{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:15:29Z","timestamp":1763507729389,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T00:00:00Z","timestamp":1512345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CNS-1408632"],"award-info":[{"award-number":["CNS-1408632"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"DARPA","award":["FA8750-15-2-0084"],"award-info":[{"award-number":["FA8750-15-2-0084"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,12,4]]},"DOI":"10.1145\/3134600.3134615","type":"proceedings-article","created":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T19:18:32Z","timestamp":1512415112000},"page":"16-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information"],"prefix":"10.1145","author":[{"given":"Antonio","family":"Bianchi","sequence":"first","affiliation":[{"name":"University of California, Santa Barbara"}]},{"given":"Eric","family":"Gustafson","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara"}]},{"given":"Yanick","family":"Fratantonio","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Eurecom"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara"}]}],"member":"320","published-online":{"date-parts":[[2017,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Xposed Installer (framework). http:\/\/repo.xposed.info. (2015).  Xposed Installer (framework). http:\/\/repo.xposed.info. (2015)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS.2015.17"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium (USENIX Security).","author":"Bhoraskar Ravi","year":"2014","unstructured":"Ravi Bhoraskar , Seungyeop Han , Jinseong Jeon , Tanzirul Azim , Shuo Chen , Jaeyeon Jung , Suman Nath , Rui Wang , and David Wetherall . 2014 . Brahmastra: Driving Apps to Test the Security of Third-Party Components . In Proceedings of the 23rd USENIX Security Symposium (USENIX Security). Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall. 2014. Brahmastra: Driving Apps to Test the Security of Third-Party Components. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_4_1","unstructured":"Antonio Bianchi. Implementation of the proposed defense mechanisms. https:\/\/github.com\/ucsb-seclab\/android_device_public. (2017).  Antonio Bianchi. Implementation of the proposed defense mechanisms. https:\/\/github.com\/ucsb-seclab\/android_device_public. (2017)."},{"key":"e_1_3_2_1_5_1","unstructured":"Johannes Buchner. Image Hash library. https:\/\/github.com\/JohannesBuchner\/imagehash. (2015).  Johannes Buchner. Image Hash library. https:\/\/github.com\/JohannesBuchner\/imagehash. (2015)."},{"key":"e_1_3_2_1_6_1","unstructured":"International Advertising Bureau. Ad Unit Guidelines. http:\/\/www.iab.net\/guidelines\/508676\/508767\/ad_unit. (2015).  International Advertising Bureau. Ad Unit Guidelines. http:\/\/www.iab.net\/guidelines\/508676\/508767\/ad_unit. (2015)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660323"},{"key":"e_1_3_2_1_8_1","unstructured":"Xiao Cong. uiautomator. https:\/\/github.com\/xiaocong\/uiautomator. (2015).  Xiao Cong. uiautomator. https:\/\/github.com\/xiaocong\/uiautomator. (2015)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23465"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23082"},{"volume-title":"Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI).","author":"Enck W.","key":"e_1_3_2_1_11_1","unstructured":"W. Enck , P. Gilbert , B.G. Chun , L.P. Cox , J. Jung , P. McDaniel , and A.N. Sheth . 2010. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones . In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI). W. Enck, P. Gilbert, B.G. Chun, L.P. Cox, J. Jung, P. McDaniel, and A.N. Sheth. 2010. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_3_2_1_12_1","volume-title":"Virus Bulletin Conference.","author":"Feng Chun","year":"2008","unstructured":"Chun Feng . 2008 . Playing with shadows -- exposing the black market for online game password theft . In Virus Bulletin Conference. Chun Feng. 2008. Playing with shadows -- exposing the black market for online game password theft. In Virus Bulletin Conference."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486799"},{"key":"e_1_3_2_1_14_1","unstructured":"Google. AccountManager. https:\/\/developer.android.com\/reference\/android\/accounts\/AccountManager.html. (2016).  Google. AccountManager. https:\/\/developer.android.com\/reference\/android\/accounts\/AccountManager.html. (2016)."},{"key":"e_1_3_2_1_15_1","unstructured":"Google. Advertising ID. https:\/\/support.google.com\/googleplay\/android-developer\/answer\/6048248?hl=en. (2016).  Google. Advertising ID. https:\/\/support.google.com\/googleplay\/android-developer\/answer\/6048248?hl=en. (2016)."},{"key":"e_1_3_2_1_16_1","unstructured":"Google. Android Documentation: SmsManager. https:\/\/developer.android.com\/reference\/android\/telephony\/SmsManager.html. (2016).  Google. Android Documentation: SmsManager. https:\/\/developer.android.com\/reference\/android\/telephony\/SmsManager.html. (2016)."},{"key":"e_1_3_2_1_17_1","unstructured":"Google. Binder. https:\/\/developer.android.com\/reference\/android\/os\/Binder.html#getCallingUid(). (2016).  Google. Binder. https:\/\/developer.android.com\/reference\/android\/os\/Binder.html#getCallingUid(). (2016)."},{"key":"e_1_3_2_1_18_1","unstructured":"Google. Google Play Developer Program Policies. https:\/\/play.google.com\/about\/developer-content-policy.html. (2016).  Google. Google Play Developer Program Policies. https:\/\/play.google.com\/about\/developer-content-policy.html. (2016)."},{"key":"e_1_3_2_1_19_1","unstructured":"Google. Implementing In-app Billing. https:\/\/developer.android.com\/google\/play\/billing\/billing_integrate.html. (2016).  