{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T09:35:42Z","timestamp":1769765742882,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,7,10]],"date-time":"2017-07-10T00:00:00Z","timestamp":1499644800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["FA8750-15-2-0084"],"award-info":[{"award-number":["FA8750-15-2-0084"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,7,10]]},"DOI":"10.1145\/3092703.3092708","type":"proceedings-article","created":{"date-parts":[[2017,7,11]],"date-time":"2017-07-11T20:17:18Z","timestamp":1499804238000},"page":"147-157","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Semi-automated discovery of server-based information oversharing vulnerabilities in Android applications"],"prefix":"10.1145","author":[{"given":"William","family":"Koch","sequence":"first","affiliation":[{"name":"Boston University, USA"}]},{"given":"Abdelberi","family":"Chaabane","sequence":"additional","affiliation":[{"name":"Northeastern University, USA"}]},{"given":"Manuel","family":"Egele","sequence":"additional","affiliation":[{"name":"Boston University, USA"}]},{"given":"William","family":"Robertson","sequence":"additional","affiliation":[{"name":"Northeastern University, USA"}]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[{"name":"Northeastern University, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Androguard Team. 2015. Androguard. https:\/\/github.com\/androguard\/ androguard. (2015).  Androguard Team. 2015. Androguard. https:\/\/github.com\/androguard\/ androguard. (2015)."},{"key":"e_1_3_2_1_2_1","unstructured":"AppBrain. 2015. AppBrain Stats. http:\/\/www.appbrain.com\/stats\/libraries\/dev. (2015).  AppBrain. 2015. AppBrain Stats. http:\/\/www.appbrain.com\/stats\/libraries\/dev. (2015)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2184489.2184500"},{"key":"e_1_3_2_1_7_1","volume-title":"Presented as part of the 22nd USENIX Security Symposium.","author":"Bugiel Sven","unstructured":"Sven Bugiel , Stephen Heuser , and Ahmad-Reza Sadeghi . 2013. Flexible and Finegrained Mandatory Access Control on Android for Diverse Security and Privacy Policies . In Presented as part of the 22nd USENIX Security Symposium. Sven Bugiel, Stephen Heuser, and Ahmad-Reza Sadeghi. 2013. Flexible and Finegrained Mandatory Access Control on Android for Diverse Security and Privacy Policies. In Presented as part of the 22nd USENIX Security Symposium."},{"key":"e_1_3_2_1_8_1","unstructured":"Charlie Hubbard. 2015. FLEXJSON. http:\/\/flexjson.sourceforge.net\/. (2015).  Charlie Hubbard. 2015. FLEXJSON. http:\/\/flexjson.sourceforge.net\/. (2015)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.20"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294265"},{"key":"e_1_3_2_1_11_1","first-page":"1","article-title":"SIF: Enforcing Confidentiality and Integrity in Web Applications. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (SS\u201907). USENIX Association, Berkeley","volume":"1","author":"Chong Stephen","year":"2007","unstructured":"Stephen Chong , K. Vikram , and Andrew C. Myers . 2007 . SIF: Enforcing Confidentiality and Integrity in Web Applications. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (SS\u201907). USENIX Association, Berkeley , CA, USA , 1 : 1 \u2013 1 :16. Stephen Chong, K. Vikram, and Andrew C. Myers. 2007. SIF: Enforcing Confidentiality and Integrity in Web Applications. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (SS\u201907). USENIX Association, Berkeley, CA, USA, 1:1\u20131:16.","journal-title":"CA, USA"},{"key":"e_1_3_2_1_12_1","volume-title":"Automated Test Input Generation for Android: Are We There Yet? CoRR","author":"Choudhary Shauvik Roy","year":"2015","unstructured":"Shauvik Roy Choudhary , Alessandra Gorla , and Alessandro Orso . 2015. Automated Test Input Generation for Android: Are We There Yet? CoRR ( 2015 ). Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated Test Input Generation for Android: Are We There Yet? CoRR (2015)."},{"key":"e_1_3_2_1_13_1","volume-title":"A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing 13, 18","author":"Dinh Hoang T","year":"2013","unstructured":"Hoang T Dinh , Chonho Lee , Dusit Niyato , and Ping Wang . 