{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T08:32:19Z","timestamp":1765960339825,"version":"3.37.3"},"reference-count":50,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100018549","name":"Bonn-Rhein-Sieg University of Applied Sciences","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100018549","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2024]]},"DOI":"10.1109\/access.2024.3439095","type":"journal-article","created":{"date-parts":[[2024,8,5]],"date-time":"2024-08-05T17:57:27Z","timestamp":1722880647000},"page":"112499-112516","source":"Crossref","is-referenced-by-count":5,"title":["\u201cYou Received $100,000 From Johnny\u201d: A Mixed-Methods Study on Push Notification Security and Privacy in Android Apps"],"prefix":"10.1109","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-1304-5496","authenticated-orcid":false,"given":"Thomas","family":"Neteler","sequence":"first","affiliation":[{"name":"Department of Computer Science, H-BRS University of Applied Sciences, Sankt Augustin, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5644-3316","authenticated-orcid":false,"given":"Sascha","family":"Fahl","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Hannover, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7863-0622","authenticated-orcid":false,"given":"Luigi","family":"Lo Iacono","sequence":"additional","affiliation":[{"name":"Department of Computer Science, H-BRS University of Applied Sciences, Sankt Augustin, Germany"}]}],"member":"263","reference":[{"journal-title":"FCM Architectural Overview | Firebase Cloud Messaging","year":"2024","key":"ref1"},{"key":"ref2","first-page":"28","article-title":"Devils in your apps: Vulnerabilities and user privacy exposure in mobile notification systems","volume-title":"Proc. 53rd Annu. IEEE\/IFIP Int. Conf. Dependable Syst. Netw.","author":"Lou"},{"journal-title":"Wyden Letter To Department of Justice Regarding Smartphone Push Notification Surveillance","year":"2023","author":"Wyden","key":"ref3"},{"journal-title":"Police Can SPY on Your IOS and Android Push Notifications","year":"2023","author":"Couts","key":"ref4"},{"journal-title":"Surveillance Through Push Notifications","year":"2024","author":"Schneier","key":"ref5"},{"journal-title":"Push Notifications and Data Privacy","year":"2023","key":"ref6"},{"journal-title":"Thousands of Mobile Apps Leak Sensitive Data Via Misconfigured Firebase Backends","year":"2018","author":"Jinishian","key":"ref7"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3447526.3472065"},{"journal-title":"Push Messages Isn\u2019t Secure Enough","year":"2014","author":"Backman","key":"ref9"},{"journal-title":"Project Capillary: End-toend Encryption for Push Messaging, Simplified","year":"2018","author":"Hogben","key":"ref10"},{"issue":"5","key":"ref11","doi-asserted-by":"crossref","first-page":"1184","DOI":"10.1109\/TMC.2019.2903186","article-title":"Privacy risk analysis and mitigation of analytics libraries in the Android ecosystem","volume":"19","author":"Liu","year":"2020","journal-title":"IEEE Trans. Mobile Comput."},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-59608-2_36"},{"key":"ref13","first-page":"577","article-title":"MobiLogLeak: A preliminary study on data leakage caused by poor logging practices","volume-title":"Proc. IEEE 27th Int. Conf. Softw. Anal., Evol. Reengineering (SANER)","author":"Zhou"},{"key":"ref14","first-page":"1","article-title":"Free for all! Assessing user data exposure to advertising libraries on Android","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Demetriou"},{"key":"ref15","first-page":"1","article-title":"The price of free: Privacy leakage in personalized mobile in-app ads","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Meng"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23091"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/s12652-021-03316-4"},{"key":"ref18","first-page":"603","article-title":"50 ways to leak your data: An exploration of apps\u2019 circumvention of the Android permissions system","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Reardon"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2018.8621866"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660302"},{"key":"ref21","first-page":"121","article-title":"Assessing the effectiveness of the shared responsibility model for cloud databases: The case of Google\u2019s firebase","volume-title":"Proc. IEEE Int. Conf. Smart Data Services (SMDS)","author":"Demissie"},{"key":"ref22","first-page":"1296","article-title":"Why does your data leak? Uncovering