{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T01:15:27Z","timestamp":1746321327044,"version":"3.37.3"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","license":[{"start":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T00:00:00Z","timestamp":1665446400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T00:00:00Z","timestamp":1665446400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["NSF-SFS-112956"],"award-info":[{"award-number":["NSF-SFS-112956"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100007809","name":"Texas A and M University-Corpus Christi","doi-asserted-by":"publisher","award":["Startup Funds"],"award-info":[{"award-number":["Startup Funds"]}],"id":[{"id":"10.13039\/100007809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"DOI":"10.1007\/s10796-022-10328-8","type":"journal-article","created":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T10:02:57Z","timestamp":1665482577000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["DyPolDroid: Protecting Against Permission-Abuse Attacks in Android"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8931-6412","authenticated-orcid":false,"given":"Carlos E.","family":"Rubio-Medrano","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pradeep Kumar Duraisamy","family":"Soundrapandian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matthew","family":"Hill","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luis","family":"Claramunt","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jaejong","family":"Baek","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Geetha","family":"S","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gail-Joon","family":"Ahn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,10,11]]},"reference":[{"key":"10328_CR1","unstructured":"Android Authority. (2020). Report: Hundreds of apps have hidden tracking software used by the government.\u00a0https:\/\/www.androidauthority.com\/government-tracking-apps-1145989\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR2","unstructured":"Android Developers Reference. (2022). Manifest.permission.\u00a0https:\/\/developer.android.com\/reference\/android\/Manifest.permission. Accessed 14 Sept\u00a02022."},{"key":"10328_CR3","doi-asserted-by":"publisher","first-page":"1968","DOI":"10.1109\/TIFS.2019.2950134","volume":"15","author":"A Arora","year":"2020","unstructured":"Arora, A., Peddoju, S. K., & Conti, M. (2020). Permpair: Android malware detection using permission pairs. IEEE Transactions on Information Forensics and Security, 15, 1968\u20131982.","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"10328_CR4","doi-asserted-by":"crossref","unstructured":"Au, K.W.Y., Zhou, Y.F., Huang, Z., et al. (2012). Pscout: Analyzing the android permission specification. In Proceedings of the 2012 ACM Conf. on computer and communications security, New York, NY, USA, CCS \u201912, pp. 217\u2013228.","DOI":"10.1145\/2382196.2382222"},{"key":"10328_CR5","unstructured":"Backes, M., Bugiel, S., Derr, E., et al. (2016). On demystifying the android application framework: Re-visiting android permission specification analysis. In Proceedings of the 25th USENIX Conf. on security symposium, USA, SEC\u201916, pp. 1101\u20131118."},{"key":"10328_CR6","doi-asserted-by":"crossref","unstructured":"Bartel, A., Klein, J., Le Traon, Y., et al. (2012). Automatically securing permission-based software by reducing the attack surface: an application to android. In 2012 Proc. of the 27th IEEE\/ACM international Conf. on automated software engineering\u00a0(pp. 274\u2013277).","DOI":"10.1145\/2351676.2351722"},{"key":"10328_CR7","doi-asserted-by":"crossref","unstructured":"Calciati, P., & Gorla, A. (2017). How do apps evolve in their permission requests? A preliminary study. In 2017 IEEE\/ACM 14th Int. Conf. on mining software repositories (MSR)\u00a0(pp. 37\u201341).","DOI":"10.1109\/MSR.2017.64"},{"key":"10328_CR8","unstructured":"Chung, F.D., Kuhn, D., et al. (2019). Guide to attribute based access control (abac) definition and considerations.