{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:18:15Z","timestamp":1756383495344,"version":"3.44.0"},"reference-count":50,"publisher":"IEEE","license":[{"start":{"date-parts":[[2025,6,30]],"date-time":"2025-06-30T00:00:00Z","timestamp":1751241600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,6,30]],"date-time":"2025-06-30T00:00:00Z","timestamp":1751241600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,6,30]]},"DOI":"10.1109\/eurosp63326.2025.00034","type":"proceedings-article","created":{"date-parts":[[2025,8,26]],"date-time":"2025-08-26T19:04:11Z","timestamp":1756235051000},"page":"458-479","source":"Crossref","is-referenced-by-count":1,"title":["Attacking and Fixing the Android Protected Confirmation Protocol"],"prefix":"10.1109","author":[{"given":"Myrto","family":"Arapinis","sequence":"first","affiliation":[{"name":"The University of Edinburgh,Edinburgh,United Kingdom"}]},{"given":"Vincent","family":"Danos","sequence":"additional","affiliation":[{"name":"CNRS, Ecole Normale Supérieure,Paris,France"}]},{"given":"Ma\u00efwenn","family":"Racouchot","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security,Saarbrücken,Germany"}]},{"given":"David A. R.","family":"Robin","sequence":"additional","affiliation":[{"name":"Ecole Normale Supérieure,Paris,France"}]},{"given":"Thomas","family":"Zacharias","sequence":"additional","affiliation":[{"name":"University of Glasgow,Glasgow,United Kingdom"}]}],"member":"263","reference":[{"key":"ref1","article-title":"The State of Mobile Internet Connectivity Report 2023"},{"key":"ref2","article-title":"Mobile Operating System Market Share Worldwide"},{"key":"ref3","article-title":"Mobile Fact Sheet: Tech Adoption Trends"},{"key":"ref4","article-title":"Mobile payments with digital wallets -statistics & facts"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3448609"},{"author":"Platform","key":"ref6","article-title":"GlobalPlatform Device Technology. Trusted User Interface API. Version 1.0"},{"key":"ref7","article-title":"Android Protected Confirmation: Taking transaction security to the next level"},{"key":"ref8","article-title":"Android Keystore System"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/1506409.1506429"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3399742"},{"key":"ref11","article-title":"Meltdown: Reading kernel memory from user space","author":"Lipp","year":"2018","journal-title":"USENIX Security"},{"key":"ref12","article-title":"Android Protected Confirmation"},{"key":"ref13","article-title":"Android Protected Confirmation: Taking transaction security to the next level"},{"key":"ref14","article-title":"Unearthing the TrustedCore: A critical review on Huawei\u2019s trusted execution environment","author":"Busch","year":"2020","journal-title":"WOOT"},{"key":"ref15","article-title":"Trust dies in darkness: Shedding light on samsung\u2019s TrustZone keymaster design","author":"Shakevsky","year":"2022","journal-title":"USENIX Security"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99073-6_9"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354197"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407072"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301191"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23227"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3291047"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-84252-9_5"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179454"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179373"},{"author":"alliance","key":"ref25","article-title":"Enterprise Adoption Best Practices. Managing FIDO Credential Lifecycle for Enterprises"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00047"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49387-8_10"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/11681878_20"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32101-7_16"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-024-09493-7"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49896-5_25"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48000-7_37"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-15979-4_1"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03332-3_8"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32101-7_26"},{"key":"ref36","article-title":"Sources"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.2001.959888"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-15979-4_1"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44647-8_19"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.5555\/1496671.1496680"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23079"},{"article-title":"Additional material","year":"2025","author":"Arapinis","key":"ref42"},{"key":"ref43","article-title":"UBS, Google and BFH team up to advance mobile transaction security and convenience"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3558482.3581773"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"ref46","doi-asserted-by":"crossref","DOI":"10.1109\/EuroSP63326.2025.00034","article-title":"Attacking and Fixing the Android Protected Confirmation Protocol","author":"Arapinis","year":"2025"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/csfw.2004.1310743"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2004.1310743"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.18"},{"article-title":"Universally composable security: A new paradigm for cryptographic protocols","year":"2005","author":"Canetti","key":"ref50"}],"event":{"name":"2025 IEEE 10th European Symposium on Security and Privacy (EuroS&P)","start":{"date-parts":[[2025,6,30]]},"location":"Venice, Italy","end":{"date-parts":[[2025,7,4]]}},"container-title":["2025 IEEE 10th European Symposium on Security and Privacy (EuroS&P)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/11129252\/11129260\/11129361.pdf?arnumber=11129361","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,27]],"date-time":"2025-08-27T04:53:40Z","timestamp":1756270420000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11129361\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,30]]},"references-count":50,"URL":"https:\/\/doi.org\/10.1109\/eurosp63326.2025.00034","relation":{},"subject":[],"published":{"date-parts":[[2025,6,30]]}}}