the data leakage in cloud from mobile apps","volume-title":"Proc. IEEE Symp. Secur. Privacy (SP)","author":"Zuo"},{"key":"ref23","first-page":"66","article-title":"DaPanda: Detecting aggressive push notifications in Android apps","volume-title":"Proc. 34th IEEE\/ACM Int. Conf. Automated Softw. Eng. (ASE)","author":"Liu"},{"key":"ref24","first-page":"1","article-title":"Abusing notification services on smartphones for phishing and spamming","volume-title":"Proc. 6th USENIX Workshop Offensive Technol.","author":"Xu"},{"key":"ref25","first-page":"1","article-title":"Push away your privacy: Precise user tracking based on TLS client certificate authentication","volume-title":"Proc. Netw. Traffic Meas. Anal. Conf. (TMA)","author":"Wachs"},{"issue":"2","key":"ref26","doi-asserted-by":"crossref","first-page":"13","DOI":"10.3390\/fi10020013","article-title":"Push attack: Binding virtual and real identities using mobile push notifications","volume":"10","author":"Loreti","year":"2018","journal-title":"Future Internet"},{"key":"ref27","first-page":"76","article-title":"The cost of push notifications for smartphones using tor hidden services","volume-title":"Proc. IEEE Eur. Symp. Secur. Privacy Workshops","author":"Kollmann"},{"key":"ref28","first-page":"1","article-title":"Privacy leak identification in third-party Android libraries","volume-title":"Proc. 7th Int. Conf. Mobile Secure Services","author":"Schindler"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813652"},{"key":"ref30","first-page":"221","article-title":"Why can\u2019t Johnny fix vulnerabilities: A usability evaluation of static analysis tools for security","volume-title":"Proc. 16th Symp. Usable Privacy Secur.","author":"Smith"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623122"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3046055.3046059"},{"key":"ref34","first-page":"401","article-title":"In encryption we don\u2019t trust: The effect of end-to-end encryption to the masses on user perception","volume-title":"Proc. IEEE Eur. Symp. Secur. Privacy","author":"Dechand"},{"key":"ref35","first-page":"1","article-title":"Exploring user mental models of end-to-end encrypted communication tools","volume-title":"Proc. 8th USENIX Workshop Free Open Commun. Internet","author":"Abu-Salma"},{"key":"ref36","first-page":"860","article-title":"27 years and 81 million opportunities later: Investigating the use of email encryption for an entire university","volume-title":"Proc. IEEE Symp. Secur. Privacy (SP)","author":"Stransky"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"ref38","first-page":"239","article-title":"To pin or not to pin\u2014Helping app developers bullet proof their TLS connections","volume-title":"Proc. 24th USENIX Secur. Symp.","author":"Oltrogge"},{"key":"ref39","first-page":"129","article-title":"A survey on developer-centred security","volume-title":"Proc. IEEE Eur. Symp. Secur. Privacy Workshops","author":"Tahaei"},{"key":"ref40","first-page":"893","article-title":"How does usable security (Not) end up in software products? Results from a qualitative interview study","volume-title":"Proc. IEEE Symp. Secur. Privacy (SP)","author":"Gutfleisch"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300519"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"journal-title":"Firebase Cloud Messaging","year":"2024","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01701-9_10"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00296-0_5"},{"journal-title":"Mitmproxy: A Free and Open Source Interactive HTTPS Proxy","year":"2010","author":"Cortesi","key":"ref46"},{"journal-title":"FCM Ports and Your Firewall | About FCM Messages | Firebase Cloud Messaging","year":"2023","key":"ref47"},{"key":"ref48","doi-asserted-by":"crossref","first-page":"132","DOI":"10.17487\/RFC9420","volume-title":"The Messaging Layer Security (MLS) Protocol","author":"Barnes","year":"2023"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3627106.3627186"},{"key":"ref50","doi-asserted-by":"crossref","DOI":"10.17487\/RFC8291","volume-title":"Message Encryption for Web Push","author":"Thomson","year":"2017"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10380310\/10623442.pdf?arnumber=10623442","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,1]],"date-time":"2024-09-01T04:08:51Z","timestamp":1725163731000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10623442\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":50,"URL":"https:\/\/doi.org\/10.1109\/access.2024.3439095","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2024]]}}}