{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T04:03:49Z","timestamp":1775016229701,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Center for IT-Security, Privacy and Accountability","award":["16KIS0345, 16KIS0656"],"award-info":[{"award-number":["16KIS0345, 16KIS0656"]}]},{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["16KIS0377K"],"award-info":[{"award-number":["16KIS0377K"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978333","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"356-367","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":239,"title":["Reliable Third-Party Library Detection in Android and its Security Applications"],"prefix":"10.1145","author":[{"given":"Michael","family":"Backes","sequence":"first","affiliation":[{"name":"CISPA, Saarland University &amp; MPI-SWS, Saarbr\u00fccken, Germany"}]},{"given":"Sven","family":"Bugiel","sequence":"additional","affiliation":[{"name":"CISPA, Saarland University, Saarbr\u00fccken, Germany"}]},{"given":"Erik","family":"Derr","sequence":"additional","affiliation":[{"name":"CISPA, Saarland University, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"http:\/\/wala.sf.net","author":"Watson T.J.","year":"2006","unstructured":"T.J. Watson Libraries for Analysis (WALA). http:\/\/wala.sf.net , 2006 . T.J. Watson Libraries for Analysis (WALA). http:\/\/wala.sf.net, 2006."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897927"},{"key":"e_1_3_2_1_4_1","volume-title":"MoST'13","author":"Book T.","year":"2013","unstructured":"T. Book , A. Pridgen , and D. S. Wallach . Longitudinal analysis of android ad library permissions . In MoST'13 . IEEE , 2013 . T. Book, A. Pridgen, and D. S. Wallach. Longitudinal analysis of android ad library permissions. In MoST'13. IEEE, 2013."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_3"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_11"},{"key":"e_1_3_2_1_8_1","unstructured":"Dropbox Blog. Security bug resolved in the dropbox sdks for android. https:\/\/blogs.dropbox.com\/developers\/2015\/03\/security-bug-resolved-in-the-dropbox-sdks-for-android. Last visited: 04\/27\/16.  Dropbox Blog. Security bug resolved in the dropbox sdks for android. https:\/\/blogs.dropbox.com\/developers\/2015\/03\/security-bug-resolved-in-the-dropbox-sdks-for-android. Last visited: 04\/27\/16."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX","author":"Enck W.","year":"2011","unstructured":"W. Enck , D. Octeau , P. McDaniel , and C. Swarat . A study of android application security. In USENIX Security'11 . USENIX , 2011 . W. Enck, D. Octeau, P. McDaniel, and C. Swarat. A study of android application security. In USENIX Security'11. USENIX, 2011."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"key":"e_1_3_2_1_15_1","unstructured":"GuardSquare. Dexguard android obfuscator. https:\/\/www.guardsquare.com\/dexguard.  GuardSquare. Dexguard android obfuscator. https:\/\/www.guardsquare.com\/dexguard."},{"key":"e_1_3_2_1_16_1","unstructured":"GuardSquare. Proguard java obfuscator. http:\/\/proguard.sourceforge.net.  GuardSquare. Proguard java obfuscator. http:\/\/proguard.sourceforge.net."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_4"},{"key":"e_1_3_2_1_18_1","unstructured":"Licel Corporation. Dexprotector android obfuscator. https:\/\/dexprotector.com.  Licel Corporation. Dexprotector android obfuscator. https:\/\/dexprotector.com."},{"key":"e_1_3_2_1_19_1","unstructured":"Licel Corporation. Stringer java obfuscator. https:\/\/jfxstore.com\/stringer.  Licel Corporation. Stringer java obfuscator. https:\/\/jfxstore.com\/stringer."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2742647.2742668"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889178"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/646752.704751"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSNIP.2014.6827639"},{"key":"e_1_3_2_1_25_1","volume-title":"USENIX","author":"Oltrogge M.","year":"2015","unstructured":"M. Oltrogge , Y. Acar , S. Dechand , M. Smith , and S. Fahl . To pin or not to pin app developers bullet proof their tls connections. In USENIX Security'15 . USENIX , 2015 . M. Oltrogge, Y. Acar, S. Dechand, M. Smith, and S. Fahl. To pin or not to pin app developers bullet proof their tls connections. In USENIX Security'15. USENIX, 2015."},{"key":"e_1_3_2_1_26_1","unstructured":"Parse Blog. Discovering a major security hole in facebook's android sdk. http:\/\/blog.parse.com\/learn\/engineering\/discovering-a-major-security-hole-in-facebooks-android-sdk. Last visited: 04\/27\/16.  Parse Blog. Discovering a major security hole in facebook's android sdk. http:\/\/blog.parse.com\/learn\/engineering\/discovering-a-major-security-hole-in-facebooks-android-sdk. Last visited: 04\/27\/16."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414498"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23328"},{"key":"e_1_3_2_1_29_1","unstructured":"PreEmptive Solutions. Dasho java obfuscator. http:\/\/www.preemptive.com\/products\/dasho.  PreEmptive Solutions. Dasho java obfuscator. http:\/\/www.preemptive.com\/products\/dasho."