{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T22:03:09Z","timestamp":1769724189092,"version":"3.49.0"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319663319","type":"print"},{"value":"9783319663326","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66332-6_7","type":"book-chapter","created":{"date-parts":[[2017,10,11]],"date-time":"2017-10-11T07:58:05Z","timestamp":1507708685000},"page":"143-166","source":"Crossref","is-referenced-by-count":10,"title":["Precisely and Scalably Vetting JavaScript Bridge in Android Hybrid Apps"],"prefix":"10.1007","author":[{"given":"Guangliang","family":"Yang","sequence":"first","affiliation":[]},{"given":"Abner","family":"Mendoza","sequence":"additional","affiliation":[]},{"given":"Jialong","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,10,12]]},"reference":[{"key":"7_CR1","unstructured":"Binary Expression Tree. https:\/\/en.wikipedia.org\/wiki\/Binary_expression_tree"},{"key":"7_CR2","unstructured":"Is android malware served in theatres more sophisticated? http:\/\/www.honeynet.org\/node\/1081"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: Computer Security Foundations Symposium (CSF) (2010)","DOI":"10.1109\/CSF.2010.27"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI (2014)","DOI":"10.1145\/2666356.2594299"},{"key":"7_CR5","unstructured":"Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J.A., Dukhovni, V., K\u00e4sper, E., Cohney, S., Engels, S., Paar, C., Shavitt, Y.: Drown: breaking TLS using SSLv2. In: USENIX Security (2016)"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Beurdouche, B., Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zinzindohoue, J.K.: A messy state of the union: taming the composite state machines of TLS. In: IEEE Symposium on Security and Privacy (2015)","DOI":"10.1109\/SP.2015.39"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Calzavara, S., Grishchenko, I., Maffei, M.: Horndroid: practical and sound static analysis of android applications by SMT solving. In: IEEE European Symposium on Security and Privacy, EuroS&P (2016)","DOI":"10.1109\/EuroSP.2016.16"},{"key":"7_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-319-05149-9_9","volume-title":"Information Security Applications","author":"E Chin","year":"2014","unstructured":"Chin, E., Wagner, D.: Bifocals: analyzing WebView vulnerabilities in android applications. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 138\u2013159. Springer, Cham (2014). doi: 10.1007\/978-3-319-05149-9_9"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Demetriou, S., Merrill, W., Yang, W., Zhang, A., Gunter, C.A.: Free for all!. assessing user data exposure to advertising libraries on android. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23082"},{"key":"7_CR10","unstructured":"Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI (2010)"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Fahl, S., Harbach, M., Muders, T., Baumg\u00e4rtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android ssl (in)security. In: ACM CCS (2012)","DOI":"10.1145\/2382196.2382205"},{"key":"7_CR12","unstructured":"Fuchs, A.P., Chaudhuri, A., Foster, J.S.: Scandroid: Automated security certification of android applications. Manuscript, Univ. of Maryland (2009)"},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: Validating ssl certificates in non-browser software. In: ACM CCS (2012)","DOI":"10.1145\/2382196.2382204"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Georgiev, M., Jana, S., Shmatikov, V.: Breaking and fixing origin-based access control in hybrid web\/mobile application frameworks. In: NDSS, vol. 2014 (2014)","DOI":"10.14722\/ndss.2014.23323"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Gordon, M.I., Kim, D., Perkins, J., Gilham, L., Nguyen, N., Rinard, M.: Information-flow analysis of android applications in droidsafe. In: NDSS (2015)","DOI":"10.14722\/ndss.2015.23089"},{"issue":"4","key":"7_CR16","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1145\/54289.871709","volume":"22","author":"N Hardy","year":"1988","unstructured":"Hardy, N.: The confused deputy: (or why capabilities might have been invented). ACM SIGOPS Operating Syst. Rev. 22(4), 36\u201338 (1988)","journal-title":"ACM SIGOPS Operating Syst. Rev."},{"key":"7_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"577","DOI":"10.1007\/978-3-319-24177-7_29","volume-title":"Computer Security \u2013 ESORICS 2015","author":"B Hassanshahi","year":"2015","unstructured":"Hassanshahi, B., Jia, Y., Yap, R.H.C., Saxena, P., Liang, Z.: Web-to-application injection attacks on android: characterization and detection. