{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,2]],"date-time":"2025-07-02T22:23:58Z","timestamp":1751495038606,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF CISE Research Infrastructure Grant","award":["No. 1405641"],"award-info":[{"award-number":["No. 1405641"]}]},{"name":"The National Science Foundation (NSF)","award":["CNS-1617593, CNS-1527086"],"award-info":[{"award-number":["CNS-1617593, CNS-1527086"]}]},{"name":"The Office of Naval Research (ONR)","award":["N00014-17-1-2541"],"award-info":[{"award-number":["N00014-17-1-2541"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133987","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"149-162","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Hindsight"],"prefix":"10.1145","author":[{"given":"Meng","family":"Luo","sequence":"first","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]},{"given":"Oleksii","family":"Starov","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]},{"given":"Nima","family":"Honarmand","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]},{"given":"Nick","family":"Nikiforakis","sequence":"additional","affiliation":[{"name":"Stony Brook University, Stony Brook, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"AdGuard. 2009--2017. ad blocker and anti-tracker. https:\/\/adguard.com\/en\/welcome.html. (2009--2017)."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35130-3_2"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33383-5_6"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2013.90"},{"key":"e_1_3_2_2_7_1","unstructured":"Zineb Ait Bahajji and Gary Illyes. 2014. Google Webmaster Blog: HTTPS as a ranking signal. https:\/\/webmasters.googleblog.com\/2014\/08\/https-as-ranking-signal.html. (2014)."},{"key":"e_1_3_2_2_8_1","unstructured":"Bugzilla@Mozilla. 2010. URL Display of Title instead of the URL Enables Phishing Attacks via URL Spoofng. https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=605206. (2010)."},{"key":"e_1_3_2_2_9_1","volume-title":"Proceedings vof the 16th Information Security Conference (ISC).","author":"Chen Ping","year":"2013","unstructured":"Ping Chen, Nick Nikiforakis, Christophe Huygens, and Lieven Desmet. 2013. A Dangerous Mix: Large-scale analysis of mixed-content websites. In Proceedings vof the 16th Information Security Conference (ISC)."},{"key":"e_1_3_2_2_10_1","volume-title":"International Workshop on Information Security Applications. Springer, 138--159","author":"Chin Erika","year":"2013","unstructured":"Erika Chin and David Wagner. 2013. Bifocals: Analyzing webview vulnerabilities in android applications. In International Workshop on Information Security Applications. Springer, 138--159."},{"key":"e_1_3_2_2_11_1","unstructured":"CVE 2014. CVE-2014--6041 : The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attributes. http:\/\/www.cvedetails.com\/cve\/CVE-2014--6041\/. (2014)."},{"key":"e_1_3_2_2_12_1","unstructured":"Peter Dolanjski and Tanvi Vyas. 2017. Mozilla Security Blog: Communicating the Dangers of Non-Secure HTTP. https:\/\/blog.mozilla.org\/security\/2017\/01\/20\/communicating-the-dangers-of-non-secure-http\/. (2017)."},{"key":"e_1_3_2_2_13_1","unstructured":"Tesseract Open Source OCR Engine. 2017. Google. https:\/\/github.com\/tesseract-ocr\/tesseract. (2017)."},{"key":"e_1_3_2_2_14_1","volume-title":"Twelfth Symposium on Usable Privacy and Security (SOUPS).","author":"Felt Adrienne Porter","year":"2016","unstructured":"Adrienne Porter Felt, Robert W Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo. 2016. Rethinking connection security indicators. In Twelfth Symposium on Usable Privacy and Security (SOUPS)."},{"key":"e_1_3_2_2_15_1","volume-title":"Proceedings of the Web 2.0 Security and Privacy Workshop.","author":"Felt Adrienne Porter","year":"2011","unstructured":"Adrienne Porter Felt and David Wagner. 2011. Phishing on mobile devices. In Proceedings of the Web 2.0 Security and Privacy Workshop."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143132"},{"key":"e_1_3_2_2_17_1","unstructured":"Google Play store. 2017. CM Browser - Adblock Download. https:\/\/play. google.com\/store\/apps\/details?id=com.ksmobile.cb. (2017)."},{"key":"e_1_3_2_2_18_1","unstructured":"Google Play store. 2017. Dolphin - Best Web Browser. https:\/\/play.google.com\/store\/apps\/details?id=mobi.mgeek.TunnyBrowser. (2017)."},{"key":"e_1_3_2_2_19_1","unstructured":"Google Play store. 2017. Google Play store: Fastest Mini Browser. https:\/\/play.google.com\/store\/apps\/details?id=com.mmbox.browser. (2017)."},{"key":"e_1_3_2_2_20_1","unstructured":"Google Play store. 2017. Google Play store: Ghostery Privacy Browser.https:\/\/play.google.com\/store\/apps\/details?id=com.ghostery.android.ghostery. (2017)."},{"key":"e_1_3_2_2_21_1","unstructured":"Google Play store. 2017. Opera Mini - fast web browser. https:\/\/play.google.com\/store\/apps\/details?id=com.opera.mini.native. (2017)."