2013. A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing 13, 18 ( 2013 ), 1587\u20131611. Hoang T Dinh, Chonho Lee, Dusit Niyato, and Ping Wang. 2013. A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing 13, 18 (2013), 1587\u20131611."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_15_1","volume-title":"In 18th Annual Network and Distributed System Security Symposium (NDSS)","author":"Egele Manuel","year":"2011","unstructured":"Manuel Egele , Christopher Kruegel , Engin Kirda , and Giovanni Vigna . 2011 . In 18th Annual Network and Distributed System Security Symposium (NDSS) . San Diego, UNITED STATES. Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2011. In 18th Annual Network and Distributed System Security Symposium (NDSS). San Diego, UNITED STATES."},{"key":"e_1_3_2_1_16_1","unstructured":"William Enck Peter Gilbert Seungyeop Han Vasant Tendulkar Byung-Gon Chun Landon P Cox Jaeyeon Jung Patrick McDaniel and Anmol N Sheth. 2014.  William Enck Peter Gilbert Seungyeop Han Vasant Tendulkar Byung-Gon Chun Landon P Cox Jaeyeon Jung Patrick McDaniel and Anmol N Sheth. 2014."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653691"},{"key":"e_1_3_2_1_19_1","volume-title":"Espresso: Functional UI Testing Framework","year":"2015","unstructured":"Facebook. 2015 . Espresso: Functional UI Testing Framework . http:\/\/developer. android.com\/tools\/testing-support-library\/index.html#Espresso. (2015). Facebook. 2015. Espresso: Functional UI Testing Framework. http:\/\/developer. android.com\/tools\/testing-support-library\/index.html#Espresso. (2015)."},{"key":"e_1_3_2_1_20_1","unstructured":"FasterXML LLC. 2015. FasterXML LLC. https:\/\/github.com\/FasterXML. (2015).  FasterXML LLC. 2015. FasterXML LLC. https:\/\/github.com\/FasterXML. (2015)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462456.2464461"},{"key":"e_1_3_2_1_23_1","unstructured":"Google Inc. 2015. Gson Deserialization Library. https:\/\/sites.google.com\/site\/ gson\/. (2015).  Google Inc. 2015. Gson Deserialization Library. https:\/\/sites.google.com\/site\/ gson\/. (2015)."},{"key":"e_1_3_2_1_24_1","unstructured":"Google Inc. 2015. ProGuard. http:\/\/developer.android.com\/tools\/help\/proguard. html. (2015).  Google Inc. 2015. ProGuard. http:\/\/developer.android.com\/tools\/help\/proguard. html. (2015)."},{"key":"e_1_3_2_1_25_1","unstructured":"Google Inc. 2015. Protocol Buffers. https:\/\/developers.google.com\/ protocol-buffers\/. (2015).  Google Inc. 2015. Protocol Buffers. https:\/\/developers.google.com\/ protocol-buffers\/. (2015)."},{"key":"e_1_3_2_1_26_1","unstructured":"Google Inc. 2015. TelephonyManager Android Developers. http:\/\/developer. android.com\/reference\/android\/telephony\/TelephonyManager.html. (2015).  Google Inc. 2015. TelephonyManager Android Developers. http:\/\/developer. android.com\/reference\/android\/telephony\/TelephonyManager.html. (2015)."},{"key":"e_1_3_2_1_27_1","unstructured":"Google Inc. 2015. The Monkey UI android testing tool. http:\/\/developer.android. com\/tools\/help\/monkey.html. (2015).  Google Inc. 2015. The Monkey UI android testing tool. http:\/\/developer.android. com\/tools\/help\/monkey.html. (2015)."},{"key":"e_1_3_2_1_28_1","unstructured":"Google Inc. 2017. Proguard configuration for Gson. https:\/\/github.com\/google\/ gson\/blob\/master\/examples\/android-proguard-example\/proguard.cfg. (2017).  Google Inc. 2017. Proguard configuration for Gson. https:\/\/github.com\/google\/ gson\/blob\/master\/examples\/android-proguard-example\/proguard.cfg. (2017)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046780"},{"key":"e_1_3_2_1_32_1","unstructured":"Numaan Huq. 2015. Follow the Data: Dissecting Data Breaches and Debunking Myths. (2015).  Numaan Huq. 2015. Follow the Data: Dissecting Data Breaches and Debunking Myths. (2015)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2614628.2614633"},{"key":"e_1_3_2_1_34_1","unstructured":"William Koch Abdelberi Chaabane Manuel Egele William Robertson and Engin Kirda. 2017. FlowDroid Modifications for Hush. https:\/\/github.com\/ BUseclab\/soot-infoflow-android. (2017).  