{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:07:41Z","timestamp":1772042861626,"version":"3.50.1"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2019,3,26]],"date-time":"2019-03-26T00:00:00Z","timestamp":1553558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["U1636204, 61602121, U1736208, 61602123, U1836213, U1836210"],"award-info":[{"award-number":["U1636204, 61602121, U1736208, 61602123, U1836213, U1836210"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"National Program on Key Basic Research","award":["2015CB358800"],"award-info":[{"award-number":["2015CB358800"]}]},{"name":"Shanghai Sailing Program under Grant","award":["16YF1400800"],"award-info":[{"award-number":["16YF1400800"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Meas. Anal. Comput. Syst."],"published-print":{"date-parts":[[2019,3,26]]},"abstract":"<jats:p>Customizability is a key feature of the Android operating system that differentiates it from Apple's iOS. One concrete feature that gaining popularity is called \"app virtualization''. This feature allows multiple copies of the same app to be installed and opened simultaneously (e.g., with multiple accounts logged in). Virtualization frameworks are used by more than 100 million users worldwide. As with any new system features, we are interested in two aspects: (1) whether the feature itself introduces security risks and (2) whether the feature is abused for unintended purposes. This paper conducts a systematic study on the two aspects of the app virtualization techniques.<\/jats:p>\n          <jats:p>With a thorough study of 32 popular virtualization frameworks from Google Play, we identify seven areas of potential attack vectors and find that most of the frameworks are susceptible to them. By deeply investigating their ecosystem, we show, with demonstrations, that attackers can easily distribute malware that takes advantage of these attack vectors. In addition, we show that the same virtualization techniques are also abused by malware as an alternative and easy-to-use repackaging mechanism. To this end, we design and implement a new app repackage detector. After scanning 250,145 apps from app markets, it finds 164 repackaged apps that attempt to steal user credentials and private data.<\/jats:p>","DOI":"10.1145\/3322205.3311088","type":"journal-article","created":{"date-parts":[[2020,3,26]],"date-time":"2020-03-26T13:12:37Z","timestamp":1585228357000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["App in the Middle"],"prefix":"10.1145","volume":"3","author":[{"given":"Lei","family":"Zhang","sequence":"first","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Zhemin","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Yuyu","family":"He","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Mingqi","family":"Li","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Sen","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Min","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Yuan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"given":"Zhiyun","family":"Qian","sequence":"additional","affiliation":[{"name":"University of California Riverside, Riverside, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2019,3,26]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813648"},{"key":"e_1_2_1_2_1","unstructured":"Yousra Aafer Xiao Zhang and Wenliang Du. 2016. Harvesting inconsistent security configurations in custom android Roms via differential analysis. In USENIX SECURITY .   Yousra Aafer Xiao Zhang and Wenliang Du. 2016. Harvesting inconsistent security configurations in custom android Roms via differential analysis. In USENIX SECURITY ."},{"key":"e_1_2_1_3_1","unstructured":"Android. 2017. Android: 2 billion monthly active devices. https:\/\/www.youtube.com\/watch?v=S_M4B-pl05M.  Android. 2017. Android: 2 billion monthly active devices. https:\/\/www.youtube.com\/watch?v=S_M4B-pl05M."},{"key":"e_1_2_1_4_1","unstructured":"Android. 2019. Android Open Source Project. https:\/\/source.android.com\/.  Android. 2019. Android Open Source Project. https:\/\/source.android.com\/."},{"key":"e_1_2_1_5_1","unstructured":"AppInChina. 