{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,6]],"date-time":"2025-04-06T04:21:24Z","timestamp":1743913284904,"version":"3.40.3"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031664557"},{"type":"electronic","value":"9783031664564"}],"license":[{"start":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T00:00:00Z","timestamp":1727568000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T00:00:00Z","timestamp":1727568000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-66456-4_18","type":"book-chapter","created":{"date-parts":[[2024,9,28]],"date-time":"2024-09-28T06:01:58Z","timestamp":1727503318000},"page":"323-345","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Analyzing Excessive Permission Requests in\u00a0Google Workspace Add-Ons"],"prefix":"10.1007","author":[{"given":"Liuhuo","family":"Wan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuan","family":"Yan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mark Huasong","family":"Meng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,29]]},"reference":[{"key":"18_CR1","unstructured":"10,000 most common English words Repo (2023). https:\/\/github.com\/first20hours\/google-10000-english"},{"key":"18_CR2","unstructured":"Auto-Latex Equation (2023). https:\/\/workspace.google.com\/marketplace\/app\/autolatex_equations\/850293439076"},{"key":"18_CR3","unstructured":"California Consumer Privacy Act (2023). https:\/\/oag.ca.gov\/privacy\/ccpa"},{"key":"18_CR4","unstructured":"ChatGPT fine tune reference (2023). https:\/\/platform.openai.com\/docs\/api-reference\/fine-tunes"},{"key":"18_CR5","unstructured":"Developer Reference: OAuth 2.0 scopes (2023). https:\/\/developers.google.com\/identity\/protocols\/oauth2\/scopes"},{"key":"18_CR6","unstructured":"Esprima (2023). https:\/\/esprima.org"},{"key":"18_CR7","unstructured":"General Data Protection Regulation (2023). https:\/\/gdpr-info.eu\/"},{"key":"18_CR8","unstructured":"Google Workspace Market Share (2023). https:\/\/6sense.com\/tech\/office-suites\/google-workspace-market-share"},{"key":"18_CR9","unstructured":"Google Workspace Reference Overview (2023). https:\/\/developers.google.com\/apps-script\/reference\/"},{"key":"18_CR10","unstructured":"Homepage of OpenCV (2023). https:\/\/opencv.org\/"},{"key":"18_CR11","unstructured":"Hugging Face DistilBERT (2023). https:\/\/huggingface.co\/docs\/transformers\/model_doc\/distilbert"},{"key":"18_CR12","unstructured":"HuggingFace: roberta-large-mnli model (2023). https:\/\/huggingface.co\/roberta-large-mnli"},{"key":"18_CR13","unstructured":"No Phishing! (2023). https:\/\/workspace.google.com\/marketplace\/app\/no_phishing\/149706744667"},{"key":"18_CR14","unstructured":"OAuth 2.0 Rich Authorization Requests (2023). https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-oauth-rar-12"},{"key":"18_CR15","unstructured":"Selenium Dev (2023). https:\/\/www.selenium.dev\/"},{"key":"18_CR16","unstructured":"T5 base (2023). https:\/\/huggingface.co\/t5-base"},{"key":"18_CR17","unstructured":"Zoom Apps (2023). https:\/\/marketplace.zoom.us\/"},{"key":"18_CR18","unstructured":"Andow, B., et al.: Policylint: investigating internal privacy policy contradictions on google play. In: USENIX Security Symposium, pp. 585\u2013602 (2019)"},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 217\u2013228 )(2012)","DOI":"10.1145\/2382196.2382222"},{"key":"18_CR20","unstructured":"Balash, D.G., Wu, X., Grant, M., Reyes, I., Aviv, A.J.: Security and privacy perceptions of $$\\{$$Third-Party$$\\}$$ application access for google accounts. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 3397\u20133414 (2022)"},{"key":"18_CR21","unstructured":"Chen, Y., Gao, Y., Ceccio, N., Chatterjee, R., Fawaz, K., Fernandes, E.: Experimental security analysis of the app model in business collaboration platforms. In: 31st USENIX Security Symposium (USENIX Security 2022), pp. 2011\u20132028 (2022)"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Edu, J., Mulligan, C., Pierazzi, F., Polakis, J., Suarez-Tangil, G., Such, J.: Exploring the security and privacy risks of chatbots in messaging services. In: Proceedings of the 22nd ACM Internet Measurement Conference, pp. 581\u2013588 (2022)","DOI":"10.1145\/3517745.3561433"},{"key":"18_CR23","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1016\/j.cose.2014.02.007","volume":"43","author":"Z Fang","year":"2014","unstructured":"Fang, Z., Han, W., Li, Y.: Permission based Android security: issues and countermeasures. Comput. Secur. 