600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T00:00:00Z","timestamp":1699401600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-47748-5_11","type":"book-chapter","created":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T00:04:15Z","timestamp":1699401855000},"page":"185-203","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Mobile App Distribution Transparency (MADT): Design and\u00a0Evaluation of\u00a0a\u00a0System to\u00a0Mitigate Necessary Trust in\u00a0Mobile App Distribution Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1713-3347","authenticated-orcid":false,"given":"Mario","family":"Lins","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1566-4646","authenticated-orcid":false,"given":"Ren\u00e9","family":"Mayrhofer","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4675-0539","authenticated-orcid":false,"given":"Michael","family":"Roland","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0818-6535","authenticated-orcid":false,"given":"Alastair R.","family":"Beresford","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,8]]},"reference":[{"key":"11_CR1","unstructured":"Aryan, S., Aryan, H., Halderman, J.A.: Internet censorship in Iran: a first look. In: 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI 2013), Washington, DC, USA. USENIX Association (2013). https:\/\/www.usenix.org\/conference\/foci13\/workshop-program\/presentation\/aryan"},{"key":"11_CR2","doi-asserted-by":"publisher","unstructured":"Barrera, D., McCarney, D., Clark, J., van Oorschot, P.C.: Baton: certificate agility for android\u2019s decentralized signing infrastructure. In: WiSec 2014: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks, Oxford, United Kingdom, pp. 1\u201312. ACM (2014). https:\/\/doi.org\/10.1145\/2627393.2627397","DOI":"10.1145\/2627393.2627397"},{"key":"11_CR3","doi-asserted-by":"publisher","unstructured":"Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: CCS 2014: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, pp. 382\u2013393. ACM (2014). https:\/\/doi.org\/10.1145\/2660267.2660298","DOI":"10.1145\/2660267.2660298"},{"key":"11_CR4","unstructured":"Chacon, S., Straub, B.: Pro Git, 2nd edn. Apress, Berkeley (2022). https:\/\/git-scm.com\/book\/en\/v2"},{"key":"11_CR5","doi-asserted-by":"publisher","unstructured":"Coufal\u00eckov\u00e1, A., Klaban, I., \u0160lajs, T.: Complex strategy against supply chain attacks. In: 2021 International Conference on Military Technologies (ICMT), Brno, Czech Republic, pp. 1\u20135. IEEE (2021). https:\/\/doi.org\/10.1109\/ICMT52455.2021.9502768","DOI":"10.1109\/ICMT52455.2021.9502768"},{"key":"11_CR6","unstructured":"Cutter, A., Drysdale, D.: Trillian Personalities (2022). https:\/\/github.com\/google\/trillian\/blob\/05001d1876f9340e42ba8b839c94e1b79246207b\/docs\/Personalities.md"},{"issue":"5","key":"11_CR7","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1109\/MCSE.2017.3421554","volume":"19","author":"M Di Pierro","year":"2017","unstructured":"Di Pierro, M.: What is the blockchain? Comput. Sci. Eng. 19(5), 92\u201395 (2017). https:\/\/doi.org\/10.1109\/MCSE.2017.3421554","journal-title":"Comput. Sci. Eng."},{"key":"11_CR8","unstructured":"Eijdenberg, A., Laurie, B., Cutter, A.: Verifiable data structures (2015). https:\/\/github.com\/google\/trillian\/blob\/30160804ab5203cde4412fe26f55a4149112bd92\/docs\/papers\/VerifiableDataStructures.pdf"},{"key":"11_CR9","unstructured":"F-Droid: Docs - F-Droid - Free and Open Source Android App Repository (2023). https:\/\/f-droid.org\/docs\/. Accessed 23 Jan 2023"},{"key":"11_CR10","unstructured":"Google: Certificate Transparency (2023). https:\/\/certificate.transparency.dev\/. Accessed 23 Jan 2023"},{"key":"11_CR11","unstructured":"Google: How Log Proofs Work - Certificate Transparency (2023). https:\/\/sites.google.com\/site\/certificatetransparency\/log-proofs-work. Accessed 23 Jan 2023"},{"key":"11_CR12","unstructured":"Google: Use Play App Signing - Play Console Help (2023). https:\/\/support.google.com\/googleplay\/android-developer\/answer\/9842756. Accessed 12 Jan 2023"},{"key":"11_CR13","unstructured":"Herr, T., Loomis, W., Scott, S., Lee, J., Schroeder, E.: Breaking Trust - Shades of Crisis Across an Insecure Software Supply Chain (2021). https:\/\/www.usenix.org\/conference\/enigma2021\/presentation\/herr"},{"key":"11_CR14","unstructured":"Kumar, R., Virkud, A., Raman, R.S., Prakash, A., Ensafi, R.: A large-scale investigation into geodifferences in mobile apps. In: Proceedings of the 31st USENIX Security Symposium (USENIX Security 2022), Boston, MA, USA, pp. 1203\u20131220. USENIX