2018. TOP 20 CHINESE ANDROID APP STORES. https:\/\/www.appinchina.co\/market\/.  AppInChina. 2018. TOP 20 CHINESE ANDROID APP STORES. https:\/\/www.appinchina.co\/market\/."},{"key":"e_1_2_1_6_1","unstructured":"asLody. 2018. VirtualApp. https:\/\/github.com\/asLody\/VirtualApp\/tree\/master.  asLody. 2018. VirtualApp. https:\/\/github.com\/asLody\/VirtualApp\/tree\/master."},{"key":"e_1_2_1_7_1","unstructured":"Bromium. 2019. Browser Isolation with Microsoft Windows Defender Application Guard (WDAG): What It Does How It Works and What It Means. https:\/\/www.bromium.com\/browser-isolation-with-microsoft-windows-defender-application-guard\/.  Bromium. 2019. Browser Isolation with Microsoft Windows Defender Application Guard (WDAG): What It Does How It Works and What It Means. https:\/\/www.bromium.com\/browser-isolation-with-microsoft-windows-defender-application-guard\/."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_9"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516655"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_2_1_12_1","unstructured":"Adrienne-Porter Felt Helen J. Wang and Alexander Moshchuk. 2011b. Permission Re-Delegation: Attacks and Defenses. In USENIX SECURITY .   Adrienne-Porter Felt Helen J. Wang and Alexander Moshchuk. 2011b. Permission Re-Delegation: Attacks and Defenses. In USENIX SECURITY ."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766519"},{"key":"e_1_2_1_14_1","unstructured":"GameGuardian. 2018. No root via Parallel Space Lite on x86 - GameGuardian. https:\/\/gameguardian.net\/forum\/gallery\/image\/447-no-root-via-parallel-space-lite-on-x86-gameguardian\/.  GameGuardian. 2018. No root via Parallel Space Lite on x86 - GameGuardian. https:\/\/gameguardian.net\/forum\/gallery\/image\/447-no-root-via-parallel-space-lite-on-x86-gameguardian\/."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_2_1_16_1","unstructured":"Michael Grace Yajin Zhou Zhi Wang and Xuxian Jiang. 2012. Systematic detection of capability leaks in stock Android smartphones.. In NDSS .  Michael Grace Yajin Zhou Zhi Wang and Xuxian Jiang. 2012. Systematic detection of capability leaks in stock Android smartphones.. In NDSS ."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813606"},{"key":"e_1_2_1_18_1","unstructured":"Programming in LUA. 2018. An Overview of the C API. https:\/\/www.lua.org\/pil\/24.html.  Programming in LUA. 2018. An Overview of the C API. https:\/\/www.lua.org\/pil\/24.html."},{"key":"e_1_2_1_19_1","unstructured":"Infosec institute. 2018. Exploiting Unintended Data Leakage (Side Channel Data Leakage). http:\/\/resources.infosecinstitute.com\/android-hacking-security-part-4-exploiting-unintended-data-leakage-side-channel-data-leakage\/#gref.  Infosec institute. 2018. Exploiting Unintended Data Leakage (Side Channel Data Leakage). http:\/\/resources.infosecinstitute.com\/android-hacking-security-part-4-exploiting-unintended-data-leakage-side-channel-data-leakage\/#gref."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381938"},{"key":"e_1_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Crussell Jonathan Gibler Clint and Chen Hao. 2012. Attack of the Clones: Detecting Cloned Applications on Android Markets. In ESORICS .  Crussell Jonathan Gibler Clint and Chen Hao. 2012. Attack of the Clones: Detecting Cloned Applications on Android Markets. In ESORICS .","DOI":"10.1007\/978-3-642-33167-1_3"},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Crussell Jonathan Gibler Clint and Chen Hao. 2013. AnDarwin: Scalable Detection of Semantically Similar Android Applications. In ESORICS .  Crussell Jonathan Gibler Clint and Chen Hao. 2013. AnDarwin: Scalable Detection of Semantically Similar Android Applications. In ESORICS .","DOI":"10.1007\/978-3-642-40203-6_11"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Sebastian Poeplau Yanick Fratantonio and Antonio Bianchi. 2014. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In NDSS.  Sebastian Poeplau Yanick Fratantonio and Antonio Bianchi. 2014. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In NDSS.","DOI":"10.14722\/ndss.2014.23328"},{"key":"e_1_2_1_26_1","unstructured":"Qemu. 2019. QEMU the FAST! processor emulator. https:\/\/www.qemu.org.  