{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T19:22:35Z","timestamp":1757618555785,"version":"3.44.0"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031976223"},{"type":"electronic","value":"9783031976230"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_9","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:21:39Z","timestamp":1752139299000},"page":"147-166","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Red Light for\u00a0Security: Uncovering Auto Feature Check and\u00a0Access Control Gaps in\u00a0AAOS"],"prefix":"10.1007","author":[{"family":"Jumana","sequence":"first","affiliation":[]},{"given":"Parjanya","family":"Vyas","sequence":"additional","affiliation":[]},{"given":"Yousra","family":"Aafer","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"9_CR1","unstructured":"Android emulator (2024). https:\/\/developer.volvocars.com\/in-car-apps\/android-emulator-xc40\/"},{"key":"9_CR2","unstructured":"Apktool (2024). https:\/\/apktool.org\/"},{"key":"9_CR3","unstructured":"dex2jar (2024). https:\/\/github.com\/pxb1988\/dex2jar"},{"key":"9_CR4","unstructured":"Git repositories on android (2024). https:\/\/android.googlesource.com\/"},{"key":"9_CR5","unstructured":"Gm developers (2024). https:\/\/developer.gm.com\/in-vehicle-apps"},{"key":"9_CR6","unstructured":"Honda android automotive OS emulator (2024). https:\/\/global.honda\/en\/cars-apps\/index.html"},{"key":"9_CR7","unstructured":"Polestar developer portal (2024). https:\/\/www.polestar.com\/global\/developer#emulator"},{"key":"9_CR8","unstructured":"smali (2024). https:\/\/github.com\/google\/smali"},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Aafer, Y., Huang, J., Sun, Y., Zhang, X., Li, N., Tian, C.: Acedroid: normalizing diverse android access control checks for inconsistency detection. In: Proceedings of the 2018 Network and Distributed System Security Symposium (2018)","DOI":"10.14722\/ndss.2018.23121"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Aafer, Y., Tao, G., Huang, J., Zhang, X., Li, N.: Precise android API protection mapping derivation and reasoning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1151\u20131164 (2018)","DOI":"10.1145\/3243734.3243842"},{"key":"9_CR11","doi-asserted-by":"publisher","unstructured":"Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: Pscout: analyzing the android permission specification. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS 2012), pp. 217\u2013228. Association for Computing Machinery (2012). https:\/\/doi.org\/10.1145\/2382196.2382222","DOI":"10.1145\/2382196.2382222"},{"key":"9_CR12","unstructured":"Backes, M., Bugiel, S., Derr, E., Mcdaniel, P., Octeau, D., Weisgerber, S.: On demystifying the android application framework: re-visiting android permission specification analysis. In: USENIX Security Symposium (2016)"},{"issue":"3","key":"9_CR13","doi-asserted-by":"publisher","first-page":"58","DOI":"10.3390\/fi13030058","volume":"13","author":"E Chatzoglou","year":"2021","unstructured":"Chatzoglou, E., Kambourakis, G., Kouliaridis, V.: A multi-tier security analysis of official car management apps for android. Future Internet 13(3), 58 (2021)","journal-title":"Future Internet"},{"key":"9_CR14","unstructured":"Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces (2011). https:\/\/www.usenix.org\/conference\/usenix-security-11\/comprehensive-experimental-analyses-automotive-attack-surfaces. Accessed 20 Dec 2023"},{"key":"9_CR15","unstructured":"cs.android.com: Car-lib. https:\/\/cs.android.com\/android\/platform\/superproject\/main\/+\/main:packages\/services\/Car\/car-lib\/. Accessed 20 Dec 2023"},{"key":"9_CR16","unstructured":"Android Developers: Test using the android automotive OS emulator. https:\/\/developer.android.com\/training\/cars\/testing\/emulator. Accessed 20 Dec 2023"},{"key":"9_CR17","doi-asserted-by":"publisher","unstructured":"El-Rewini, Z., Zhang, Z., Aafer, Y.: Poirot: probabilistically recommending protections for the android framework. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022), pp. 937\u2013950. Association for Computing Machinery (2022). https:\/\/doi.org\/10.1145\/3548606.3560710","DOI":"10.1145\/3548606.3560710"},{"issue":"5","key":"9_CR18","doi-asserted-by":"publisher","first-page":"1179","DOI":"10.1108\/LHT-01-2021-0013","volume":"40","author":"F Fakhfakh","year":"2022","unstructured":"Fakhfakh, F., Tounsi, M., Mosbah, M.: Cybersecurity attacks on can bus based vehicles: a review and open challenges. Library Hi Tech 40(5), 1179\u20131203 (2022)","journal-title":"Library Hi Tech"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627\u2013638 (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"9_CR20","doi-asserted-by":"publisher","unstructured":"Gorski, S.A., et al.: Acminer: extraction and analysis of authorization checks in android\u2019s middleware. In: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, CODASPY 2019, pp. 25\u201336. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3292006.3300023","DOI":"10.1145\/3292006.3300023"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Guo, D., Lu, S., Duan, N., Wang, Y., Zhou, M., Yin, J.: Unixcoder: unified cross-modal pre-training for code representation. arXiv preprint arXiv:2203.03850 (2022)","DOI":"10.18653\/v1\/2022.acl-long.499"},{"key":"9_CR22","unstructured":"G\u00f6z\u00fcb\u00fcy\u00fck, B., Tang, B., Shin, K., Pes\u00e9, M.: Analyzing privacy implications of data collection in android automotive OS. arXiv (2024). https:\/\/arxiv.org\/abs\/2409.15561"},{"key":"9_CR23","unstructured":"III, S.A.G., Thorn, S., Enck, W., Chen, H.: FReD: identifying file re-delegation in android system services. In: 31st USENIX Security Symposium (USENIX Security 2022), Boston, MA, pp. 1525\u20131542. USENIX Association (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/gorski"},{"key":"9_CR24","unstructured":"Mazloom, S., Rezaeirad, M., Hunter, A., McCoy, D.: A security analysis of an in-vehicle infotainment and app platform (2016). https:\/\/www.usenix.org\/conference\/woot16\/workshop-program\/presentation\/mazloom. Accessed 20 Dec 2023"},{"key":"9_CR25","unstructured":"Mazloom, S., Rezaeirad, M., Hunter, A., McCoy, D.: A security analysis of an $$\\{$$in-vehicle$$\\}$$ infotainment and app platform. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016) (2016)"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"Pes\u00e9, M.D., Schauer, J.W., Mohan, M., Joseph, C., Shin, K.G., Moore, J.: Pricar: privacy framework for vehicular data sharing with third parties. In: 2023 IEEE Secure Development Conference (SecDev), pp. 184\u2013195. IEEE (2023)","DOI":"10.1109\/SecDev56634.2023.00032"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Pes\u00e9, M.D., Shin, K.G.: Survey of automotive privacy regulations and privacy-related attacks (2019)","DOI":"10.4271\/2019-01-0479"},{"key":"9_CR28","doi-asserted-by":"publisher","unstructured":"Pes\u00e9, M., Shin, K., Bruner, J., Chu, A.: Security analysis of android automotive. SAE Technical Paper 2020-01-1295 (2020). https:\/\/doi.org\/10.4271\/2020-01-1295","DOI":"10.4271\/2020-01-1295"},{"key":"9_CR29","doi-asserted-by":"publisher","unstructured":"Pes\u00e9, M.: A first look at android automotive privacy. SAE Technical Paper 2023-01-0037 (2023). https:\/\/doi.org\/10.4271\/2023-01-0037","DOI":"10.4271\/2023-01-0037"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Rajapaksha, S., Kalutarage, H., Al-Kadri, M.O., Madzudzo, G., Petrovski, A.V.: Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle can bus security. In: 2022 14th International Conference on Cyber Conflict: Keep Moving!(CyCon), vol.\u00a0700, pp. 309\u2013330. IEEE (2022)","DOI":"10.23919\/CyCon55549.2022.9811048"},{"key":"9_CR31","unstructured":"Wala github repository. https:\/\/github.com\/wala\/WALA. Accessed 20 Dec 2023"},{"key":"9_CR32","unstructured":"SamMobile: Porsche cars to feature android automotive, google play store integration soon (2023). https:\/\/www.sammobile.com\/news\/porsche-cars-android-automotive-google-play-store-soon\/. Accessed 20 Dec 2023"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"Shao, Y., Chen, Q.A., Mao, Z.M., Ott, J., Qian, Z.: Kratos: discovering inconsistent security policy enforcement in the android framework. In: Network and Distributed System Security Symposium (2016)","DOI":"10.14722\/ndss.2016.23046"},{"key":"9_CR34","unstructured":"Vyas, P., Waheed, A., Aafer, Y., Asokan, N.: Auditing framework APIs via inferred app-side security specifications. In: 32nd USENIX Security Symposium (USENIX Security 2023), Anaheim, CA, pp. 6061\u20136077. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/vyas"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"Wang, Q., Sawhney, S.: Vecure: a practical security framework to protect the can bus of vehicles. In: 2014 International Conference on the Internet of Things (IOT), pp. 13\u201318. IEEE (2014)","DOI":"10.1109\/IOT.2014.7030108"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:43:47Z","timestamp":1757209427000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}