{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T09:35:36Z","timestamp":1761989736258,"version":"3.37.3"},"reference-count":69,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"7","license":[{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,7,1]],"date-time":"2023-07-01T00:00:00Z","timestamp":1688169600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002203","92064008","61902148"],"award-info":[{"award-number":["62002203","92064008","61902148"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007129","name":"Natural Science Foundation of Shandong Province","doi-asserted-by":"publisher","award":["ZR2020MF055","ZR2021LZH007","ZR2020LZH002","ZR2020QF045"],"award-info":[{"award-number":["ZR2020MF055","ZR2021LZH007","ZR2020LZH002","ZR2020QF045"]}],"id":[{"id":"10.13039\/501100007129","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Beijing Nova Program of Science and Technology","award":["Z191100001119131"],"award-info":[{"award-number":["Z191100001119131"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2023,7]]},"DOI":"10.1109\/tse.2023.3275655","type":"journal-article","created":{"date-parts":[[2023,6,1]],"date-time":"2023-06-01T17:30:47Z","timestamp":1685640647000},"page":"3901-3921","source":"Crossref","is-referenced-by-count":8,"title":["Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem"],"prefix":"10.1109","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1119-4766","authenticated-orcid":false,"given":"Qinsheng","family":"Hou","sequence":"first","affiliation":[{"name":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0916-8806","authenticated-orcid":false,"given":"Wenrui","family":"Diao","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6990-2972","authenticated-orcid":false,"given":"Yanhao","family":"Wang","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1938-9506","authenticated-orcid":false,"given":"Chenglin","family":"Mao","sequence":"additional","affiliation":[{"name":"Ocean University of China, Qingdao, Shandong, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7445-9103","authenticated-orcid":false,"given":"Lingyun","family":"Ying","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0571-0893","authenticated-orcid":false,"given":"Song","family":"Liu","sequence":"additional","affiliation":[{"name":"Penn State University, State College, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6147-7119","authenticated-orcid":false,"given":"Xiaofeng","family":"Liu","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-4418-9308","authenticated-orcid":false,"given":"Yuanzhi","family":"Li","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3367-0951","authenticated-orcid":false,"given":"Shanqing","family":"Guo","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-1014-4776","authenticated-orcid":false,"given":"Meining","family":"Nie","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"year":"0","key":"ref13"},{"year":"0","key":"ref57"},{"year":"0","key":"ref12"},{"year":"0","key":"ref56"},{"year":"0","key":"ref15"},{"year":"0","key":"ref59"},{"year":"0","key":"ref14"},{"year":"0","key":"ref58"},{"year":"0","key":"ref53"},{"year":"0","key":"ref52"},{"article-title":"What is firmware? What does firmware do?","year":"2021","author":"neagu","key":"ref11"},{"year":"0","key":"ref55"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510072"},{"year":"0","key":"ref54"},{"key":"ref17","first-page":"1153","article-title":"Harvesting inconsistent security configurations in custom Android ROMs via differential analysis","author":"aafer","year":"2016","journal-title":"Proc 25th USENIX Secur Symp"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.33"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813648"},{"key":"ref18","first-page":"273","article-title":"ATtention spanned: Comprehensive vulnerability analysis of AT commands within the Android Ecosystem","author":"tian","year":"2018","journal-title":"Proc 27th USENIX Secur Symp"},{"year":"0","key":"ref51"},{"year":"0","key":"ref50"},{"year":"0","key":"ref46"},{"year":"0","key":"ref45"},{"year":"0","key":"ref48"},{"year":"2021","key":"ref47","article-title":"Smartphone market share"},{"key":"ref42","first-page":"1","article-title":"Securing the system: A deep dive into reversing Android pre-installed apps","author":"stone","year":"0","journal-title":"Proc Black Hat USA Secur Conf"},{"year":"0","key":"ref41"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"year":"0","key":"ref43"},{"year":"0","key":"ref49","article-title":"Treble"},{"key":"ref8","first-page":"3649","article-title":"An investigation of the Android kernel patch Ecosystem","author":"zhang","year":"2021","journal-title":"Proc 30th USENIX Secur Symp"},{"key":"ref7","first-page":"1","article-title":"Mind the gap: Uncovering the Android patch gap through binary-only patch level analysis","author":"nohl","year":"2018","journal-title":"Proc HITB Secur Conf"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00013"},{"year":"0","key":"ref4"},{"year":"0","key":"ref3"},{"key":"ref6","first-page":"2379","article-title":"FIRMSCOPE: Automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in Android firmware","author":"elsabagh","year":"2020","journal-title":"Proc 29th USENIX Secur Symp"},{"article-title":"Android security: Your phone's patch level says you’re up to date, but that may be a lie","year":"2018","author":"tung","key":"ref5"},{"year":"0","key":"ref40"},{"year":"0","key":"ref35"},{"year":"0","key":"ref34"},{"article-title":"Gmail Android app insecure network security configuration","year":"2018","author":"andr\u00e9","key":"ref37"},{"article-title":"A security analyst's guide to Android scoped storage","year":"2020","author":"ramirez","key":"ref36"},{"year":"0","key":"ref31"},{"year":"0","key":"ref30"},{"year":"0","key":"ref33"},{"year":"0","key":"ref32"},{"year":"0","key":"ref2"},{"article-title":"Android OEM patch rates have improved, with Nokia and Google leading the charge","year":"2020","author":"cimpanu","key":"ref1"},{"year":"0","key":"ref39"},{"year":"0","key":"ref38"},{"year":"0","key":"ref24"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3507657.3528555"},{"year":"0","key":"ref23"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/MDM.2017.56"},{"year":"0","key":"ref26"},{"year":"0","author":"hengeveld","key":"ref25"},{"article-title":"Hey Google, what exactly do your security patches tell us? A large-scale empirical study on Android patched vulnerabilities","year":"2019","author":"farhang","key":"ref69"},{"year":"0","key":"ref20"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00042"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00074"},{"year":"0","key":"ref22"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516728"},{"year":"0","author":"dumps","key":"ref21"},{"key":"ref65","article-title":"Systematic detection of capability leaks in stock Android smartphones","author":"grace","year":"2012","journal-title":"Proc 19th Annu Netw Distrib Syst Secur Symp"},{"year":"0","key":"ref28"},{"year":"0","key":"ref27"},{"year":"0","key":"ref29"},{"year":"0","key":"ref60"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590313"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/32\/10185148\/10141678.pdf?arnumber=10141678","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,8,7]],"date-time":"2023-08-07T18:05:40Z","timestamp":1691431540000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10141678\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7]]},"references-count":69,"journal-issue":{"issue":"7"},"URL":"https:\/\/doi.org\/10.1109\/tse.2023.3275655","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"type":"print","value":"0098-5589"},{"type":"electronic","value":"1939-3520"},{"type":"electronic","value":"2326-3881"}],"subject":[],"published":{"date-parts":[[2023,7]]}}}