{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:27:27Z","timestamp":1763663247884,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":43,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,3]],"date-time":"2014-11-03T00:00:00Z","timestamp":1414972800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,3]]},"DOI":"10.1145\/2660267.2660323","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"892-903","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":97,"title":["OAuth Demystified for Mobile Application Developers"],"prefix":"10.1145","author":[{"given":"Eric Y.","family":"Chen","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, Mountain View, CA, USA"}]},{"given":"Yutong","family":"Pei","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Shuo","family":"Chen","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]},{"given":"Yuan","family":"Tian","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Mountain View, CA, USA"}]},{"given":"Robert","family":"Kotcher","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Patrick","family":"Tague","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Mountain View, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Apple Inc. Advanced app tracks. https:\/\/developer.apple.com\/library\/ios\/documentation\/iPhone\/Conceptual\/iPhoneOSProgrammingGuide\/AdvancedAppTricks\/AdvancedAppTricks.html.  Apple Inc. Advanced app tracks. https:\/\/developer.apple.com\/library\/ios\/documentation\/iPhone\/Conceptual\/iPhoneOSProgrammingGuide\/AdvancedAppTricks\/AdvancedAppTricks.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Apple Inc. Implementing custom url schemes. https:\/\/developer.apple.com\/library\/ios\/documentation\/iPhone\/Conceptual\/iPhoneOSProgrammingGuide\/AdvancedAppTricks\/AdvancedAppTricks.html#\/\/apple_ref\/doc\/uid\/TP40007072-CH7-SW50.  Apple Inc. Implementing custom url schemes. https:\/\/developer.apple.com\/library\/ios\/documentation\/iPhone\/Conceptual\/iPhoneOSProgrammingGuide\/AdvancedAppTricks\/AdvancedAppTricks.html#\/\/apple_ref\/doc\/uid\/TP40007072-CH7-SW50."},{"key":"e_1_3_2_1_3_1","unstructured":"Apple Inc. Uiwebview class reference. https:\/\/developer.apple.com\/library\/ios\/documentation\/uikit\/reference\/UIWebView_Class\/Reference\/Reference.html.  Apple Inc. Uiwebview class reference. https:\/\/developer.apple.com\/library\/ios\/documentation\/uikit\/reference\/UIWebView_Class\/Reference\/Reference.html."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456396.1456397"},{"volume-title":"NDSS. The Internet Society","year":"2013","author":"Bai G.","key":"e_1_3_2_1_5_1"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1516046.1516066"},{"key":"e_1_3_2_1_7_1","unstructured":"J. Bradley. The problem with oauth for authentication. http:\/\/www.thread-safe.com\/2012\/01\/problem-with-oauth-for-authentication.html.  J. Bradley. The problem with oauth for authentication. http:\/\/www.thread-safe.com\/2012\/01\/problem-with-oauth-for-authentication.html."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720278"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/1949317.1949356"},{"key":"e_1_3_2_1_11_1","first-page":"23","volume-title":"Proceedings of the 20th USENIX Conference on Security, SEC'11","author":"Dietz M.","year":"2011"},{"volume-title":"USENIX Security Symposium. USENIX Association","year":"2011","author":"Felt A. P.","key":"e_1_3_2_1_12_1"},{"key":"e_1_3_2_1_13_1","unstructured":"B. Fitzpatrick and D. Recordon. Openid authentication 1.1. http:\/\/openid.net\/specs\/openid-authentication-1_1.html.  B. Fitzpatrick and D. Recordon. Openid authentication 1.1. http:\/\/openid.net\/specs\/openid-authentication-1_1.html."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_15_1","unstructured":"N. Goldshlager. How i hacked any facebook account...again! http:\/\/www.breaksec.com\/?p=5753.  N. Goldshlager. How i hacked any facebook account...again! http:\/\/www.breaksec.com\/?p=5753."},{"key":"e_1_3_2_1_16_1","unstructured":"N. Goldshlager. How i hacked facebook oauth to get full permission on any facebook account (without app \"allow\" interaction). http:\/\/www.breaksec.com\/?p=5734.  N. Goldshlager. How i hacked facebook oauth to get full permission on any facebook account (without app \"allow\" interaction). http:\/\/www.breaksec.com\/?p=5734."},{"key":"e_1_3_2_1_17_1","unstructured":"Google Inc. Intent. http:\/\/developer.android.com\/reference\/android\/content\/Intent.html.  Google Inc. Intent. http:\/\/developer.android.com\/reference\/android\/content\/Intent.html."},{"key":"e_1_3_2_1_18_1","unstructured":"Google Inc. Intents and intent filter. http:\/\/developer.android.com\/guide\/components\/intents-filters.html.  Google Inc. Intents and intent filter. http:\/\/developer.android.com\/guide\/components\/intents-filters.html."},{"key":"e_1_3_2_1_19_1","unstructured":"Google Inc. Webview. http:\/\/developer.android.com\/reference\/android\/webkit\/WebView.html.  