},{"key":"e_1_3_2_1_30_1","volume-title":"FlexDroid: Enforcing In-App Privilege Separation in Android. In NDSS'16","author":"Seo J.","year":"2016","unstructured":"J. Seo , D. Kim , D. Cho , T. Kim , and I. Shin . FlexDroid: Enforcing In-App Privilege Separation in Android. In NDSS'16 , 2016 . J. Seo, D. Kim, D. Cho, T. Kim, and I. Shin. FlexDroid: Enforcing In-App Privilege Separation in Android. In NDSS'16, 2016."},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX","author":"Shekhar S.","year":"2012","unstructured":"S. Shekhar , M. Dietz , and D. S. Wallach . Adsplit: Separating smartphone advertising from applications. In USENIX Security'12 . USENIX , 2012 . S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: Separating smartphone advertising from applications. In USENIX Security'12. USENIX, 2012."},{"key":"e_1_3_2_1_32_1","unstructured":"Smardec Inc. Allatori java obfuscator. http:\/\/www.atori.com.  Smardec Inc. Allatori java obfuscator. http:\/\/www.atori.com."},{"key":"e_1_3_2_1_33_1","volume-title":"NDSS'16","author":"Son S.","year":"2015","unstructured":"S. Son , G. Daehyeok , K. Kaist , and V. Shmatikov . What mobile ads know about mobile users . In NDSS'16 , 2015 . S. Son, G. Daehyeok, K. Kaist, and V. Shmatikov. What mobile ads know about mobile users. In NDSS'16, 2015."},{"key":"e_1_3_2_1_34_1","volume-title":"MoST'12","author":"Stevens R.","year":"2012","unstructured":"R. Stevens , C. Gibler , J. Crussell , J. Erickson , and H. Chen . Investigating user privacy in android ad libraries . In MoST'12 . IEEE , 2012 . R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen. Investigating user privacy in android ad libraries. In MoST'12. IEEE, 2012."},{"key":"e_1_3_2_1_35_1","unstructured":"The Hacker News. Backdoor in baidu android sdk puts 100 million devices at risk. http:\/\/thehackernews.com\/2015\/11\/android-malware-backdoor.html. Last visited: 04\/27\/16.  The Hacker News. Backdoor in baidu android sdk puts 100 million devices at risk. http:\/\/thehackernews.com\/2015\/11\/android-malware-backdoor.html. Last visited: 04\/27\/16."},{"key":"e_1_3_2_1_36_1","unstructured":"The Hacker News. Facebook sdk vulnerability puts millions of smartphone users' accounts at risk. http:\/\/thehackernews.com\/2014\/07\/facebook-sdk-vulnerability-puts.html. Last visited: 04\/27\/16.  The Hacker News. Facebook sdk vulnerability puts millions of smartphone users' accounts at risk. http:\/\/thehackernews.com\/2014\/07\/facebook-sdk-vulnerability-puts.html. Last visited: 04\/27\/16."},{"key":"e_1_3_2_1_37_1","unstructured":"The Hacker News. Warning: 18 000 android apps contains code that spy on your text messages. http:\/\/thehackernews.com\/2015\/10\/android-apps-steal-sms.html. Last visited: 04\/27\/16.  The Hacker News. Warning: 18 000 android apps contains code that spy on your text messages. http:\/\/thehackernews.com\/2015\/10\/android-apps-steal-sms.html. Last visited: 04\/27\/16."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2591971.2592003"},{"key":"e_1_3_2_1_39_1","unstructured":"Vungle Support. Security vulnerability in android sdks prior to 3.3.0. https:\/\/support.vungle.com\/hc\/en-us\/articles\/205142650-Security-Vulnerability-in-Android-SDKs-prior-to-3--3-0. Last visited: 05\/02\/2016.  Vungle Support. Security vulnerability in android sdks prior to 3.3.0. https:\/\/support.vungle.com\/hc\/en-us\/articles\/205142650-Security-Vulnerability-in-Android-SDKs-prior-to-3--3-0. Last visited: 05\/02\/2016."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771795"},{"key":"e_1_3_2_1_41_1","volume-title":"USENIX","author":"Wang R.","year":"2013","unstructured":"R. Wang , Y. Zhou , S. Chen , S. Qadeer , D. Evans , and Y. Gurevich . Explicating sdks: Uncovering assumptions underlying secure authentication and authorization. In USENIX Security'13 . USENIX , 2013 . R. Wang, Y. Zhou, S. Chen, S. Qadeer, D. Evans, and Y. Gurevich. Explicating sdks: Uncovering assumptions underlying secure authentication and authorization. In USENIX Security'13. USENIX, 2013."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660357"},{"key":"e_1_3_2_1_43_1","volume-title":"USENIX","author":"Wijesekera P.","year":"2015","unstructured":"P. Wijesekera , A. Baokar , A. Hosseini , S. Egelman , D. Wagner , and K. Beznosov . Android permissions remystified: A field study on contextual integrity. In USENIX Security'15 . USENIX , 2015 . P. Wijesekera, A. Baokar, A. Hosseini, S. Egelman, D. Wagner, and K. Beznosov. Android permissions remystified: A field study on contextual integrity. In USENIX Security'15. USENIX, 2015."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590314"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCSE.2012.26"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2407696.2407706"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557558"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978333","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978333","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:56:17Z","timestamp":1750222577000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978333"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":48,"alternative-id":["10.1145\/2976749.2978333","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978333","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}