Association (2022). www.usenix.org\/conference\/usenixsecurity22\/presentation\/kumar"},{"key":"11_CR15","doi-asserted-by":"publisher","unstructured":"Laurie, B., Langley, A., Kasper, E.: RFC 6962: Certificate Transparency (2013). https:\/\/doi.org\/10.17487\/RFC6962","DOI":"10.17487\/RFC6962"},{"key":"11_CR16","doi-asserted-by":"publisher","unstructured":"Laurie, B., Messeri, E., Stradling, R.: RFC 9162: Certificate Transparency Version 2.0 (2021). https:\/\/doi.org\/10.17487\/RFC9162","DOI":"10.17487\/RFC9162"},{"issue":"3","key":"11_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3448609","volume":"24","author":"R Mayrhofer","year":"2021","unstructured":"Mayrhofer, R., Stoep, J.V., Brubaker, C., Kralevich, N.: The Android platform security model. ACM Trans. Priv. Secur. 24(3), 1\u201335 (2021). https:\/\/doi.org\/10.1145\/3448609","journal-title":"ACM Trans. Priv. Secur."},{"key":"11_CR18","doi-asserted-by":"publisher","unstructured":"Meiklejohn, S., et al.: Think global, act local: gossip and client audits in verifiable data structures. Computing Research Repository (CoRR) (2020). arXiv:2011.04551. https:\/\/doi.org\/10.48550\/ARXIV.2011.04551","DOI":"10.48550\/ARXIV.2011.04551"},{"key":"11_CR19","unstructured":"Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: bringing key transparency to end users. In: Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015), Washington, DC, USA, pp. 383\u2013398. USENIX Association (2015). https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/melara"},{"key":"11_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/3-540-48184-2_32","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201987","author":"RC Merkle","year":"1988","unstructured":"Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369\u2013378. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/3-540-48184-2_32"},{"key":"11_CR21","unstructured":"Mozilla: Certificate Transparency (2023). https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/Security\/Certificate_Transparency. Accessed 23 Jan 2023"},{"key":"11_CR22","unstructured":"Nicas, J., Zhong, R., Wakabayashi, D.: Censorship, surveillance and profits: a hard bargain for Apple in China. The New York Times (2021). https:\/\/www.nytimes.com\/2021\/05\/17\/technology\/apple-china-censorship-data.html. Accessed 23 Jan 2023"},{"key":"11_CR23","unstructured":"Nikitin, K., et al.: CHAINIAC: proactive software-update transparency via collectively signed skipchains and verified builds. In: Proceedings of the 26th USENIX Security Symposium (USENIX Security 2017), Vancouver, BC, Canada, pp. 1271\u20131287. USENIX Association (2017). www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/nikitin"},{"key":"11_CR24","unstructured":"Nordberg, L., Gillmor, D.K., Ritter, T.: Gossiping in CT. Internet-Draft draft-ietf-trans-gossip-05, Internet Engineering Task Force (2018). https:\/\/datatracker.ietf.org\/doc\/draft-ietf-trans-gossip\/05\/. Work in Progress"},{"key":"11_CR25","unstructured":"Steiner, H.C.: Binary Transparency Log for https:\/\/guardianproject.info\/fdroid (2023). https:\/\/github.com\/guardianproject\/binary_transparency_log. Accessed 23 Jan 2023"},{"key":"11_CR26","doi-asserted-by":"publisher","unstructured":"Syta, E., et al.: Keeping authorities \u201chonest or bust\u201d with decentralized witness cosigning. In: 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, pp. 526\u2013545. IEEE (2016). https:\/\/doi.org\/10.1109\/SP.2016.38","DOI":"10.1109\/SP.2016.38"},{"key":"11_CR27","unstructured":"The MITRE Corporation: Supply Chain Compromise (2023). https:\/\/attack.mitre.org\/techniques\/T1195\/. Accessed 23 Jan 2023"},{"key":"11_CR28","unstructured":"The Tor Project: Tor Project - Anonymity Online (2023). https:\/\/www.torproject.org\/. Accessed 07 Feb 2023"}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-47748-5_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T00:06:13Z","timestamp":1699401973000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-47748-5_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,8]]},"ISBN":["9783031477478","9783031477485"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-47748-5_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023,11,8]]},"assertion":[{"value":"8 November 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 November 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/uni.oslomet.no\/nordsec2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EquinOCS","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"55","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}