{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T07:26:47Z","timestamp":1763018807880,"version":"3.43.0"},"reference-count":38,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"9","license":[{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,9,1]],"date-time":"2025-09-01T00:00:00Z","timestamp":1756684800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2023YFB3106400","2023QY1202"],"award-info":[{"award-number":["2023YFB3106400","2023QY1202"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836210"],"award-info":[{"award-number":["U1836210"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key Research and Development Science and Technology of Hainan Province","award":["GHYF2022010"],"award-info":[{"award-number":["GHYF2022010"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. on Mobile Comput."],"published-print":{"date-parts":[[2025,9]]},"DOI":"10.1109\/tmc.2025.3550883","type":"journal-article","created":{"date-parts":[[2025,3,12]],"date-time":"2025-03-12T13:49:55Z","timestamp":1741787395000},"page":"7899-7913","source":"Crossref","is-referenced-by-count":4,"title":["Identifying Implementation Flaws of SMS OTP Authentication"],"prefix":"10.1109","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-3968-9906","authenticated-orcid":false,"given":"Jiayu","family":"Zhao","sequence":"first","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-3338-3972","authenticated-orcid":false,"given":"Fannv","family":"He","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7452-3934","authenticated-orcid":false,"given":"Yiyu","family":"Yang","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8306-7195","authenticated-orcid":false,"given":"Yuqing","family":"Zhang","sequence":"additional","affiliation":[{"name":"National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-014-1888-3"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359828"},{"key":"ref3","first-page":"61","article-title":"An empirical study of wireless carrier authentication for $\\lbrace${SIM$\\rbrace$} swaps","volume-title":"Proc. 16th Symp. Usable Privacy Secur.","author":"Lee"},{"article-title":"Watch as hackers hijack WhatsApp accounts via critical telecoms flaws","year":"2016","author":"Fox-Brewster","key":"ref4"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2013.134"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.62"},{"key":"ref7","first-page":"1037","article-title":"Peeking into your app without actually seeing it:$\\lbrace${UI$\\rbrace$} state inference and novel Android attacks","volume-title":"Proc. 23rd USENIX Secur. Symp.","author":"Chen"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2956035"},{"key":"ref9","first-page":"1","article-title":"On the insecurity of SMS one-time password messages against local attackers in modern mobile devices","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Lei"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00066"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"ref12","article-title":"Your app\u2019s account is not secure: Identifying implementation flaws of SMS OTP authentication","volume-title":"Mobisec 23","author":"Zhao","year":"2023"},{"year":"2024","key":"ref13","article-title":"Burpsuite"},{"article-title":"Fiddler","year":"2024","author":"Corporation","key":"ref14"},{"article-title":"Securing mobile banking on android with SSL certificate pinning","year":"2014","author":"Ku\u0161t","key":"ref15"},{"year":"2022","key":"ref16","article-title":"Uiautomator 2"},{"year":"2023","key":"ref17","article-title":"App gallery"},{"year":"2023","key":"ref18","article-title":"App store"},{"year":"2023","key":"ref19","article-title":"Tencent app centre"},{"key":"ref20","first-page":"1","article-title":"Maginot line: Assessing a new cross-app threat to PII-as-factor authentication in Chinese mobile apps","volume-title":"Proc. 2024 Netw. Distrib. System Secur. Symp.","author":"He"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134615"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00149"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453084"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818024"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991105"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00059"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3304840"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.9"},{"year":"2024","key":"ref29","article-title":"Watch as hackers hijack WhatsApp accounts via critical telecoms flaws"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CNS56114.2022.9947253"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS53848.2021.00014"},{"year":"2024","key":"ref32","article-title":"Sensitive information access permissions and API"},{"article-title":"Zeus-in-the-mobile facts and theories","year":"2011","author":"Maslennikov","key":"ref33"},{"year":"2012","key":"ref34","article-title":"The song remains the same: Man in the mobile attacks single out Android"},{"article-title":"Trojan:android\/crusewind","year":"2021","author":"Labs","key":"ref35"},{"year":"2024","key":"ref36","article-title":"Smsmanager"},{"year":"2024","key":"ref37","article-title":"Automatic SMS verification with the SMS retriever API"},{"year":"2024","key":"ref38","article-title":"One-tap SMS verification with the SMS user consent API"}],"container-title":["IEEE Transactions on Mobile Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/7755\/11116789\/10924738.pdf?arnumber=10924738","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,7]],"date-time":"2025-08-07T17:46:54Z","timestamp":1754588814000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10924738\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9]]},"references-count":38,"journal-issue":{"issue":"9"},"URL":"https:\/\/doi.org\/10.1109\/tmc.2025.3550883","relation":{},"ISSN":["1536-1233","1558-0660","2161-9875"],"issn-type":[{"type":"print","value":"1536-1233"},{"type":"electronic","value":"1558-0660"},{"type":"electronic","value":"2161-9875"}],"subject":[],"published":{"date-parts":[[2025,9]]}}}