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9327, pp. 577\u2013598. Springer, Cham (2015). doi: 10.1007\/978-3-319-24177-7_29"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Huang, W., Dong, Y., Milanova, A., Dolby, J.: Scalable and precise taint analysis for android. In: ISSTA, pp. 106\u2013117 (2015)","DOI":"10.1145\/2771783.2771803"},{"key":"7_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/978-3-319-27659-5_22","volume-title":"Information Security","author":"X Jin","year":"2015","unstructured":"Jin, X., Wang, L., Luo, T., Du, W.: Fine-grained access control for HTML5-based mobile applications in android. In: Desmedt, Y. (ed.) ISC 2013. LNCS, vol. 7807, pp. 309\u2013318. Springer, Cham (2015). doi: 10.1007\/978-3-319-27659-5_22"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Liang, J., Jiang, J., Duan, H., Li, K., Wan, T., Wu, J.: When https meets CDN: a case of authentication in delegated service. In: IEEE Symposium on Security and Privacy (2014)","DOI":"10.1109\/SP.2014.12"},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: Chex: statically vetting android apps for component hijacking vulnerabilities. In: ACM CCS (2012)","DOI":"10.1145\/2382196.2382223"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Luo, T., Hao, H., Du, W., Wang, Y., Yin, H.: Attacks on webview in the android system. In: ASCAC (2011)","DOI":"10.1145\/2076732.2076781"},{"key":"7_CR23","unstructured":"Mutchler, P., Doupe, A., Mitchell, J., Kruegel, C., Vigna, G., Doup, A., Mitchell, J., Kruegel, C., Vigna, G.: A large-scale study of mobile web app. security. In: MoST (2015)"},{"key":"7_CR24","unstructured":"P.A. Networks. New Android Trojan Xbot Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. http:\/\/researchcenter.paloaltonetworks.com\/2016\/02\/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom\/"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: NDSS, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23039"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Rastogi, V., Shao, R., Chen, Y., Pan, X., Zou, S., Riley, R.: Are these ads safe: detecting hidden attacks through the mobile app-web interfaces. In: NDSS (2016)","DOI":"10.14722\/ndss.2016.23234"},{"issue":"11","key":"7_CR27","first-page":"1079","volume":"4","author":"S Sedol","year":"2014","unstructured":"Sedol, S., Johari, R.: Survey of cross-site scripting attack in android apps. Int. J. Inform. Comput. Technol. 4(11), 1079\u20131084 (2014)","journal-title":"Int. J. Inform. Comput. Technol."},{"key":"7_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/978-3-642-41284-4_16","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"K Singh","year":"2013","unstructured":"Singh, K.: Practical context-aware permission control for hybrid mobile applications. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 307\u2013327. Springer, Heidelberg (2013). doi: 10.1007\/978-3-642-41284-4_16"},{"key":"7_CR29","doi-asserted-by":"crossref","unstructured":"Sounthiraraj, D., Sahs, J., Greenwood, G., Lin, Z., Khan, L.: SMV-HUNTER: large scale, automated detection of SSL\/TLS man-in-the-middle vulnerabilities in android apps. In: NDSS (2014)","DOI":"10.14722\/ndss.2014.23205"},{"key":"7_CR30","doi-asserted-by":"crossref","unstructured":"Steensgaard, B.: Points-to analysis in almost linear time. In: POPL, New York, NY, USA, pp. 32\u201341 (1996)","DOI":"10.1145\/237721.237727"},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Tuncay, G.S., Demetriou, S., Gunter, C.A.: Draco: a system for uniform and fine-grained access control for web code on android. In: ACM CCS (2016)","DOI":"10.1145\/2976749.2978322"},{"key":"7_CR32","doi-asserted-by":"crossref","unstructured":"Wang, R., Xing, L., Wang, X., Chen, S.: Unauthorized origin crossing on mobile platforms: threats and mitigation. In: ACM CCS (2013)","DOI":"10.1145\/2508859.2516727"},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: ACM CCS (2014)","DOI":"10.1145\/2660267.2660357"},{"key":"7_CR34","unstructured":"Wu, D., Chang, R.K.C.: Indirect File Leaks in Mobile Applications. MoST (2015)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66332-6_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,4]],"date-time":"2019-10-04T09:17:58Z","timestamp":1570180678000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-66332-6_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319663319","9783319663326"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66332-6_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}