},{"key":"e_1_3_2_2_22_1","unstructured":"Google Play store. 2017. UC Browser - Fast Download. https:\/\/play.google.com\/store\/apps\/details?id=com.UCMobile.intl. (2017)."},{"key":"e_1_3_2_2_23_1","volume-title":"Proceedings of the International Symposium on Software Testing and Analysis (ISSTA).","author":"Hothersall-Thomas Charlie","year":"2015","unstructured":"Charlie Hothersall-Thomas, Sergio Maffeis, and Chris Novakovic. 2015. Browser-Audit: Automated Testing of Browser Security Features. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)."},{"key":"e_1_3_2_2_24_1","unstructured":"Jason Kersey. 2013. Chrome for Android Update. http:\/\/googlechromereleases.blogspot.com\/2013\/11\/chrome-for-android-update.html. (2013)."},{"key":"e_1_3_2_2_25_1","unstructured":"Let's Encrypt - Free SSL\/TLS Certificates. 2017. https:\/\/letsencrypt.org\/.(2017)."},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37119-6_15"},{"key":"e_1_3_2_2_28_1","volume-title":"More tricks for defeating SSL in practice. Black Hat USA","author":"Marlinspike Moxie","year":"2009","unstructured":"Moxie Marlinspike. 2009. More tricks for defeating SSL in practice. Black Hat USA (2009)."},{"key":"e_1_3_2_2_29_1","unstructured":"Matthias Neugschwandtner Martina Lindorfer and Christian Platzer. 2013. A View to a Kill: WebView Exploitation.. In LEET."},{"key":"e_1_3_2_2_30_1","volume-title":"Proceedings of the Usability, Psychology, and Security Workshop (UPSEC).","author":"Niu Yuan","year":"2008","unstructured":"Yuan Niu, Francis Hsu, and Hao Chen. 2008. iPhish: Phishing Vulnerabilities on Consumer Electronics. In Proceedings of the Usability, Psychology, and Security Workshop (UPSEC)."},{"key":"e_1_3_2_2_31_1","unstructured":"Google Cloud Platform. 2017. Cloud Vision API Documentation. https:\/\/cloud.google.com\/vision\/docs\/. (2017)."},{"key":"e_1_3_2_2_32_1","volume-title":"Proceedings of the 4th USENIX Workshop On Offensive technologies(WOOT). USENIX Association, 1--8.","author":"Rydstedt Gustav","year":"2010","unstructured":"Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, and Dan Boneh. 2010. Framing attacks on smart phones and dumb routers: tap-jacking and geo-localization attacks. In Proceedings of the 4th USENIX Workshop On Offensive technologies(WOOT). USENIX Association, 1--8."},{"key":"e_1_3_2_2_33_1","unstructured":"Emily Schechter. 2016. Google Security Blog: Moving towards a more secure web. https:\/\/security.googleblog.com\/2016\/09\/moving-towards-more-secure-web.html. (2016)."},{"key":"e_1_3_2_2_34_1","unstructured":"Selenium. 2017. Selenium Webdriver. http:\/\/www.seleniumhq.org\/projects\/webdriver\/. (2017)."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.35"},{"volume-title":"The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. In In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P '16)","author":"Sivakorn Suphannee","key":"e_1_3_2_2_36_1","unstructured":"Suphannee Sivakorn, Jason Polakis, and Angelos D. Keromytis. 2016. The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information. In In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P '16)."},{"key":"e_1_3_2_2_37_1","volume-title":"Crying Wolf: An Empirical Study of SSL Warning Effectiveness.. In USENIX security symposium. 399--416.","author":"Sunshine Joshua","year":"2009","unstructured":"Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying Wolf: An Empirical Study of SSL Warning Effectiveness.. In USENIX security symposium. 399--416."},{"key":"e_1_3_2_2_38_1","unstructured":"W3C. 2010. Web Security Context: User Interface Guidelines. https:\/\/www.w3.org\/TR\/wsc-ui\/. (2010)."},{"key":"e_1_3_2_2_39_1","volume-title":"Cookies Lack Integrity: Real-World Implications. In 24th USENIX Security Symposium (USENIX Security 15)","author":"Zheng Xiaofeng","year":"2015","unstructured":"Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, and Nicholas Weaver. 2015. Cookies Lack Integrity: Real-World Implications. In 24th USENIX Security Symposium (USENIX Security 15)."},{"key":"e_1_3_2_2_40_1","volume-title":"Proceedings of 4th Web 2","author":"Zhou Yuchen","year":"2010","unstructured":"Yuchen Zhou and David Evans. 2010. Why aren't HTTP-only cookies more widely deployed. Proceedings of 4th Web 2 (2010)."}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Dallas Texas USA","acronym":"CCS '17"},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133987","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133987","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133987"}},"subtitle":["Understanding the Evolution of UI Vulnerabilities in Mobile Browsers"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":38,"alternative-id":["10.1145\/3133956.3133987","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133987","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}