{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T00:19:43Z","timestamp":1769732383113,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,8,21]],"date-time":"2017-08-21T00:00:00Z","timestamp":1503273600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000180","name":"U.S. Department of Homeland Security","doi-asserted-by":"publisher","award":["HSHQDC-14-C-B0040"],"award-info":[{"award-number":["HSHQDC-14-C-B0040"]}],"id":[{"id":"10.13039\/100000180","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000181","name":"Air Force Office of Scientific Research","doi-asserted-by":"publisher","award":["FA95501610030"],"award-info":[{"award-number":["FA95501610030"]}],"id":[{"id":"10.13039\/100000181","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-1252644"],"award-info":[{"award-number":["CCF-1252644"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,8,21]]},"DOI":"10.1145\/3106237.3106286","type":"proceedings-article","created":{"date-parts":[[2017,8,2]],"date-time":"2017-08-02T19:36:18Z","timestamp":1501702578000},"page":"661-671","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":28,"title":["Automatic generation of inter-component communication exploits for Android applications"],"prefix":"10.1145","author":[{"given":"Joshua","family":"Garcia","sequence":"first","affiliation":[{"name":"University of California at Irvine, USA"}]},{"given":"Mahmoud","family":"Hammad","sequence":"additional","affiliation":[{"name":"University of California at Irvine, USA"}]},{"given":"Negar","family":"Ghorbani","sequence":"additional","affiliation":[{"name":"University of California at Irvine, USA"}]},{"given":"Sam","family":"Malek","sequence":"additional","affiliation":[{"name":"University of California at Irvine, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,8,21]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Strategy Analytics: Android Captures Record 88 Percent Share of Global Smartphone Shipments in Q3","year":"2016","unstructured":"2016. Strategy Analytics: Android Captures Record 88 Percent Share of Global Smartphone Shipments in Q3 2016 . https:\/\/goo.gl\/b73xif. (2016). 2017. The Best Android Emulator For PC & Mac | Andy Android Emulator. http:\/\/www.andyroid.net\/. (2017). 2017. Drozer. https:\/\/labs.mwrinfosecurity.com\/tools\/drozer\/. (2017). Automatic Generation of Inter-Component Communication Exploits for Android Applications ESEC\/FSE\u201917, September 04\u201308, 2017, Paderborn, Germany 2017. Google Play. https:\/\/play.google.com\/store. (2017). 2017. LetterBomb Website. http:\/\/tiny.cc\/letterbomb. (2017). 2017. Number of smartphone users worldwide from 2014 to 2020 (in billions). https:\/\/www.statista.com\/statistics\/330695\/ number-of-smartphone-users-worldwide\/. (2017). 2016. Strategy Analytics: Android Captures Record 88 Percent Share of Global Smartphone Shipments in Q3 2016. https:\/\/goo.gl\/b73xif. (2016). 2017. The Best Android Emulator For PC & Mac | Andy Android Emulator. http:\/\/www.andyroid.net\/. (2017). 2017. Drozer. https:\/\/labs.mwrinfosecurity.com\/tools\/drozer\/. (2017). Automatic Generation of Inter-Component Communication Exploits for Android Applications ESEC\/FSE\u201917, September 04\u201308, 2017, Paderborn, Germany 2017. Google Play. https:\/\/play.google.com\/store. (2017). 2017. LetterBomb Website. http:\/\/tiny.cc\/letterbomb. (2017). 2017. Number of smartphone users worldwide from 2014 to 2020 (in billions). https:\/\/www.statista.com\/statistics\/330695\/ number-of-smartphone-users-worldwide\/. (2017)."},{"key":"e_1_3_2_1_2_1","volume-title":"Damien Octeau, and Patrick McDaniel.","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt , Siegfried Rasthofer , Christian Fritz , Eric Bodden , Alexandre Bartel , Jacques Klein , Yves Le Traon , Damien Octeau, and Patrick McDaniel. 2014 . Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771284.2771285"},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos , Sang Kil Cha , and David Brumley . 2011 . Aeg: Automatic exploit generation . In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2011). Thanassis Avgerinos, Sang Kil Cha, and David Brumley. 2011. Aeg: Automatic exploit generation. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2011)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_2_1_7_1","volume-title":"COVERT: Compositional Analysis of Android Inter-App Permission Leakage","author":"Bagheri Hamid","year":"2015","unstructured":"Hamid Bagheri , Alireza Sadeghi , Joshua Garcia , and Sam Malek . 2015 . COVERT: Compositional Analysis of Android Inter-App Permission Leakage . IEEE Transactions on Software Engineering (TSE) ( 2015). Hamid Bagheri, Alireza Sadeghi, Joshua Garcia, and Sam Malek. 2015. COVERT: Compositional Analysis of Android Inter-App Permission Leakage. IEEE Transactions on Software Engineering (TSE) (2015)."