Google Inc. Webview. http:\/\/developer.android.com\/reference\/android\/webkit\/WebView.html."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"volume-title":"NDSS. The Internet Society","year":"2012","author":"Grace M. C.","key":"e_1_3_2_1_21_1"},{"key":"e_1_3_2_1_22_1","unstructured":"E. Hammer-Lahav. Oauth 2.0 and the road to hell. http:\/\/hueniverse.com\/2012\/07\/26\/oauth-2-0-and-the-road-to-hell\/.  E. Hammer-Lahav. Oauth 2.0 and the road to hell. http:\/\/hueniverse.com\/2012\/07\/26\/oauth-2-0-and-the-road-to-hell\/."},{"key":"e_1_3_2_1_23_1","unstructured":"E. Hammer-Lahav. Oauth security advisory: 2009.1. http:\/\/oauth.net\/advisories\/2009--1\/.  E. Hammer-Lahav. Oauth security advisory: 2009.1. http:\/\/oauth.net\/advisories\/2009--1\/."},{"key":"e_1_3_2_1_24_1","unstructured":"E. Homakov. How we hacked facebook with oauth2 and chrome bugs. http:\/\/homakov.blogspot.ca\/2013\/02\/hacking-facebook-with-oauth2-and-chrome.html.  E. Homakov. How we hacked facebook with oauth2 and chrome bugs. http:\/\/homakov.blogspot.ca\/2013\/02\/hacking-facebook-with-oauth2-and-chrome.html."},{"key":"e_1_3_2_1_25_1","unstructured":"E. Homakov. Oauth1 oauth2 oauth...? http:\/\/homakov.blogspot.ca\/2013\/03\/oauth1-oauth2-oauth.html.  E. Homakov. Oauth1 oauth2 oauth...? http:\/\/homakov.blogspot.ca\/2013\/03\/oauth1-oauth2-oauth.html."},{"key":"e_1_3_2_1_26_1","unstructured":"Internet Engineering Task Force (IETF). The oauth 1.0 protocol. http:\/\/tools.ietf.org\/html\/rfc5849.  Internet Engineering Task Force (IETF). The oauth 1.0 protocol. http:\/\/tools.ietf.org\/html\/rfc5849."},{"key":"e_1_3_2_1_27_1","unstructured":"Internet Engineering Task Force (IETF). The oauth 2.0 authorization framework. http:\/\/tools.ietf.org\/html\/rfc6749.  Internet Engineering Task Force (IETF). The oauth 2.0 authorization framework. http:\/\/tools.ietf.org\/html\/rfc6749."},{"key":"e_1_3_2_1_28_1","unstructured":"Internet Engineering Task Force (IETF). The oauth 2.0 authorization framework: Bearer token usage. http:\/\/tools.ietf.org\/html\/rfc6750.  Internet Engineering Task Force (IETF). The oauth 2.0 authorization framework: Bearer token usage. http:\/\/tools.ietf.org\/html\/rfc6750."},{"key":"e_1_3_2_1_29_1","unstructured":"Internet Engineering Task Force (IETF). Oauth core 1.0 revision a. http:\/\/oauth.net\/core\/1.0a\/.  Internet Engineering Task Force (IETF). Oauth core 1.0 revision a. http:\/\/oauth.net\/core\/1.0a\/."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414498"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MobServ.2014.15"},{"key":"e_1_3_2_1_34_1","first-page":"28","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium, Security'12","author":"Shekhar S.","year":"2012"},{"key":"e_1_3_2_1_35_1","first-page":"21","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium, Security'12","author":"Somorovsky J.","year":"2012"},{"volume-title":"IEEE Mobile Security Technologies (MoST)","year":"2012","author":"Stevens R.","key":"e_1_3_2_1_36_1"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382238"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.02.005"},{"key":"e_1_3_2_1_39_1","unstructured":"Tencent Holdings Limited. Tencent announces 2012 fourth quarter and annual results. http:\/\/www.prnewswire.com\/news-releases\/tencent-announces-2012-fourth-quarter-and-annual-results-199130711.html.  Tencent Holdings Limited. Tencent announces 2012 fourth quarter and annual results. http:\/\/www.prnewswire.com\/news-releases\/tencent-announces-2012-fourth-quarter-and-annual-results-199130711.html."},{"key":"e_1_3_2_1_40_1","unstructured":"Tencent Holdings Limited. Tencent announces 2013 first quarter results. http:\/\/www.prnewswire.com\/news-releases\/tencent-announces-2013-first-quarter-results-207507531.html.  Tencent Holdings Limited. Tencent announces 2013 first quarter results. http:\/\/www.prnewswire.com\/news-releases\/tencent-announces-2013-first-quarter-results-207507531.html."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.30"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516727"},{"key":"e_1_3_2_1_43_1","first-page":"399","volume-title":"Proceedings of the 22Nd USENIX Conference on Security, SEC'13","author":"Wang R.","year":"2013"}],"event":{"name":"CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Scottsdale Arizona USA","acronym":"CCS'14"},"container-title":["Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660323","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660267.2660323","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:56:10Z","timestamp":1750229770000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660323"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,3]]},"references-count":43,"alternative-id":["10.1145\/2660267.2660323","10.1145\/2660267"],"URL":"https:\/\/doi.org\/10.1145\/2660267.2660323","relation":{},"subject":[],"published":{"date-parts":[[2014,11,3]]},"assertion":[{"value":"2014-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}