{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T23:29:37Z","timestamp":1769729377929,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":39,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,6,12]],"date-time":"2019-06-12T00:00:00Z","timestamp":1560297600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"The National Key R&D Program of China","award":["2018YFB1004701"],"award-info":[{"award-number":["2018YFB1004701"]}]},{"name":"the National Natural Science Foundation of China (NSFC)","award":["61632013, 61822205, 61432002 and 61632020"],"award-info":[{"award-number":["61632013, 61822205, 61432002 and 61632020"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,6,12]]},"DOI":"10.1145\/3307334.3326094","type":"proceedings-article","created":{"date-parts":[[2019,6,17]],"date-time":"2019-06-17T12:56:45Z","timestamp":1560776205000},"page":"168-179","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Understanding and Detecting Overlay-based Android Malware at Market Scales"],"prefix":"10.1145","author":[{"given":"Yuxuan","family":"Yan","sequence":"first","affiliation":[{"name":"Tsinghua University & Tencent Mobile Security, Beijing, China"}]},{"given":"Zhenhua","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"given":"Qi Alfred","family":"Chen","sequence":"additional","affiliation":[{"name":"University of California, Irvine, Irvine, CA, USA"}]},{"given":"Christo","family":"Wilson","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"given":"Tianyin","family":"Xu","sequence":"additional","affiliation":[{"name":"UIUC, Urbana-Champaign, IL, USA"}]},{"given":"Ennan","family":"Zhai","sequence":"additional","affiliation":[{"name":"Alibaba Group, Seattle, WA, USA"}]},{"given":"Yong","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}]},{"given":"Yunhao","family":"Liu","sequence":"additional","affiliation":[{"name":"Michigan State University & Tsinghua University, East Lansing, MI, USA"}]}],"member":"320","published-online":{"date-parts":[[2019,6,12]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings of USENIX ATC","author":"Bellard Fabrice","year":"2005","unstructured":"Fabrice Bellard . 2005 . QEMU, A Fast and Portable Dynamic Translator . In Proceedings of USENIX ATC . Anaheim, CA, US. Fabrice Bellard. 2005. QEMU, A Fast and Portable Dynamic Translator. In Proceedings of USENIX ATC. Anaheim, CA, US."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.62"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_3_2_1_5_1","first-page":"3","article-title":"Classification and Regression Trees","volume":"40","author":"Breiman Leo","year":"1984","unstructured":"Leo Breiman , Jerome H. Friedman , Richard. Olshen, and Charles J. Stone . 1984 . Classification and Regression Trees . Encyclopedia of Ecology , Vol. 40 , 3 (January 1984), 582--588. Leo Breiman, Jerome H. Friedman, Richard. Olshen, and Charles J. Stone. 1984. Classification and Regression Trees. Encyclopedia of Ecology, Vol. 40, 3 (January 1984), 582--588.","journal-title":"Encyclopedia of Ecology"},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of USENIX Security","author":"Chen Qi Alfred","unstructured":"Qi Alfred Chen , Zhiyun Qian , and Z. Morley Mao . 2014. Peeking into Your App without Actually Seeing it: UI State Inference and Novel Android Attacks . In Proceedings of USENIX Security . San Diego, CA, US. Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao. 2014. Peeking into Your App without Actually Seeing it: UI State Inference and Novel Android Attacks. In Proceedings of USENIX Security. San Diego, CA, US."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2542095.2542107"},{"key":"e_1_3_2_1_8_1","volume-title":"Georg Essl, J. Alex Halderman, Z. Morley Mao, and Atul Prakash.","author":"Fernandes Earlence","year":"2014","unstructured":"Earlence Fernandes , Qi Alfred Chen , Georg Essl, J. Alex Halderman, Z. Morley Mao, and Atul Prakash. 2014 . TIVOs: Trusted Visual I\/O Paths for Android. Technical Report CSE-TR-586--14. University of Michigan, Ann Arbor . Earlence Fernandes, Qi Alfred Chen, Georg Essl, J. Alex Halderman, Z. Morley Mao, and Atul Prakash. 