},{"key":"e_1_3_2_1_8_1","unstructured":"Clark Barrett Pascal Fontaine and Cesare Tinelli. 2010. The SMT-LIB Standard Version 2.6. (2010).  Clark Barrett Pascal Fontaine and Cesare Tinelli. 2010. The SMT-LIB Standard Version 2.6. (2010)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818033"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23140"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_13_1","volume-title":"Z3: An Efficient SMT Solver","author":"de Moura Leonardo","unstructured":"Leonardo de Moura and Nikolaj Bj\u00f8rner . 2008. Z3: An Efficient SMT Solver . Springer Berlin Heidelberg , Berlin, Heidelberg , 337\u2013340. Leonardo de Moura and Nikolaj Bj\u00f8rner. 2008. Z3: An Efficient SMT Solver. Springer Berlin Heidelberg, Berlin, Heidelberg, 337\u2013340."},{"key":"e_1_3_2_1_14_1","volume-title":"Formal Methods in Computer-Aided Design, 2009. FMCAD 2009. 45\u201352","author":"de Moura L.","unstructured":"L. de Moura and N. Bj\u00c2\u00a3rner . 2009. Generalized, efficient array decision procedures . In Formal Methods in Computer-Aided Design, 2009. FMCAD 2009. 45\u201352 . L. de Moura and N. Bj\u00c2\u00a3rner. 2009. Generalized, efficient array decision procedures. In Formal Methods in Computer-Aided Design, 2009. FMCAD 2009. 45\u201352."},{"key":"e_1_3_2_1_15_1","volume-title":"20th USENIX Security Symposium","author":"Enck William","year":"2011","unstructured":"William Enck , Damien Octeau , Patrick McDaniel , and Swarat Chaudhuri . 2011 . A Study of Android Application Security . In 20th USENIX Security Symposium , San Francisco, CA, USA , August 8-12, 2011, Proceedings (SEC\u201911). USENIX Association, San Francisco, CA, 21\u201321. William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. 2011. A Study of Android Application Security. In 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-12, 2011, Proceedings (SEC\u201911). USENIX Association, San Francisco, CA, 21\u201321."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/857076.857078"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_18_1","volume-title":"20th USENIX Security Symposium","author":"Felt Adrienne Porter","year":"2011","unstructured":"Adrienne Porter Felt , Steven Hanna , Erika Chin , Helen J. Wang , and Er Moshchuk . 2011 . Permission re-delegation: Attacks and defenses . In 20th USENIX Security Symposium , San Francisco, CA, USA , August 8-12, 2011, Proceedings (SEC\u201911). San Francisco, CA. Adrienne Porter Felt, Steven Hanna, Erika Chin, Helen J. Wang, and Er Moshchuk. 2011. Permission re-delegation: Attacks and defenses. In 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-12, 2011, Proceedings (SEC\u201911). San Francisco, CA."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491462"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.104"},{"key":"e_1_3_2_1_21_1","volume-title":"19th Annual Network and Distributed System Security Symposium (NDSS","author":"Grace Michael C.","year":"2012","unstructured":"Michael C. Grace , Yajin Zhou , Zhi Wang , and Xuxian Jiang . 2012 . Systematic Detection of Capability Leaks in Stock Android Smartphones .. In 19th Annual Network and Distributed System Security Symposium (NDSS 2012). San Diego, CA. Michael C. Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. 2012. Systematic Detection of Capability Leaks in Stock Android Smartphones.. In 19th Annual Network and Distributed System Security Symposium (NDSS 2012). San Diego, CA."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Dick Hardt. 2012. The OAuth 2.0 authorization framework. (2012).  Dick Hardt. 2012. The OAuth 2.0 authorization framework. (2012).","DOI":"10.17487\/rfc6749"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771800"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486893"},{"key":"e_1_3_2_1_25_1","volume-title":"IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In 37th IEEE\/ACM International Conference on Software Engineering, ICSE 2015","volume":"1","author":"Li Li","year":"2015","unstructured":"Li Li , Alexandre Bartel , Tegawend\u00c3\u013e F. Bissyand\u00c3\u013e , Jacques Klein , Yves Le Traon , Steven Arzt , Siegfried Rasthofer , Eric Bodden , Damien Octeau , and Patrick Mc-Daniel . 2015 . IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In 37th IEEE\/ACM International Conference on Software Engineering, ICSE 2015 , Florence, Italy , May 16-24, 2015, Volume 1 (ICSE\u201915), Antonia Bertolino, Gerardo Canfora, and Sebastian G. Elbaum (Eds.). IEEE, 280\u2013291. Li Li, Alexandre Bartel, Tegawend\u00c3\u013e F. Bissyand\u00c3\u013e, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mc-Daniel. 2015. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In 37th IEEE\/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, Volume 1 (ICSE\u201915), Antonia Bertolino, Gerardo Canfora, and Sebastian G. Elbaum (Eds.). IEEE, 280\u2013291."