{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:18:03Z","timestamp":1763468283891},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319260952"},{"type":"electronic","value":"9783319260969"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26096-9_13","type":"book-chapter","created":{"date-parts":[[2015,11,24]],"date-time":"2015-11-24T11:18:35Z","timestamp":1448363915000},"page":"126-138","source":"Crossref","is-referenced-by-count":22,"title":["The Lifetime of Android API Vulnerabilities: Case Study on the JavaScript-to-Java Interface"],"prefix":"10.1007","author":[{"given":"Daniel R.","family":"Thomas","sequence":"first","affiliation":[]},{"given":"Alastair R.","family":"Beresford","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Coudray","sequence":"additional","affiliation":[]},{"given":"Tom","family":"Sutcliffe","sequence":"additional","affiliation":[]},{"given":"Adrian","family":"Taylor","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,11,25]]},"reference":[{"key":"13_CR1","unstructured":"Bergman, N.:. Abusing WebView JavaScript bridges (2012). \n                    http:\/\/d3adend.org\/blog\/?p=314\n                    \n                  . Accessed 09 January 2015"},{"key":"13_CR2","doi-asserted-by":"publisher","unstructured":"Clark, J., van Oorschot, P.C.: SoK: SSL and HTTPS: revisiting past challenges and evaluating certificate trust model enhancements. In: IEEE Symposium on Security and Privacy, pp. 511\u2013525 (2013). doi:\n                    10.1109\/SP.2013.41","DOI":"10.1109\/SP.2013.41"},{"key":"13_CR3","doi-asserted-by":"publisher","unstructured":"Fahl, S., Harbach, M., Muders, T., Smith, M., Baumg\u00e4rtner, L., Freisleben, B.: Why Eve and Mallory love Android: an analysis of android SSL (in)security. In: CCS, pp. 50\u201361. ACM (2012). doi:\n                    10.1145\/2382196.2382205\n                    \n                  , ISBN: 9781450316514","DOI":"10.1145\/2382196.2382205"},{"key":"13_CR4","doi-asserted-by":"publisher","unstructured":"Georgiev, M., Jana, S., Shmatikov, V.: Breaking and fixing origin-based access control in hybrid web\/mobile application frameworks. In: Network and Distributed System Security Symposium (NDSS) (2014). doi:\n                    10.14722\/ndss.2014.23323","DOI":"10.14722\/ndss.2014.23323"},{"key":"13_CR5","doi-asserted-by":"publisher","unstructured":"Grace, M.C., Zhou, W., Jiang, X., Sadeghi, A.-R.: Unsafe exposure analysis of mobile in-app advertisements. In: Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), pp. 101\u2013112 (2012). doi:\n                    10.1145\/2185448.2185464","DOI":"10.1145\/2185448.2185464"},{"key":"13_CR6","unstructured":"MWR labs. WebView addJavascriptInterface Remote Code Execution (2013). \n                    https:\/\/labs.mwrinfosecurity.com\/blog\/2013\/09\/24\/webview-addjavascriptinterface-remote-code-execution\/\n                    \n                  . Accessed 19 December 2014"},{"key":"13_CR7","doi-asserted-by":"publisher","unstructured":"Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on WebView in the Android system. In: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC), Orlando, pp. 343\u2013352. ACM (2011). doi:\n                    10.1145\/2076732.2076781\n                    \n                  , ISBN: 9781450306720","DOI":"10.1145\/2076732.2076781"},{"key":"13_CR8","unstructured":"Mettler, A., Wagner, D., Close, T.: Joe-E: a security-oriented subset of Java. In: Network and Distributed System Security Symposium (NDSS) (2010)"},{"key":"13_CR9","doi-asserted-by":"publisher","unstructured":"Nappa, A., Johnson, R., Bilge, L., Caballero, J., Dumitras, T.: The attack of the clones: a study of the impact of shared code on vulnerability patching. In: IEEE Symposium on Security and Privacy, pp. 692\u2013708 (2015). doi:\n                    10.1109\/SP.2015.48.138","DOI":"10.1109\/SP.2015.48.138"},{"key":"13_CR10","doi-asserted-by":"publisher","unstructured":"Pearce, P., Felt, A.P., Wagner, D.: AdDroid: privilege separation for applications and advertisers in Android. In: ACM Symposium on Information, Computer and Communication Security (ASIACCS) (2012). doi:\n                    10.1145\/2414456.2414498","DOI":"10.1145\/2414456.2414498"},{"key":"13_CR11","unstructured":"Shekhar, S., Dietz, M., Wallach, D.S.: AdSplit: separating smartphone advertising from applications. In: Proceedings of the 21st USENIX Conference on Security Symposium, p. 28 (2012). \n                    arXiv: 1202.4030"},{"key":"13_CR12","unstructured":"Stevens, R., Gibler, C., Crussell, J., Erickson, J., Chen, H.: Investigating user privacy in Android ad libraries. In: IEEE Mobile Security Technologies (MoST) (2012)"},{"key":"13_CR13","unstructured":"Thomas, D.R.: Historic Google Play dashboard (2015). \n                    http:\/\/androidvulnerabilities.org\/play\/historicplaydashboard"},{"key":"13_CR14","doi-asserted-by":"publisher","unstructured":"Thomas, D.R., Beresford, A.R., Rice, A.: Security metrics for the android ecosystem. In: ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Denver. ACM (2015). doi:\n                    10.1145\/2808117.2808118\n                    \n                  , ISBN: 978-1-4503-3819-6","DOI":"10.1145\/2808117.2808118"},{"key":"13_CR15","unstructured":"Thomas, D.R., Coudray, T., Sutcliffe, T.: Supporting data for: \u201cThe lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface\" (2015). \n                    https:\/\/www.repository.cam.ac.uk\/handle\/1810\/247976\n                    \n                  . Accessed 26 May 2015"},{"key":"13_CR16","doi-asserted-by":"publisher","unstructured":"Viennot, N., Garcia, E., Nieh, J.: A measurement study of Google Play. In: SIGMETRICS (2014). doi:\n                    10.1145\/2591971.2592003","DOI":"10.1145\/2591971.2592003"},{"key":"13_CR17","doi-asserted-by":"publisher","unstructured":"Wagner, D.T., Rice, A., Beresford, A.R.: Device Analyzer: large-scale mobile data collection. In: Sigmetrics, Big Data Workshop, Pittsburgh. ACM (2013). doi:\n                    10.1145\/2627534.2627553","DOI":"10.1145\/2627534.2627553"},{"key":"13_CR18","unstructured":"Wagner, D., Tribble, D.: A security analysis of the Combex DarpaBrowser architecture (2002). \n                    http:\/\/combexin.temp.veriohosting.com\/papers\/darpa-review\/security-review.pdf\n                    \n                  . Accessed 08 March 2012"},{"key":"13_CR19","unstructured":"Wognsen, E.R., Karlsen, H.S.: Static analysis of Dalvik bytecode and reflection in Android. In: Master\u2019s thesis, Department of Computer Science, Aalborg University, Aalborg, Denmark (2012)"}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXIII"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26096-9_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T13:20:10Z","timestamp":1559308810000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26096-9_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319260952","9783319260969"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26096-9_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}