{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T09:35:38Z","timestamp":1743068138587,"version":"3.40.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031490989"},{"type":"electronic","value":"9783031490996"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-49099-6_1","type":"book-chapter","created":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T06:02:34Z","timestamp":1702015354000},"page":"3-22","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Security Analysis of\u00a0Password Managers on\u00a0Android"],"prefix":"10.1007","author":[{"given":"Abhyudaya","family":"Sharma","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sweta","family":"Mishra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,12,9]]},"reference":[{"issue":"12","key":"1_CR1","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"A Adams","year":"1999","unstructured":"Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40\u201346 (1999)","journal-title":"Commun. ACM"},{"key":"1_CR2","unstructured":"Android Developers: Application fundamentals (2021). https:\/\/developer.android.com\/guide\/components\/fundamentals. Accessed 10 Feb 2021"},{"key":"1_CR3","unstructured":"Android Developers: Autofill framework (2021). https:\/\/developer.android.com\/guide\/topics\/text\/autofill. Accessed 18 March 2021"},{"key":"1_CR4","unstructured":"Android Developers: Android keystore system (2022). https:\/\/developer.android.com\/training\/articles\/keystore. Accessed 14 Jan 2022"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Aonzo, S., Merlo, A., Tavella, G., Fratantonio, Y.: Phishing attacks on modern android. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1788\u20131801. Association for Computing Machinery, New York (2018)","DOI":"10.1145\/3243734.3243778"},{"key":"1_CR6","unstructured":"Bakry, T.H., Mysk, T.: Popular iPhone and iPad apps snooping on the pasteboard (2020)"},{"key":"1_CR7","unstructured":"Bitwarden Inc.: How Bitwarden Works (2021). https:\/\/bitwarden.com\/products\/#how-bitwarden-works. Accessed 13 March 2021"},{"key":"1_CR8","unstructured":"Broida, R.: Need a LastPass alternative? This is the best free password manager we\u2019ve found (2021). https:\/\/www.cnet.com\/news\/need-a-lastpass-alternative-bitwarden-is-the-best-free-password-manager-we-found-2021\/. Accessed 2 Apr 2021"},{"key":"1_CR9","unstructured":"Business Wire Inc.: Bitwarden Selected as Best Password Manager by US News & World Report (2021). https:\/\/www.businesswire.com\/news\/home\/20210113005308\/en\/. Accessed 2 Apr 2021"},{"key":"1_CR10","unstructured":"CSID: Consumer survey: Password habits (2012). https:\/\/www.csid.com\/wp-content\/uploads\/2012\/09\/CS_PasswordSurvey_FullReport_FINAL.pdf. Accessed 10 Mar 2021"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: Network and Distributed System Security Symposium (2014)","DOI":"10.14722\/ndss.2014.23357"},{"key":"1_CR12","unstructured":"Dashlane Inc.: Dashlane security white paper (2020). https:\/\/www.dashlane.com\/download\/Dashlane_SecurityWhitePaper_November2020.pdf. Accessed 12 Mar 2021"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-39884-1_12","volume-title":"Financial Cryptography and Data Security","author":"S Fahl","year":"2013","unstructured":"Fahl, S., Harbach, M., Oltrogge, M., Muders, T., Smith, M.: Hey, you, get off of my clipboard. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 144\u2013161. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39884-1_12"},{"key":"1_CR14","unstructured":"Flor\u00eancio, D., Herley, C., van Oorschot, P.C.: An administrator\u2019s guide to internet password research. In: 28th Large Installation System Administration Conference (LISA14), pp. 44\u201361. USENIX Association, Seattle (2014)"},{"key":"1_CR15","unstructured":"Garc\u00eda, D.: bitwarden_rs: Unofficial Bitwarden compatible server written in Rust (2021). https:\/\/github.com\/dani-garcia\/bitwarden_rs. Accessed 14 Apr 2021"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"770","DOI":"10.1007\/978-3-642-33167-1_44","volume-title":"Computer Security \u2013 ESORICS 2012","author":"P Gasti","year":"2012","unstructured":"Gasti, P., Rasmussen, K.B.: On the security of password manager database formats. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 770\u2013787. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33167-1_44"},{"key":"1_CR17","unstructured":"Habib, H., et al.: User behaviors and attitudes under password expiration policies. In: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pp. 13\u201330. USENIX Association, Baltimore (2018)"},{"key":"1_CR18","unstructured":"Henry, A., Fitzpatrick, J., Hesse, B.: The Best Password Managers (2019). https:\/\/lifehacker.com\/the-five-best-password-managers-5529133. Accessed 12 Apr 2021"},{"key":"1_CR19","unstructured":"Kuketz, M.: Wie tracking in apps die sicherheit und den datenschutz unn\u00f6tig gef\u00e4hrdet (2021). https:\/\/www.kuketz-blog.de\/wie-tracking-in-apps-die-sicherheit-und-den-datenschutz-unnoetig-gefaehrdet. Accessed 10 Mar 2021"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Li, Z., He, W., Akhawe, D., Song, D.: The emperor\u2019s new password manager: security analysis of web-based password managers. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 465\u2013479. USENIX Association, USA (2014)","DOI":"10.21236\/ADA614474"},{"key":"1_CR21","unstructured":"LogMeIn Inc.: Enterprise Security Model\u2014LastPass (2021). https:\/\/www.lastpass.com\/enterprise\/security. Accessed 17 Feb 2021"},{"key":"1_CR22","unstructured":"Melicher, W., et al.: Fast, lean, and accurate: modeling password guessability using neural networks. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 175\u2013191. USENIX Association, Austin (2016)"},{"key":"1_CR23","unstructured":"Microsoft Inc.: Xamarin documentation - Xamarin\u2014Microsoft Docs (2021). https:\/\/docs.microsoft.com\/en-us\/xamarin\/. Accessed 4 Apr 2021"},{"key":"1_CR24","unstructured":"Munroe, R.: Password strength (2011). https:\/\/xkcd.com\/936. Accessed 3 Mar 2021"},{"key":"1_CR25","unstructured":"Oberlo: What percentage of internet traffic is mobile? (2021). https:\/\/www.oberlo.com\/statistics\/mobile-internet-traffic. Accessed 10 Apr 2021"},{"key":"1_CR26","unstructured":"Oesch, S., Ruoti, S.: That was then, this is now: a security evaluation of password generation, storage, and autofill in browser-based password managers. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2165\u20132182. USENIX Association (2020)"},{"key":"1_CR27","unstructured":"Ormandy, T.: Issue 1930: lastpass: bypassing do_popupregister() leaks credentials from previous site (2019). https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1930. Accessed 15 Apr 2021"},{"key":"1_CR28","unstructured":"Pearman, S., Zhang, S.A., Bauer, L., Christin, N., Cranor, L.F.: Why people (don\u2019t) use password managers effectively. In: Fifteenth Symposium On Usable Privacy and Security (SOUPS 2019), pp. 319\u2013338. USENIX Association, Santa Clara (2019)"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Pearson, K.: X. on the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling. London Edinburgh Dublin Philos. Mag. J. Sci. 50(302), 157\u2013175 (1900)","DOI":"10.1080\/14786440009463897"},{"key":"1_CR30","unstructured":"Pittman, J.M., Robinson, N.: Shades of perception- user factors in identifying password strength (2020)"},{"issue":"9","key":"1_CR31","doi-asserted-by":"publisher","first-page":"2013","DOI":"10.1109\/TIFS.2017.2691658","volume":"12","author":"A Roy","year":"2017","unstructured":"Roy, A., Memon, N., Ross, A.: MasterPrint: exploring the vulnerability of partial fingerprint-based authentication systems. IEEE Trans. Inf. Forensics Secur. 12(9), 2013\u20132025 (2017)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Seiler-Hwang, S., Arias-Cabarcos, P., Mar\u00edn, A., Almenares, F., D\u00edaz-S\u00e1nchez, D., Becker, C.: \u201cI don\u2019t see why i would ever want to use it\u201d: analyzing the usability of popular smartphone password managers. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 1937\u20131953. Association for Computing Machinery, New York (2019)","DOI":"10.1145\/3319535.3354192"},{"key":"1_CR33","unstructured":"Silver, D., Jana, S., Boneh, D., Chen, E., Jackson, C.: Password managers: attacks and defenses. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 449\u2013464. USENIX Association, San Diego (2014)"},{"key":"1_CR34","unstructured":"Statcounter: Mobile Operating System Market Share Worldwide (2022). https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide. Accessed 5 Aug 2022"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Stock, B., Johns, M.: Protecting users against XSS-based password manager abuse. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014, pp. 183\u2013194. Association for Computing Machinery, New York (2014)","DOI":"10.1145\/2590296.2590336"},{"key":"1_CR36","unstructured":"Wheeler, D.L.: zxcvbn: low-budget password strength estimation. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 157\u2013173. USENIX Association, Austin (2016)"},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/978-3-319-08509-8_5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"X Zhang","year":"2014","unstructured":"Zhang, X., Du, W.: Attacks on android clipboard. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 72\u201391. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08509-8_5"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-49099-6_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,8]],"date-time":"2023-12-08T06:03:15Z","timestamp":1702015395000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-49099-6_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031490989","9783031490996"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-49099-6_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"9 December 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"All vulnerabilities and issues have been responsibly disclosed to the developers of the password managers. We hope that these issues will be resolved soon and help improve the security of password managers.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure"}},{"value":"ICISS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Systems Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Raipur","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iciss2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/iciss.isrdc.in\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}