{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T01:41:24Z","timestamp":1769737284526,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CISPA","award":["FKZ: 16KIS0656"],"award-info":[{"award-number":["FKZ: 16KIS0656"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133977","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"1065-1077","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":62,"title":["A Stitch in Time"],"prefix":"10.1145","author":[{"given":"Duc Cuong","family":"Nguyen","sequence":"first","affiliation":[{"name":"Saarland University, Saarbr\u00fccken, Germany"}]},{"given":"Dominik","family":"Wermke","sequence":"additional","affiliation":[{"name":"Leibniz University, Hannover, Hannover, Germany"}]},{"given":"Yasemin","family":"Acar","sequence":"additional","affiliation":[{"name":"Leibniz University, Hannover, Hannover, Germany"}]},{"given":"Michael","family":"Backes","sequence":"additional","affiliation":[{"name":"Saarland University, Saarbr\u00fccken, Germany"}]},{"given":"Charles","family":"Weir","sequence":"additional","affiliation":[{"name":"Lancaster University, Lancaster, Germany"}]},{"given":"Sascha","family":"Fahl","sequence":"additional","affiliation":[{"name":"Leibniz University, Hannover, Hannover, Germany"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.33"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_3_2_2_3_1","volume-title":"The Privacy and Security Behaviors of Smartphone App Developers. In Workshop on Usable Security (USEC'14)","author":"Balebako R","year":"2014","unstructured":"R Balebako, A Marsh, J Lin, and J Hong. 2014. The Privacy and Security Behaviors of Smartphone App Developers. In Workshop on Usable Security (USEC'14). http:\/\/www.mathcs.richmond.edu\/~dszajda\/classes\/cs334\/Fall_2014\/papers\/Balebako_privacy_security_behaviors_smartphone_app_developers.pdf"},{"key":"e_1_3_2_2_4_1","unstructured":"John Brooke. 1996. \"SUS-A quick and dirty usability scale.\" Usability evaluation in industry. CRC Press. https:\/\/www.crcpress.com\/product\/isbn\/9780748404605 ISBN: 9780748404605."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1177\/0049124104268644"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_2_8_1","volume-title":"Helping Developers Construct Secure Mobile Applica- tions. UC","author":"Chin Erika Michelle","unstructured":"Erika Michelle Chin. 2013. Helping Developers Construct Secure Mobile Applica- tions. UC Berkeley: Computer Science. http:\/\/escholarship.org\/uc\/item\/4x48p6rz"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"e_1_3_2_2_11_1","volume-title":"Proc. 20th Usenix Security Symposium (SEC'11)","author":"Enck William","year":"2011","unstructured":"William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. 2011. A Study of Android Application Security. In Proc. 20th Usenix Security Symposium (SEC'11). USENIX Association. http:\/\/www.enck.org\/pubs\/enck-sec11.pdf"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516655"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1559-1816.2004.tb02557.x"},{"key":"e_1_3_2_2_17_1","unstructured":"Nielsen Norman Group. [n. d.]. Field Studies. https:\/\/www.nngroup.com\/articles\/ field-studies\/. ([n. d.]). Last visited: 12\/09\/2016."},{"key":"e_1_3_2_2_18_1","volume-title":"Cobra: a light-weight tool for static and dynamic program analysis. Innovations in Systems and Software Engineering","author":"Holzmann Gerard J","year":"2016","unstructured":"Gerard J Holzmann. 2016. Cobra: a light-weight tool for static and dynamic program analysis. Innovations in Systems and Software Engineering (2016), 1--15."},{"key":"e_1_3_2_2_19_1","unstructured":"S. C. Johnson. 1978. Lint a C Program Checker. In COMP. SCI. TECH. REP. 78--1273."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.29"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"crossref","unstructured":"B. Kaliski. 2000. PKCS #5: Password-Based Cryptography Specification Version 2.0. (2000).","DOI":"10.17487\/rfc2898"},{"key":"e_1_3_2_2_22_1","volume-title":"Empirical Software Engineering, 2004. ISESE'04. Proceedings. 2004 International Symposium on. IEEE, 83--92","author":"Kim Miryung","year":"2004","unstructured":"Miryung Kim, Lawrence Bergman, Tessa Lau, and David Notkin. 2004. An ethno- graphic study of copy and paste programming practices in OOPL. In Empirical Software Engineering, 2004. ISESE'04. Proceedings. 2004 International Symposium on. IEEE, 83--92."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","unstructured":"Long Lu Zhichun Li Zhenyu Wu Wenke Lee and Guofei Jiang. 