2014. TIVOs: Trusted Visual I\/O Paths for Android. Technical Report CSE-TR-586--14. University of Michigan, Ann Arbor."},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of FC. Barbados.","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes , Qi Alfred Chen , Justin Paupore , Georg Essl , J. Alex Halderman , Z. Morley Mao , and Atul Prakash . 2016 . Android UI Deception Revisited: Attacks and Defenses . In Proceedings of FC. Barbados. Earlence Fernandes, Qi Alfred Chen, Justin Paupore, Georg Essl, J. Alex Halderman, Z. Morley Mao, and Atul Prakash. 2016. Android UI Deception Revisited: Attacks and Defenses. In Proceedings of FC. Barbados."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.39"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2380116.2380184"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606553"},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of IEEE COMSNETS","author":"Han Jun","year":"2012","unstructured":"Jun Han , Emmanuel Owusu , T. Nguyen Le , Adrian Perrig , and Joy Zhang . 2012 . ACComplice: Location Inference Using Accelerometers on Smartphones . In Proceedings of IEEE COMSNETS . Bangalore, India. Jun Han, Emmanuel Owusu, T. Nguyen Le, Adrian Perrig, and Joy Zhang. 2012. ACComplice: Location Inference Using Accelerometers on Smartphones. In Proceedings of IEEE COMSNETS. Bangalore, India."},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of USENIX WOOT","author":"Ronny","year":"2014","unstructured":"Ronny H\"ansch, Tobias Fiebig , and Jan Krissler . 2014 . Security Impact of High Resolution Smartphone Cameras . In Proceedings of USENIX WOOT . San Diego, CA, US. Ronny H\"ansch, Tobias Fiebig, and Jan Krissler. 2014. Security Impact of High Resolution Smartphone Cameras. In Proceedings of USENIX WOOT. San Diego, CA, US."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594368.2594390"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAE.2012.6272775"},{"key":"e_1_3_2_1_17_1","unstructured":"Chih-Wei Huang. 2016. Android-x86 Vendor Intel Houdini . https:\/\/osdn.net\/projects\/android-x86\/scm\/git\/vendor-intel-houdini\/.  Chih-Wei Huang. 2016. Android-x86 Vendor Intel Houdini . https:\/\/osdn.net\/projects\/android-x86\/scm\/git\/vendor-intel-houdini\/."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660295"},{"key":"e_1_3_2_1_19_1","unstructured":"Eduard Kovacs. 2016. Most Android Devices Prone to Accessibility Clickjacking Attacks . http:\/\/www.securityweek.com\/most-android-devices-prone-accessibility-clickjacking-attacks.  Eduard Kovacs. 2016. Most Android Devices Prone to Accessibility Clickjacking Attacks . http:\/\/www.securityweek.com\/most-android-devices-prone-accessibility-clickjacking-attacks."},{"key":"e_1_3_2_1_20_1","volume-title":"Proceedings of USENIX NSDI","author":"Liu Bin","year":"2014","unstructured":"Bin Liu , Suman Nath , Ramesh Govindan , and Jie Liu . 2014 . DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps . In Proceedings of USENIX NSDI . Seattle, WA, US. Bin Liu, Suman Nath, Ramesh Govindan, and Jie Liu. 2014. DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps. In Proceedings of USENIX NSDI . Seattle, WA, US."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37119-6_15"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307666"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627417"},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of Black Hat. Abu Dhabi, United Arab Emirates.","author":"Niemietz Marcus","year":"2012","unstructured":"Marcus Niemietz and J\u00f6rg Schwenk . 2012 . UI Redressing Attacks on Android Devices . In Proceedings of Black Hat. Abu Dhabi, United Arab Emirates. Marcus Niemietz and J\u00f6rg Schwenk. 2012. UI Redressing Attacks on Android Devices. In Proceedings of Black Hat. Abu Dhabi, United Arab Emirates."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592796"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243785"},{"key":"e_1_3_2_1_28_1","unstructured":"Android Open Source Project. 2015a. Allow verifier to grant permissions . https:\/\/github.com\/aosp-mirror\/platform_frameworks_base\/commit\/4ff3b614ab73539763343e0981869c7ab5ee9979 .  