\u00a0https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=927500. Accessed 14 Sept\u00a02022."},{"key":"10328_CR9","doi-asserted-by":"crossref","unstructured":"Dawoud, A., & Bugiel, S. (2019). Droidcap: Os support for capability-based permissions in android. In Proc. of the network and distributed system security symposium (NDSS) 2019.","DOI":"10.14722\/ndss.2019.23398"},{"key":"10328_CR10","unstructured":"Diamantaris, M., Papadopoulos, E. P., Markatos, E. P., et al. (2019). Reaper: Real-time app analysis for augmenting the android permission system, ACM New York NY, USA, CODASPY \u201919, pp. 37\u201348."},{"key":"10328_CR11","unstructured":"Drupal. (2021). Xposed module repository.\u00a0https:\/\/repo.xposed.info\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR12","doi-asserted-by":"crossref","unstructured":"Enck, W. (2020). Analysis of access control enforcement in android. In Proc. of the 25th ACM symposium on access control models and technologies. ACM, New York, NY, USA, SACMAT \u201920, pp. 117\u2013118.","DOI":"10.1145\/3381991.3395396"},{"key":"10328_CR13","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., et al. (2011). Android permissions demystified. In Proceedings of the 18th ACM Conf. on computer and communications security. ACM, New York, NY, USA, CCS \u201911, pp. 627\u2013638.","DOI":"10.1145\/2046707.2046779"},{"key":"10328_CR14","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Ha, E., Egelman, S., et al. (2012a). Android permissions: User attention, comprehension, and behavior. In Proc. of the Eighth Symp. on usable privacy and Sec. ACM, New York, NY, USA.","DOI":"10.1145\/2335356.2335360"},{"key":"10328_CR15","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Ha, E., Egelman, S., et al. (2012b). Android permissions: user attention, comprehension, and behavior. In Proceedings of the eighth symposium on usable privacy and security, pp. 1\u201314.","DOI":"10.1145\/2335356.2335360"},{"key":"10328_CR16","first-page":"264","volume":"106\u2013102","author":"H Gao","year":"2021","unstructured":"Gao, H., Cheng, S., & Zhang, W. (2021). Gdroid: Android malware detection and classification with graph convolutional network. Computers & Security, 106\u2013102, 264.","journal-title":"Computers & Security"},{"key":"10328_CR17","unstructured":"Gasparis, I., Qian, Z., Song, C., et al. (2017). Detecting android root exploits by learning from root providers. In 26th USENIX security symposium (pp. 1129\u20131144). USENIX Association."},{"key":"10328_CR18","unstructured":"Google. (2021a). Android enterprise.\u00a0https:\/\/www.android.com\/enterprise\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR19","unstructured":"Google. (2021b). Permissions on android.\u00a0https:\/\/developer.android.com\/guide\/topics\/permissions\/overview. Accessed 14 Sept\u00a02022."},{"key":"10328_CR20","unstructured":"Hill, M., & Rubio-Medrano, C. E. (2021). DyPolDroid Github Repository.\u00a0https:\/\/github.com\/sefcom\/DyPolDroid. Accessed 14 Sept\u00a02022."},{"key":"10328_CR21","unstructured":"IETF OAuth Working Group. (2022). OAuth 2.0.\u00a0https:\/\/oauth.net\/2\/. Accessed 14 Sept\u00a02022."},{"issue":"10","key":"10328_CR22","doi-asserted-by":"publisher","first-page":"5183","DOI":"10.1007\/s00521-020-05309-4","volume":"33","author":"A Mahindru","year":"2021","unstructured":"Mahindru, A., & Sangal, A. (2021). Mldroid\u2014framework for android malware detection using machine learning techniques. Neural Computing and Applications, 33(10), 5183\u20135240.","journal-title":"Neural Computing and Applications"},{"key":"10328_CR23","unstructured":"OASIS Standard. (2013). eXtensible Access control markup language (XACML) Version 3.0. (2013, January 22).\u00a0http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.html. Accessed 14 Sept\u00a02022."},{"key":"10328_CR24","unstructured":"Paderborn University. (2022). Soot - A framework for analyzing and transforming Java and Android applications.