William Koch Abdelberi Chaabane Manuel Egele William Robertson and Engin Kirda. 2017. FlowDroid Modifications for Hush. https:\/\/github.com\/ BUseclab\/soot-infoflow-android. (2017)."},{"key":"e_1_3_2_1_35_1","unstructured":"William Koch Abdelberi Chaabane Manuel Egele William Robertson and Engin Kirda. 2017. Hush. https:\/\/github.com\/BUseclab\/hush. (2017).  William Koch Abdelberi Chaabane Manuel Egele William Robertson and Engin Kirda. 2017. Hush. https:\/\/github.com\/BUseclab\/hush. (2017)."},{"key":"e_1_3_2_1_36_1","unstructured":"P. Lantz. February 2011. Android Application Sandbox. http:\/\/code.google.com\/ p\/droidbox\/. (February 2011).  P. Lantz. February 2011. Android Application Sandbox. http:\/\/code.google.com\/ p\/droidbox\/. (February 2011)."},{"key":"e_1_3_2_1_37_1","unstructured":"Martina Lindorfer Matthias Neugschwandtner Lukas Weichselbaum Yanick Fratantonio Victor van der Veen and Christian Platzer. 2014.  Martina Lindorfer Matthias Neugschwandtner Lukas Weichselbaum Yanick Fratantonio Victor van der Veen and Christian Platzer. 2014."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2644805"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.360"},{"key":"e_1_3_2_1_41_1","unstructured":"Privacy Rights Clearinghouse. 2015. Chronology of Data Breaches. http:\/\/www. privacyrights.org\/data-breach. (2015).  Privacy Rights Clearinghouse. 2015. Chronology of Data Breaches. http:\/\/www. privacyrights.org\/data-breach. (2015)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"e_1_3_2_1_43_1","unstructured":"rovo89. 2015. Xposed Module Repository. http:\/\/repo.xposed.info\/. (2015).  rovo89. 2015. Xposed Module Repository. http:\/\/repo.xposed.info\/. (2015)."},{"key":"e_1_3_2_1_44_1","volume-title":"Agile project management with Scrum","author":"Schwaber Ken","unstructured":"Ken Schwaber . 2004. Agile project management with Scrum . Microsoft Press . Ken Schwaber. 2004. Agile project management with Scrum. Microsoft Press."},{"key":"e_1_3_2_1_45_1","volume-title":"Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, 19\u201330","author":"Sun Qixiang","year":"2002","unstructured":"Qixiang Sun , Daniel R Simon , Yi-Min Wang , Wilf Russell , Venkata N Padmanabhan , and Lili Qiu . 2002 . Statistical identification of encrypted web browsing traffic . In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, 19\u201330 . Qixiang Sun, Daniel R Simon, Yi-Min Wang, Wilf Russell, Venkata N Padmanabhan, and Lili Qiu. 2002. Statistical identification of encrypted web browsing traffic. In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, 19\u201330."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2591971.2592003"},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium.","author":"Yan Lok Kwong","year":"2012","unstructured":"Lok Kwong Yan and Heng Yin . 2012 . DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis . In Proceedings of the 21st USENIX Conference on Security Symposium. Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis. In Proceedings of the 21st USENIX Conference on Security Symposium."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCSE.2012.26"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461017"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381950"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"}],"event":{"name":"ISSTA '17: International Symposium on Software Testing and Analysis","location":"Santa Barbara CA USA","acronym":"ISSTA '17","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3092703.3092708","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3092703.3092708","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3092703.3092708","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:37:26Z","timestamp":1750217846000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3092703.3092708"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,7,10]]},"references-count":51,"alternative-id":["10.1145\/3092703.3092708","10.1145\/3092703"],"URL":"https:\/\/doi.org\/10.1145\/3092703.3092708","relation":{},"subject":[],"published":{"date-parts":[[2017,7,10]]},"assertion":[{"value":"2017-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}