{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T00:14:04Z","timestamp":1743034444558,"version":"3.40.3"},"publisher-location":"Cham","reference-count":66,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031514814"},{"type":"electronic","value":"9783031514821"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51482-1_13","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T06:02:47Z","timestamp":1704866567000},"page":"250-270","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["On the\u00a0(In)Security of\u00a0Manufacturer-Provided Remote Attestation Frameworks in\u00a0Android"],"prefix":"10.1007","author":[{"given":"Ziyi","family":"Zhou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xuangan","family":"Xiao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tianxiao","family":"Hou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yikun","family":"Hu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dawu","family":"Gu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"13_CR1","doi-asserted-by":"crossref","unstructured":"Tian, Y., Chen, E., Ma, X., et al.: Swords and shields: a study of mobile game hacks and existing defenses. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 386\u2013397 (2016)","DOI":"10.1145\/2991079.2991119"},{"key":"13_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-030-88418-5_15","volume-title":"Computer Security \u2013 ESORICS 2021","author":"P Karkallis","year":"2021","unstructured":"Karkallis, P., Blasco, J., Suarez-Tangil, G., Pastrana, S.: Detecting video-game injectors exchanged in game cheating communities. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12972, pp. 305\u2013324. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-88418-5_15"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Nguyen-Vu, L., Chau, N.T., Kang, S., et al.: Android rooting: an arms race between evasion and detection. Secur. Commun. Netw. 2017 (2017)","DOI":"10.1155\/2017\/4121765"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Chen, S., Fan, L., Meng, G., et al.: An empirical assessment of security risks of global android banking apps. In: Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering, pp. 1310\u20131322 (2020)","DOI":"10.1145\/3377811.3380417"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Sun, S., Yu, L., Zhang, X., et al.: Understanding and detecting mobile ad fraud through the lens of invalid traffic. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 287\u2013303 (2021)","DOI":"10.1145\/3460120.3484547"},{"issue":"4","key":"13_CR6","doi-asserted-by":"publisher","first-page":"676","DOI":"10.1109\/TSE.2019.2901679","volume":"47","author":"L Li","year":"2019","unstructured":"Li, L., Bissyand\u00e9, T.F., Klein, J.: Rebooting research on detecting repackaged android apps: Literature review and benchmark. IEEE Trans. Software Eng. 47(4), 676\u2013693 (2019)","journal-title":"IEEE Trans. Software Eng."},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Song, W., Ming, J., Jiang, L., et al.: App\u2019s auto-login function security testing via android OS-level virtualization. In: 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), pp. 1683\u20131694. IEEE (2021)","DOI":"10.1109\/ICSE43902.2021.00149"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Xue, L., Zhou, H., Luo, X., et al.: Happer: unpacking Android apps via a hardware-assisted approach. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1641\u20131658. IEEE (2021)","DOI":"10.1109\/SP40001.2021.00105"},{"key":"13_CR9","unstructured":"Pok\u00e9mon GO. https:\/\/play.google.com\/store\/apps\/details?id=com.nianticlabs.Pokemongo &hl=en_US. Accessed 14 May 2023"},{"key":"13_CR10","unstructured":"Pok\u00e9mon Go hits \\$6 billion in player spending. https:\/\/play.google.com\/store\/apps\/details?id=com.nianticlabs.Pokemongo &hl=en_US. Accessed 14 May 2023"},{"key":"13_CR11","unstructured":"Pok\u00e9mon Go Revenue and Usage Statistics (2023). https:\/\/www.businessofapps.com\/data\/pokemon-go-statistics\/. Accessed 14 May 2023"},{"key":"13_CR12","unstructured":"Android - Google Mobile Services. https:\/\/www.android.com\/gms\/. Accessed 14 May 2023"},{"key":"13_CR13","unstructured":"Fake GPS Location Spoofer. https:\/\/play.google.com\/store\/apps\/details?id=com.incorporateapps.fakegps.fre. Accessed 14 May 2023"},{"key":"13_CR14","unstructured":"HMS Core. https:\/\/developer.huawei.com\/consumer\/en\/hms\/. Accessed 14 May 2023"},{"key":"13_CR15","unstructured":"Mobile Application Distribution Agreement (Android). https:\/\/www.sec.gov\/Archives\/edgar\/containers\/fix380\/1495569\/000119312510271362\/dex1012.htm. Accessed 14 May 2023"},{"key":"13_CR16","unstructured":"HMS Core (APK) Preloading Guide: Ecosystem Cooperation. https:\/\/developer.huawei.com\/consumer\/en\/doc\/development\/hmscore-common-Guides\/overview-0000001222509146. Accessed 14 May 2023"},{"key":"13_CR17","unstructured":"Google Play Store. https:\/\/apkpure.com\/google-play-store\/com.android.vending. Accessed 14 May 2023"},{"key":"13_CR18","unstructured":"YouTube. https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.youtube. Accessed 14 May 2023"},{"key":"13_CR19","unstructured":"HUAWEI Wallet. https:\/\/consumer.huawei.com\/en\/mobileservices\/wallet\/. Accessed 14 May 2023"},{"key":"13_CR20","unstructured":"HUAWEI Health. https:\/\/consumer.huawei.com\/en\/mobileservices\/health\/. Accessed 14 May 2023"},{"key":"13_CR21","unstructured":"HMS Core 5.0 launched for the global developers. https:\/\/www.huaweicentral.com\/hms-core-5-0-launched-for-the-global-developers-comes-with-7-new-kits-and-services\/. Accessed 14 May 2023"},{"key":"13_CR22","unstructured":"Google I\/O 2023: What\u2019s new in Google Play. https:\/\/io.google\/2023\/program\/9019266d-186c-4a61-9cc5-b1c665eb40fb\/. Accessed 21 May 2023"},{"key":"13_CR23","unstructured":"Verifying hardware-backed key pairs with Key Attestation. https:\/\/developer.android.com\/training\/articles\/security-key-attestation. Accessed 14 May 2023"},{"key":"13_CR24","unstructured":"Protect against security threats with SafetyNet. https:\/\/developer.android.com\/training\/safetynet. Accessed 14 May 2023"},{"key":"13_CR25","unstructured":"Safety Detect. https:\/\/developer.huawei.com\/consumer\/en\/hms\/huawei-safetydetectkit\/. Accessed 14 May 2023"},{"key":"13_CR26","unstructured":"Mulliner, C., Kozyrakis, J.: Inside Android\u2019s SafetyNet Attestation. Black Hat EU (2017)"},{"key":"13_CR27","unstructured":"Thomas, R.: DroidGuard: a deep dive into SafetyNet. Black Hat Asia (2022)"},{"key":"13_CR28","unstructured":"Examining the value of SafetyNet Attestation as an Application Integrity Security Control. https:\/\/census-labs.com\/news\/2017\/11\/17\/examining-the-value-of-safetynet-attestation-as-an-application-integrity-security-control\/. Accessed 14 May 2023"},{"key":"13_CR29","unstructured":"How I discovered an easter egg in Android\u2019s security and didn\u2019t land a job at Google. https:\/\/habr.com\/en\/articles\/446790\/. Accessed 14 May 2023"},{"key":"13_CR30","unstructured":"RFC 9334: Remote ATtestation procedureS (RATS) Architecture. https:\/\/datatracker.ietf.org\/doc\/rfc9334\/. Accessed 14 May 2023"},{"key":"13_CR31","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/s10207-011-0124-7","volume":"10","author":"G Coker","year":"2011","unstructured":"Coker, G., Guttman, J., Loscocco, P., et al.: Principles of remote attestation. Int. J. Inf. Secur. 10, 63\u201381 (2011)","journal-title":"Int. J. Inf. Secur."},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Ibrahim, M., Imran, A., Bianchi, A.: SafetyNOT: on the usage of the SafetyNet attestation API in Android. In: Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services, pp. 150\u2013162 (2021)","DOI":"10.1145\/3458864.3466627"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Aldoseri, A., Chothia, T., Moreira-Sanchez, J., et al.: Symbolic modelling of remote attestation protocols for device and app integrity on android. In: 18th ACM ASIA Conference on Computer and Communications Security. Association for Computing Machinery (ACM) (2023)","DOI":"10.1145\/3579856.3582812"},{"key":"13_CR34","doi-asserted-by":"crossref","unstructured":"Duan, Y., Zhang, M., Bhaskar, A.V., et al.: Things you may not know about android (un) packers: a systematic study based on whole-system emulation. In: NDSS (2018)","DOI":"10.14722\/ndss.2018.23296"},{"key":"13_CR35","unstructured":"CNCERT\/CC: National Computer Network Emergency Response Technical Team\/Coordination Center of China. https:\/\/www.cert.org.cn\/publish\/english\/index.html. Accessed 14 May 2023"},{"key":"13_CR36","unstructured":"Google Bug Hunters. https:\/\/bughunters.google.com\/. Accessed 14 May 2023"},{"key":"13_CR37","unstructured":"A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain. https:\/\/googleprojectzero.blogspot.com\/2022\/11\/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html. Accessed 15 May 2023"},{"key":"13_CR38","unstructured":"Upcoming Change: New certificate chain in