\u00a0http:\/\/soot-oss.github.io\/soot\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR25","unstructured":"PC Magazine. (2020). Android users need to manually remove these 16 infected apps.\u00a0https:\/\/www.pcmag.com\/news\/android-users-need-to-manually-remove-these-17-infected-apps. Accessed 14 Sept\u00a02022."},{"key":"10328_CR26","doi-asserted-by":"crossref","unstructured":"Ramachandran, S., Dimitri, A., Galinium, M., et al. (2017). Understanding and granting android permissions: A user survey. In 2017 Int. Carnahan Conf. on security technology (ICCST)\u00a0(pp. 1\u20136).","DOI":"10.1109\/CCST.2017.8167834"},{"key":"10328_CR27","doi-asserted-by":"crossref","unstructured":"Rubio-Medrano, C.E., Jogani, S., Leitner, M., et al. (2019). Effectively enforcing authorization constraints for emerging space-sensitive technologies. In Proc. of the 24th ACM symposium on access control models and technologies. ACM, New York, NY, USA, SACMAT \u201919, pp. 195\u2013206.","DOI":"10.1145\/3322431.3325109"},{"key":"10328_CR28","unstructured":"Rubio-Medrano, C.E., Hill, M., Claramunt, L., et al. (2020a). DyPolDroid: Protecting Users and Organizations Against Permission-Abuse Attacks in Android. In Proceedings of the international conference on secure knowledge management in the artificial intelligence Era. Springer."},{"key":"10328_CR29","unstructured":"Rubio-Medrano, C.E., Hill, M., Claramunt, L., et al. (2020b). Poster: DyPolDroid: protecting users and organizations against permission-abuse attacks in android. In Proceedings of the 6th IEEE european symposium on security and privacy. IEEE."},{"key":"10328_CR30","doi-asserted-by":"crossref","unstructured":"Seraj, S., Khodambashi, S., Pavlidis, M., et al. (2022). Hamdroid: permission-based harmful android anti-malware detection using neural networks. Neural Computing and Applications, pp. 1\u201310.","DOI":"10.1007\/s00521-021-06755-4"},{"key":"10328_CR31","doi-asserted-by":"crossref","unstructured":"Shao, Y., Ott, J., Chen, Q. A., et al. (2016). Kratos: Discovering inconsistent security policy enforcement in the android framework. In Proc. of the network and distributed system security symposium (NDSS) 2016.","DOI":"10.14722\/ndss.2016.23046"},{"key":"10328_CR32","doi-asserted-by":"crossref","unstructured":"Slavin, R., Wang, X., Hosseini, M. B., et al. (2016). Toward a framework for detecting privacy policy violations in android application code. In Proceedings of the 38th international Conf. on software engineering, New York, NY, USA, ICSE \u201916, pp. 25\u201336.","DOI":"10.1145\/2884781.2884855"},{"key":"10328_CR33","unstructured":"Steven Arzt. (2022). FlowDroid data flow analysis tool.\u00a0https:\/\/github.com\/secure-software-engineering\/FlowDroid\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR34","unstructured":"Sunday Express. (2020). Android\u2019s biggest issue is far worse than we ever imagined, new research proves.\u00a0https:\/\/www.express.co.uk\/life-style\/science-technology\/1362551\/Android-Google-Play-Store-malware-problem-researc. Accessed 14 Sept\u00a02022."},{"key":"10328_CR35","unstructured":"The New York Times. (2020). The lesson we\u2019re learning from TikTok? It\u2019s all about our data.\u00a0https:\/\/www.nytimes.com\/2020\/08\/26\/technology\/personaltech\/tiktok-data-apps.html. Accessed 14 Sept\u00a02022."},{"key":"10328_CR36","unstructured":"Vall\u00e9e-Rai, R., Co, P., Gagnon, E., et al. (1999). Soot - a java bytecode optimization framework. In Proceedings of the 1999 conference of the Centre for advanced studies on collaborative research. IBM Press, CASCON \u201999, pp. 13."},{"key":"10328_CR37","unstructured":"Vidas, T., Votipka, D., & Christin, N. (2011). All your droid are belong to us: A survey of current android attacks. In Proceedings of the 5th USENIX Conf. on offensive technologies. USENIX Association, USA, WOOT\u201911, pp. 10."