Google. Implementing In-app Billing. https:\/\/developer.android.com\/google\/play\/billing\/billing_integrate.html. (2016)."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. Platform Versions. https:\/\/web.archive.org\/web\/20160131030000\/https:\/\/developer.android.com\/about\/dashboards\/index.html. (2016).  Google. Platform Versions. https:\/\/web.archive.org\/web\/20160131030000\/https:\/\/developer.android.com\/about\/dashboards\/index.html. (2016)."},{"key":"e_1_3_2_1_21_1","unstructured":"Google. Testing Support Library. https:\/\/developer.android.com\/tools\/help\/uiautomator\/. (2016).  Google. Testing Support Library. https:\/\/developer.android.com\/tools\/help\/uiautomator\/. (2016)."},{"key":"e_1_3_2_1_22_1","unstructured":"Google. Android O Behavior Changes. https:\/\/developer.android.com\/preview\/behavior-changes.html#privacy-all. (2017).  Google. Android O Behavior Changes. https:\/\/developer.android.com\/preview\/behavior-changes.html#privacy-all. (2017)."},{"key":"e_1_3_2_1_23_1","unstructured":"Google. Using the External Storage. https:\/\/developer.android.com\/guide\/topics\/data\/data-storage.html#filesExternal. (2017).  Google. Using the External Storage. https:\/\/developer.android.com\/guide\/topics\/data\/data-storage.html#filesExternal. (2017)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2015.7095807"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2814270.2814320"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660302"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-18467-8_36"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491411.2491450"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39235-1_9"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590335"},{"key":"e_1_3_2_1_31_1","unstructured":"NIST. Digital Authentication Guideline. https:\/\/pages.nist.gov\/800-63-3\/sp800-63b.html. (2016).  NIST. Digital Authentication Guideline. https:\/\/pages.nist.gov\/800-63-3\/sp800-63b.html. (2016)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884854"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 19th Network & Distributed System Security Symposium (NDSS).","author":"Schrittwieser Sebastian","year":"2012","unstructured":"Sebastian Schrittwieser , Peter Fr\u00fchwirt , Peter Kieseberg , Manuel Leithner , Martin Mulazzani , Markus Huber , and Edgar R Weippl . 2012 . Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications . In Proceedings of the 19th Network & Distributed System Security Symposium (NDSS). Sebastian Schrittwieser, Peter Fr\u00fchwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R Weippl. 2012. Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications. In Proceedings of the 19th Network & Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23407"},{"volume-title":"Operating System Market Share Worldwide --","year":"2017","key":"e_1_3_2_1_36_1","unstructured":"StatCounter. Operating System Market Share Worldwide -- May 2017 . http:\/\/gs.statcounter.com\/os-market-share#monthly-201705-201705-bar. (2017). StatCounter. Operating System Market Share Worldwide -- May 2017. http:\/\/gs.statcounter.com\/os-market-share#monthly-201705-201705-bar. (2017)."},{"key":"e_1_3_2_1_37_1","unstructured":"Telegram. Keep Calm and Send Telegrams! https:\/\/telegram.org\/blog\/15million-reuters. (2016).  Telegram. Keep Calm and Send Telegrams! https:\/\/telegram.org\/blog\/15million-reuters. (2016)."},{"key":"e_1_3_2_1_38_1","unstructured":"Thomas Fox-Brewster. Watch As Hackers Hijack WhatsApp Accounts Via Critical Telecoms Flaws. http:\/\/www.forbes.com\/sites\/thomasbrewster\/2016\/06\/01\/whatsapp-telegram-ss7-hacks\/#43e6fc1c745e. (2016).  Thomas Fox-Brewster. Watch As Hackers Hijack WhatsApp Accounts Via Critical Telecoms Flaws. http:\/\/www.forbes.com\/sites\/thomasbrewster\/2016\/06\/01\/whatsapp-telegram-ss7-hacks\/#43e6fc1c745e. (2016)."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium (USENIX Security).","author":"Wang Rui","year":"2013","unstructured":"Rui Wang , Yuchen Zhou , Shuo Chen , Shaz Qadeer , David Evans , and Yuri Gurevich . 2013 . Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization . In Proceedings of the 22nd USENIX Security Symposium (USENIX Security). Rui Wang, Yuchen Zhou, Shuo Chen, Shaz Qadeer, David Evans, and Yuri Gurevich. 2013. Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_40_1","unstructured":"Ronghai Yang Wing Cheong Lau and Tianyu Liu. Signing into One Billion Mobile App Accounts Effortlessly with OAuth2.0. BlackHat Europe. (2016).  Ronghai Yang Wing Cheong Lau and Tianyu Liu. Signing into One Billion Mobile App Accounts Effortlessly with OAuth2.0. BlackHat Europe. (2016)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23061"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23146"}],"event":{"name":"ACSAC 2017: 2017 Annual Computer Security Applications Conference","acronym":"ACSAC 2017","location":"Orlando FL USA"},"container-title":["Proceedings of the 33rd Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134615","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134615","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134615","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:11Z","timestamp":1750217411000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134615"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,12,4]]},"references-count":42,"alternative-id":["10.1145\/3134600.3134615","10.1145\/3134600"],"URL":"https:\/\/doi.org\/10.1145\/3134600.3134615","relation":{},"subject":[],"published":{"date-parts":[[2017,12,4]]},"assertion":[{"value":"2017-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}