43, 205\u2013218 (2014)","journal-title":"Comput. Secur."},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Gao, Y., Xu, G., Li, L., Luo, X., Wang, C., Sui, Y.: Demystifying the underground ecosystem of account registration bots. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 897\u2013909 (2022)","DOI":"10.1145\/3540250.3549090"},{"key":"18_CR25","doi-asserted-by":"crossref","unstructured":"Harkous, H., Aberer, K.: \u201cif you can\u2019t beat them, join them\" a usability approach to interdependent privacy in cloud apps. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 127\u2013138 (2017)","DOI":"10.1145\/3029806.3029837"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Harkous, H., Peddinti, S.T., Khandelwal, R., Srivastava, A., Taft, N.: A deep learning system for navigating privacy feedback at scale. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 2469\u20132486. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833729"},{"key":"18_CR27","doi-asserted-by":"crossref","unstructured":"Jannett, L., Mladenov, V., Mainka, C., Schwenk, J.: Distinct: identity theft using in-browser communications in dual-window single sign-on. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 1553\u20131567 (2022)","DOI":"10.1145\/3548606.3560692"},{"key":"18_CR28","unstructured":"Jocher, G., Chaurasia, A., Qiu, J.: YOLO by Ultralytics (2023)"},{"key":"18_CR29","unstructured":"Devlin, J., Kenton, M.W.C., Toutanova, L.K.: Bert: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of NAACL-HLT, vol. 1, p. 2 (2019)"},{"key":"18_CR30","unstructured":"Khandelwal, R., Linden, T., Harkous, H., Fawaz, K.: $$\\{$$PriSEC$$\\}$$: a privacy settings enforcement controller. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 465\u2013482 (2021)"},{"key":"18_CR31","doi-asserted-by":"crossref","unstructured":"Ling, Y., Hao, Y., Wang, Y., Wang, K., Bai, G., Dong, J.S.: Essential or excessive? mindaext: measuring data minimization practices among browser extensions (2024)","DOI":"10.1109\/SANER60148.2024.00104"},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Ling, Y., Wang, K., Bai, G., Wang, H., Dong, J.S.: Are they toeing the line? diagnosing privacy compliance violations among browser extensions. In: Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering (ASE) (2022)","DOI":"10.1145\/3551349.3560436"},{"key":"18_CR33","doi-asserted-by":"crossref","unstructured":"Liu, Z., et al.: Fill in the blank: context-aware automated text input generation for mobile gui testing. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 1355\u20131367. IEEE (2023)","DOI":"10.1109\/ICSE48619.2023.00119"},{"key":"18_CR34","unstructured":"MacCartney, B.: Natural language inference. Stanford University (2009)"},{"issue":"12","key":"18_CR35","doi-asserted-by":"publisher","first-page":"2667","DOI":"10.1109\/TSE.2019.2960690","volume":"47","author":"K Mahadewa","year":"2019","unstructured":"Mahadewa, K., et al.: Scrutinizing implementations of smart home integrations. IEEE Trans. Softw. Eng. 47(12), 2667\u20132683 (2019)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"18_CR36","doi-asserted-by":"crossref","unstructured":"Mahadewa, K., et al.: Identifying privacy weaknesses from multi-party trigger-action integration platforms. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 2\u201315 (2021)","DOI":"10.1145\/3460319.3464838"},{"key":"18_CR37","doi-asserted-by":"crossref","unstructured":"Mahadewa, K.T., Wang, K., Bai, G., Shi, L., Dong, J.S., Liang, Z.: Homescan: scrutinizing implementations of smart home integrations. In: 2018 23rd International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 21\u201330. IEEE (2018)","DOI":"10.1109\/ICECCS2018.2018.00011"},{"issue":"3","key":"18_CR38","doi-asserted-by":"publisher","first-page":"276","DOI":"10.11613\/BM.2012.031","volume":"22","author":"ML McHugh","year":"2012","unstructured":"McHugh, M.L.: Interrater reliability: the kappa statistic. Biochemia Medica 22(3), 276\u2013282 (2012)","journal-title":"Biochemia Medica"},{"key":"18_CR39","doi-asserted-by":"crossref","unstructured":"Miniukovich, A., De\u00a0Angeli, A., Sulpizio, S., Venuti, P.: Design guidelines for