},{"key":"10328_CR38","doi-asserted-by":"crossref","unstructured":"Wang, H., Guo, Y., Tang, Z., et al. (2015). Reevaluating android permission gaps with static and dynamic analysis. In 2015 IEEE global communications Conf. (GLOBECOM)\u00a0(pp. 1\u20136).","DOI":"10.1109\/GLOCOM.2015.7417621"},{"key":"10328_CR39","doi-asserted-by":"crossref","unstructured":"Wei, X., Gomez, L., Neamtiu, I., et al. (2012). Permission evolution in the android ecosystem. In Proc. of the 28th annual computer security applications Conf. ACM, New York, NY, USA, ACSAC \u201912, pp. 31\u201340.","DOI":"10.1145\/2420950.2420956"},{"key":"10328_CR40","unstructured":"Wired. (2020). A barcode scanner app with millions of downloads goes rogue.\u00a0https:\/\/www.wired.com\/story\/barcode-scanner-app-millions-downloads-goes-rogue\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR41","doi-asserted-by":"crossref","unstructured":"Wu, S., & Liu, J. (2019). Overprivileged permission detection for android applications. In ICC 2019 - 2019 IEEE Int. Conf. on communications (ICC)\u00a0(pp. 1\u20136).","DOI":"10.1109\/ICC.2019.8761572"},{"key":"10328_CR42","doi-asserted-by":"crossref","unstructured":"Zachariah, R., Akash, K., Yousef, M. S., et al. (2017). Android malware detection a survey. In 2017 IEEE Int. Conf. on circuits and systems (ICCS)\u00a0(pp. 238\u2013244).","DOI":"10.1109\/ICCS1.2017.8325997"},{"key":"10328_CR43","unstructured":"ZDNet. (2020). Play Store identified as main distribution vector for most Android malware.\u00a0https:\/\/www.zdnet.com\/article\/play-store-identified-as-main-distribution-vector-for-most-android-malware\/. Accessed 14 Sept\u00a02022."},{"key":"10328_CR44","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Yang, M., Xu, B., et al. (2013). Vetting undesirable behaviors in android apps with permission use analysis. In Proceedings of the 2013 ACM SIGSAC Conf. on computer and communications security. ACM, New York, NY, USA, CCS \u201913, pp. 611\u2013622.","DOI":"10.1145\/2508859.2516689"},{"key":"10328_CR45","doi-asserted-by":"crossref","unstructured":"Zhauniarovich, Y., Ahmad, M., Gadyatskaya, O., et al. (2015). Stadyna: Addressing the problem of dynamic code updates in the security analysis of android applications. In Proc. of the 5th ACM conf. on data and application security and privacy. ACM, New York, NY, USA, pp. 37\u201348.","DOI":"10.1145\/2699026.2699105"},{"issue":"1","key":"10328_CR46","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1145\/1945023.1945039","volume":"45","author":"DY Zhu","year":"2011","unstructured":"Zhu, D.Y., Jung, J., Song, D., et al. (2011). Tainteraser: Protecting sensitive data leaks using application-level taint tracking. SIGOPS Operating Systems Review, 45(1), 142\u2013154.","journal-title":"SIGOPS Operating Systems Review"},{"key":"10328_CR47","doi-asserted-by":"crossref","unstructured":"Zungur, O., Suarez-Tangil, G., Stringhini, G., et al. (2019). Borderpatrol: Securing byod using fine-grained contextual information. In 2019 49th Annual IEEE\/IFIP Int, Conf. on dependable systems and networks (DSN)\u00a0(pp. 460\u2013472).","DOI":"10.1109\/DSN.2019.00054"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-022-10328-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-022-10328-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-022-10328-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T11:43:14Z","timestamp":1665488594000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-022-10328-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,11]]},"references-count":47,"alternative-id":["10328"],"URL":"https:\/\/doi.org\/10.1007\/s10796-022-10328-8","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"type":"print","value":"1387-3326"},{"type":"electronic","value":"1572-9419"}],"subject":[],"published":{"date-parts":[[2022,10,11]]},"assertion":[{"value":"12 August 2022","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 October 2022","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All authors declare that they have no conflicts of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interests"}}]}}