2012. Chex: statically vetting android apps for component hijacking vulnerabilities. In Pro- ceedings of the 2012 ACM conference on Computer and communications security. ACM 229--240. 10.1145\/2382196.2382223","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_2_25_1","volume-title":"TA. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017","author":"Madiha Tabassum Stacey Watson","year":"2017","unstructured":"Stacey Watson Madiha Tabassum and Heather Richter Lipford. 2017. Comparing Educational Approaches to Secure programming: Tool vs. TA. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA. https:\/\/www.usenix.org\/conference\/soups2017\/workshop-program\/ wsiw2017\/tabassum"},{"key":"e_1_3_2_2_26_1","volume-title":"Proc. 21st Annual Network and Distributed System Security Symposium (NDSS'14)","author":"Martin Georgiev Vitaly Shmatikov","year":"2014","unstructured":"Vitaly Shmatikov Martin Georgiev, Suman Jana. 2014. Breaking and Fixing Origin-Based Access Control in Hybrid Web\/Mobile Application Frameworks. In Proc. 21st Annual Network and Distributed System Security Symposium (NDSS'14). The Internet Society."},{"key":"e_1_3_2_2_27_1","volume-title":"Proc. 2015 Mobile Security Technologies Workshop (MoST'15)","author":"Mutchler Patrick","year":"2015","unstructured":"Patrick Mutchler, Adam Doup\u00e9, John Mitchell, Christopher Kruegel, and Giovanni Vigna. 2015. A Large-Scale Study of Mobile Web App Security. In Proc. 2015 Mobile Security Technologies Workshop (MoST'15). IEEE."},{"key":"e_1_3_2_2_28_1","volume-title":"Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps. Mobile Application Development, Usability, and Security","author":"Pistoia Marco","year":"2016","unstructured":"Marco Pistoia, Omer Tripp, and David Lubensky. 2016. Combining Static Code Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps. Mobile Application Development, Usability, and Security (2016), 68."},{"key":"e_1_3_2_2_29_1","volume-title":"Proc. 21st Annual Network and Distributed System Security Symposium (NDSS'14)","author":"Poeplau Sebastian","year":"2014","unstructured":"Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2014. Execute This! Analyzing Unsafe and Malicious Dy- namic Code Loading in Android Applications. In Proc. 21st Annual Network and Distributed System Security Symposium (NDSS'14). The Internet Society."},{"key":"e_1_3_2_2_30_1","volume-title":"Proc. 18th ACM Conference on Computer and Communication Security (CCS'11)","author":"Felt A. Porter","unstructured":"A. Porter Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. 2011. Android Permis- sions Demystified. In Proc. 18th ACM Conference on Computer and Communication Security (CCS'11). ACM."},{"key":"e_1_3_2_2_31_1","volume-title":"Proc. 20th Usenix Security Symposium (SEC'11)","author":"Felt Adrienne Porter","year":"2011","unstructured":"Adrienne Porter Felt, Helen J. Wang, Alexander Moshchuk, Steve Hanna, and Erika Chin. 2011. Permission Re-Delegation: Attacks and Defenses. In Proc. 20th Usenix Security Symposium (SEC'11). USENIX Association."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc7525"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1940761.1940839"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076021.2048146"},{"key":"e_1_3_2_2_36_1","unstructured":"Android Team. 2017. Android Lint tool. https:\/\/developer.android.com\/studio\/ write\/lint.html. (2017). Last visited: 17\/05\/2017."},{"key":"e_1_3_2_2_37_1","volume-title":"Twelfth Symposium on Usable Privacy and Security (SOUPS 2016","author":"Thomas Tyler W.","year":"2016","unstructured":"Tyler W. Thomas, Heather Lipford, Bill Chu, Justin Smith, and Emerson Murphy- Hill. 2016. What Questions Remain? An Examination of How Developers Understand an Interactive Static Analysis Tool. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO. https:\/\/www.usenix. org\/conference\/soups2016\/workshop-program\/wsiw16\/presentation\/thomas"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-60865-6_39"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46035-7_35"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516727"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133977","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133977","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133977"}},"subtitle":["Supporting Android Developers in WritingSecure Code"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":40,"alternative-id":["10.1145\/3133956.3133977","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133977","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}