the API response signature. https:\/\/groups.google.com\/g\/safetynet-api-clients\/c\/-2ShuYt5kFg. Accessed 17 May 2023"},{"key":"13_CR39","unstructured":"SysIntegrity API. https:\/\/developer.huawei.com\/consumer\/en\/doc\/development\/Security-Guides\/dysintegritydevelopment-0000001050156331. Accessed 15 May 2023"},{"key":"13_CR40","unstructured":"CA-certificates. https:\/\/android.googlesource.com\/platform\/system\/ca-certificates\/. Accessed 15 May 2023"},{"key":"13_CR41","unstructured":"Pin certificates. https:\/\/developer.android.com\/training\/articles\/security-config#CertificatePinning. Accessed 15 May 2023"},{"key":"13_CR42","unstructured":"Frida. https:\/\/frida.re\/. Accessed 15 May 2023"},{"key":"13_CR43","unstructured":"ShakaApktool. https:\/\/github.com\/rover12421\/ShakaApktool. Accessed 15 May 2023"},{"key":"13_CR44","unstructured":"Apktool: A tool for reverse engineering Android APK files. https:\/\/ibotpeaches.github.io\/Apktool\/. Accessed 15 May 2023"},{"key":"13_CR45","unstructured":"Grep. https:\/\/www.gnu.org\/software\/grep\/manual\/grep.html. Accessed 15 May 2023"},{"key":"13_CR46","unstructured":"Smali. https:\/\/github.com\/JesusFreke\/smali\/wiki. Accessed 15 May 2023"},{"key":"13_CR47","unstructured":"Soot. http:\/\/soot-oss.github.io\/soot\/. Accessed 15 May 2023"},{"key":"13_CR48","unstructured":"Application Signing. https:\/\/source.android.com\/docs\/security\/features\/apksigning. Accessed 15 May 2023"},{"key":"13_CR49","unstructured":"XDA Portal & Forums. https:\/\/www.xda-developers.com\/. Accessed 15 May 2023"},{"key":"13_CR50","unstructured":"Universal SafetyNet Fix. https:\/\/github.com\/kdrag0n\/safetynet-fix. Accessed 15 May 2023"},{"key":"13_CR51","unstructured":"Shamiko v0.7.2. https:\/\/github.com\/LSPosed\/LSPosed.github.io\/releases. Accessed 15 May 2023"},{"key":"13_CR52","unstructured":"Magisk. https:\/\/github.com\/topjohnwu\/Magisk\/releases. Accessed 27 May 2023"},{"key":"13_CR53","unstructured":"CVE-2020-0069. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-0069. Accessed 27 May 2023"},{"key":"13_CR54","unstructured":"APKPure: Download APK on Android with Free Online APK Downloader. https:\/\/apkpure.com\/. Accessed 27 May 2023"},{"key":"13_CR55","unstructured":"360 Mobile Assistant. http:\/\/m.app.so.com\/. Accessed 27 May 2023"},{"key":"13_CR56","unstructured":"ProGuard: Java Obfuscator and Android App Optimizer. https:\/\/www.guardsquare.com\/proguard. Accessed 27 May 2023"},{"key":"13_CR57","unstructured":"UI\/Application Exerciser Monkey. https:\/\/developer.android.com\/studio\/test\/other-testing-tools\/monkey. Accessed 27 May 2023"},{"key":"13_CR58","unstructured":"XAPK file. https:\/\/apkpure.com\/xapk.html. Accessed 27 May 2023"},{"key":"13_CR59","unstructured":"FGL Pro. https:\/\/play.google.com\/store\/apps\/details?id=com.ltp.pro.fakelocation &hl=en_US &gl=US. Accessed 27 May 2023"},{"key":"13_CR60","unstructured":"Fake GPS Location-GPS JoyStick. https:\/\/play.google.com\/store\/apps\/details?id=com.theappninjas.fakegpsjoystick &hl=en. Accessed 27 May 2023"},{"key":"13_CR61","unstructured":"Cha Cha Helper. https:\/\/www.xxzhushou.cn\/?channelid=352666. Accessed 27 May 2023"},{"key":"13_CR62","unstructured":"Moloc. https:\/\/www.coolapk.com\/apk\/top.xuante.moloc. Accessed 27 May 2023"},{"key":"13_CR63","unstructured":"Fake GPS Location Spoofer. https:\/\/play.google.com\/store\/apps\/details?id=com.incorporateapps.fakegps.fre. Accessed 27 May 2023"},{"key":"13_CR64","unstructured":"Huawei has the highest number of active smartphone users globally: how is this possible? https:\/\/www.gizchina.com\/2022\/08\/27\/huawei-has-the-highest-number-of-smartphone-users-globally-how-is-this-possible\/. Accessed 27 May 2023"},{"key":"13_CR65","unstructured":"One of China\u2019s most popular apps has the ability to spy on its users. https:\/\/edition.cnn.com\/2023\/04\/02\/tech\/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk\/index.html. Accessed 27 May 2023"},{"key":"13_CR66","unstructured":"Protocol Buffers. https:\/\/protobuf.dev\/. Accessed 30 May 2023"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51482-1_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T06:07:09Z","timestamp":1704866829000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51482-1_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514814","9783031514821"],"references-count":66,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51482-1_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}