web readability. In: Proceedings of the 2017 Conference on Designing Interactive Systems, pp. 285\u2013296 (2017)","DOI":"10.1145\/3064663.3064711"},{"issue":"2","key":"18_CR40","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1109\/TKDE.2007.190667","volume":"20","author":"O Nasraoui","year":"2007","unstructured":"Nasraoui, O., Soliman, M., Saka, E., Badia, A., Germain, R.: A web usage mining framework for mining evolving user profiles in dynamic web sites. IEEE Trans. Knowl. Data Eng. 20(2), 202\u2013215 (2007)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"18_CR41","unstructured":"Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: Whyper: towards automating risk assessment of mobile applications. In: USENIX Security Symposium, Washington, DC, vol. 2013 (2013)"},{"key":"18_CR42","doi-asserted-by":"crossref","unstructured":"Qu, Z., Rastogi, V., Zhang, X., Chen, Y., Zhu, T., Chen, Z.: Autocog: measuring the description-to-permission fidelity in android applications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 1354\u20131365 (2014)","DOI":"10.1145\/2660267.2660287"},{"key":"18_CR43","doi-asserted-by":"crossref","unstructured":"Wan, L., Wang, K., Mahadewa, K.T., Wang, H., Bai, G.: Don\u2019t bite off more than you can chew: investigating excessive permission requests in trigger-action integrations. In: Proceedings of the ACM Web Conference 2024 (2024)","DOI":"10.1145\/3589334.3645721"},{"key":"18_CR44","doi-asserted-by":"crossref","unstructured":"Wan, L., Wang, K., Wang, H., Bai, G.: Is it safe to share your files? an empirical security analysis of google workspace. In: Proceedings of the ACM Web Conference 2024 (2024)","DOI":"10.1145\/3589334.3645697"},{"key":"18_CR45","doi-asserted-by":"crossref","unstructured":"Wang, C., Ko, R., Zhang, Y., Yang, Y., Lin, Z.: Taintmini: detecting flow of sensitive data in mini-programs with static taint analysis. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 932\u2013944. IEEE (2023)","DOI":"10.1109\/ICSE48619.2023.00086"},{"key":"18_CR46","doi-asserted-by":"crossref","unstructured":"Wang, L., Wang, H., Luo, X., Sui, Y.: Malwhiteout: reducing label errors in android malware detection. In: Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering, pp. 1\u201313 (2022)","DOI":"10.1145\/3551349.3560418"},{"key":"18_CR47","doi-asserted-by":"crossref","unstructured":"Zha, M., Wang, J., et\u00a0al.: Hazard integrated: understanding security risks in app extensions to team chat systems. In: Network and Distributed Systems Security (NDSS) Symposium (2022)","DOI":"10.14722\/ndss.2022.24387"},{"key":"18_CR48","doi-asserted-by":"crossref","unstructured":"Zhang, J., Yang, L., Han, Y., Xiang, Z., Hei, X.: A small leak will sink many ships: vulnerabilities related to mini-programs permissions. In: 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 595\u2013606. IEEE (2023)","DOI":"10.1109\/COMPSAC57700.2023.00085"},{"key":"18_CR49","unstructured":"Zhou, L., et al.: $$\\{$$POLICYCOMP$$\\}$$: counterpart comparison of privacy policies uncovers overbroad personal data collection practices. In: 32nd USENIX Security Symposium (USENIX Security 2023), pp. 1073\u20131090 (2023)"}],"container-title":["Lecture Notes in Computer Science","Engineering of Complex Computer Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-66456-4_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,5]],"date-time":"2025-04-05T21:54:27Z","timestamp":1743890067000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-66456-4_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,29]]},"ISBN":["9783031664557","9783031664564"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-66456-4_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,9,29]]},"assertion":[{"value":"29 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICECCS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Engineering of Complex Computer Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Limassol","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cyprus","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 June 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 June 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iceccs2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/cyprusconferences.org\/iceccs2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}