Android Open Source Project. 2015a. Allow verifier to grant permissions . https:\/\/github.com\/aosp-mirror\/platform_frameworks_base\/commit\/4ff3b614ab73539763343e0981869c7ab5ee9979 ."},{"key":"e_1_3_2_1_29_1","unstructured":"Android Open Source Project. 2015b. Make SYSTEM_ALERT_WINDOW development permission . https:\/\/github.com\/aosp-mirror\/platform_frameworks_base\/commit\/01af6a42a6a008d4b208a92510537791b261168c.  Android Open Source Project. 2015b. Make SYSTEM_ALERT_WINDOW development permission . https:\/\/github.com\/aosp-mirror\/platform_frameworks_base\/commit\/01af6a42a6a008d4b208a92510537791b261168c."},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of USENIX Security. Washington, D.C., US.","author":"Ren Chuangang","year":"2015","unstructured":"Chuangang Ren , Yulong Zhang , Hui Xue , Tao Wei , and Peng Liu . 2015 . Towards Discovering and Understanding Task Hijacking in Android . In Proceedings of USENIX Security. Washington, D.C., US. Chuangang Ren, Yulong Zhang, Hui Xue, Tao Wei, and Peng Liu. 2015. Towards Discovering and Understanding Task Hijacking in Android. In Proceedings of USENIX Security. Washington, D.C., US."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2536605"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of ISOC NDSS","author":"Schlegel Roman","year":"2011","unstructured":"Roman Schlegel , Kehuan Zhang , Xiao Yong Zhou , Mehool Intwala , Apu Kapadia , and Xiao Feng Wang . 2011 . Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones . In Proceedings of ISOC NDSS . San Diego, CA, US. Roman Schlegel, Kehuan Zhang, Xiao Yong Zhou, Mehool Intwala, Apu Kapadia, and Xiao Feng Wang. 2011. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of ISOC NDSS. San Diego, CA, US."},{"key":"e_1_3_2_1_34_1","unstructured":"Android Studio. 2015. UI\/Application Exerciser Monkey in Android Studio . https:\/\/developer.android.com\/studio\/test\/monkey.html.  Android Studio. 2015. UI\/Application Exerciser Monkey in Android Studio . https:\/\/developer.android.com\/studio\/test\/monkey.html."},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of ISOC NDSS","author":"Templeman Robert","year":"2013","unstructured":"Robert Templeman , Zahid Rahman , David Crandall , and Apu Kapadia . 2013 . PlaceRaider: Virtual Theft in Physical Spaces with Smartphones . In Proceedings of ISOC NDSS . San Diego, CA, US. Robert Templeman, Zahid Rahman, David Crandall, and Apu Kapadia. 2013. PlaceRaider: Virtual Theft in Physical Spaces with Smartphones. In Proceedings of ISOC NDSS. San Diego, CA, US."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098243.3098246"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2016.7860470"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185465"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897897"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of ISOC NDSS","author":"Zhou Yajin","year":"2012","unstructured":"Yajin Zhou , Zhi Wang , Wu Zhou , and Xuxian Jiang . 2012 . Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets . In Proceedings of ISOC NDSS . San Diego, CA, US. Yajin Zhou, Zhi Wang, Wu Zhou, and Xuxian Jiang. 2012. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of ISOC NDSS. San Diego, CA, US."}],"event":{"name":"MobiSys '19: The 17th Annual International Conference on Mobile Systems, Applications, and Services","location":"Seoul Republic of Korea","acronym":"MobiSys '19","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3307334.3326094","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3307334.3326094","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:13:20Z","timestamp":1750202000000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3307334.3326094"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,12]]},"references-count":39,"alternative-id":["10.1145\/3307334.3326094","10.1145\/3307334"],"URL":"https:\/\/doi.org\/10.1145\/3307334.3326094","relation":{},"subject":[],"published":{"date-parts":[[2019,6,12]]},"assertion":[{"value":"2019-06-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}