},{"key":"e_1_3_2_1_26_1","volume-title":"Distributed event-based systems","author":"M\u00fchl Gero","unstructured":"Gero M\u00fchl , Ludger Fiege , and Peter Pietzuch . 2006. Distributed event-based systems . Springer Science & amp; Business Media. Gero M\u00fchl, Ludger Fiege, and Peter Pietzuch. 2006. Distributed event-based systems. Springer Science & Business Media."},{"key":"e_1_3_2_1_27_1","volume-title":"A Large-Scale Study of Mobile Web App Security","author":"Mutchler Patrick","year":"2015","unstructured":"Patrick Mutchler , Adam Doup\u00e9 , John Mitchell , Chris Kruegel , and Giovanni Vigna . 2015. A Large-Scale Study of Mobile Web App Security . In IEEE Mobile Security Technologies, in conjunction with the IEEE Symposium on Security and Privacy (MOST 2015 ). Patrick Mutchler, Adam Doup\u00e9, John Mitchell, Chris Kruegel, and Giovanni Vigna. 2015. A Large-Scale Study of Mobile Web App Security. In IEEE Mobile Security Technologies, in conjunction with the IEEE Symposium on Security and Privacy (MOST 2015)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070515"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818767"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 22th USENIX Security Symposium (SEC\u201913)","author":"Octeau Damien","year":"2013","unstructured":"Damien Octeau , Patrick McDaniel , Somesh Jha , Alexandre Bartel , Eric Bodden , Jacques Klein , and Yves Le Traon . 2013 . Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis . In Proceedings of the 22th USENIX Security Symposium (SEC\u201913) . USENIX Association, 543\u2013558. Damien Octeau, Patrick McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis. In Proceedings of the 22th USENIX Security Symposium (SEC\u201913). USENIX Association, 543\u2013558."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766522"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2335484.2335511"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"A. Sadeghi H. Bagheri J. Garcia and S. Malek. 2016. A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software. IEEE Transactions on Software Engineering (TSE) (2016).  A. Sadeghi H. Bagheri J. Garcia and S. Malek. 2016. A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software. IEEE Transactions on Software Engineering (TSE) (2016).","DOI":"10.1109\/TSE.2016.2615307"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2014.48"},{"key":"e_1_3_2_1_35_1","volume-title":"Automated Detection of SSL\/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In 21st Annual Network and Distributed System Security Symposium (NDSS\u201914)","author":"Sounthiraraj David","year":"2014","unstructured":"David Sounthiraraj , Justin Sahs , Garret Greenwood , Zhiqiang Lin , and Latifur Khan . 2014 . SMV-HUNTER: Large Scale , Automated Detection of SSL\/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In 21st Annual Network and Distributed System Security Symposium (NDSS\u201914) . San Diego, CA. David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. 2014. SMV-HUNTER: Large Scale, Automated Detection of SSL\/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In 21st Annual Network and Distributed System Security Symposium (NDSS\u201914). San Diego, CA."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/781995.782008"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818024"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.60"},{"key":"e_1_3_2_1_39_1","volume-title":"20th Annual Network and Distributed System Security Symposium (NDSS","author":"Zhou Yajin","year":"2013","unstructured":"Yajin Zhou and Xuxian Jiang . 2013 . Detecting Passive Content Leaks and Pollution in Android Applications .. In 20th Annual Network and Distributed System Security Symposium (NDSS 2013). San Diego, CA. Yajin Zhou and Xuxian Jiang. 2013. Detecting Passive Content Leaks and Pollution in Android Applications.. In 20th Annual Network and Distributed System Security Symposium (NDSS 2013). San Diego, CA."}],"event":{"name":"ESEC\/FSE'17: Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering","location":"Paderborn Germany","acronym":"ESEC\/FSE'17","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106237.3106286","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3106237.3106286","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3106237.3106286","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:37Z","timestamp":1750217437000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3106237.3106286"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,8,21]]},"references-count":39,"alternative-id":["10.1145\/3106237.3106286","10.1145\/3106237"],"URL":"https:\/\/doi.org\/10.1145\/3106237.3106286","relation":{},"subject":[],"published":{"date-parts":[[2017,8,21]]},"assertion":[{"value":"2017-08-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}