Qemu. 2019. QEMU the FAST! processor emulator. https:\/\/www.qemu.org."},{"key":"e_1_2_1_27_1","unstructured":"Yinfeng Qiu. 2012. Bypassing Android Permissions: What You Need to Know. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/bypassing-android-permissions-what-you-need-to-know\/.  Yinfeng Qiu. 2012. Bypassing Android Permissions: What You Need to Know. https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/bypassing-android-permissions-what-you-need-to-know\/."},{"key":"e_1_2_1_28_1","unstructured":"Quora. 2016a. Is the app parallel space on my android phone safe to use is there no risk of hacking or anything like that? https:\/\/www.quora.com\/Is-the-app-parallel-space-on-my-android-phone-safe-to-use-is-there-no-risk-of-hacking-or-anything-like-that.  Quora. 2016a. Is the app parallel space on my android phone safe to use is there no risk of hacking or anything like that? https:\/\/www.quora.com\/Is-the-app-parallel-space-on-my-android-phone-safe-to-use-is-there-no-risk-of-hacking-or-anything-like-that."},{"key":"e_1_2_1_29_1","unstructured":"Quora. 2016b. What is the process of creating bots for Android games? https:\/\/www.quora.com\/What-is-the-process-of-creating-bots-for-Android-games.  Quora. 2016b. What is the process of creating bots for Android games? https:\/\/www.quora.com\/What-is-the-process-of-creating-bots-for-Android-games."},{"key":"e_1_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Yuru Shao Jason Ott Qi Alfred Chen Zhiyun Qian and Z Morley Mao. 2016a. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In NDSS .  Yuru Shao Jason Ott Qi Alfred Chen Zhiyun Qian and Z Morley Mao. 2016a. Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework. In NDSS .","DOI":"10.14722\/ndss.2016.23046"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978297"},{"key":"e_1_2_1_32_1","unstructured":"Excelliance Tech. 2018a. Multiple Accounts:Parallel App. https:\/\/play.google.com\/store\/apps\/details?id=com.excellianc e.multiaccounts.  Excelliance Tech. 2018a. Multiple Accounts:Parallel App. https:\/\/play.google.com\/store\/apps\/details?id=com.excellianc e.multiaccounts."},{"key":"e_1_2_1_33_1","unstructured":"LBE Tech. 2018b. Over 100 million users worldwide. https:\/\/www.facebook.com\/parallelspaceapp.  LBE Tech. 2018b. Over 100 million users worldwide. https:\/\/www.facebook.com\/parallelspaceapp."},{"key":"e_1_2_1_34_1","unstructured":"LBE Tech. 2018c. Parallel Space - Multiple accounts & Two face. https:\/\/play.google.com\/store\/apps\/details?id=com.lbe. parallel.intl.  LBE Tech. 2018c. Parallel Space - Multiple accounts & Two face. https:\/\/play.google.com\/store\/apps\/details?id=com.lbe. parallel.intl."},{"key":"e_1_2_1_35_1","unstructured":"Julien Thomas. 2018. In-App virtualization to bypass Android security mechanisms of unrooted devices. https:\/\/2018.bsidesbud.com\/wp-content\/uploads\/2018\/03\/julien_thomas.pdf.  Julien Thomas. 2018. In-App virtualization to bypass Android security mechanisms of unrooted devices. https:\/\/2018.bsidesbud.com\/wp-content\/uploads\/2018\/03\/julien_thomas.pdf."},{"key":"e_1_2_1_36_1","unstructured":"tiann. 2018. fuck_anti_virus.gradle. https:\/\/gist.github.com\/tiann\/42f829ae86b90934c8467f6f76dd6a85.  tiann. 2018. fuck_anti_virus.gradle. https:\/\/gist.github.com\/tiann\/42f829ae86b90934c8467f6f76dd6a85."},{"key":"e_1_2_1_37_1","unstructured":"VirtusTotal. 2018. VirtusTotal. https:\/\/www.virustotal.com.  VirtusTotal. 2018. VirtusTotal. https:\/\/www.virustotal.com."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516728"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"},{"key":"e_1_2_1_40_1","unstructured":"Xen. 2019. Xen project. https:\/\/www.xenproject.org.  Xen. 2019. Xen project. https:\/\/www.xenproject.org."},{"key":"e_1_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Aafer Yousra Huang Jianjun and Sun Yi. 2018. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. In NDSS .  Aafer Yousra Huang Jianjun and Sun Yi. 2018. AceDroid: Normalizing Diverse Android Access Control Checks for Inconsistency Detection. In NDSS .","DOI":"10.14722\/ndss.2018.23121"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627395"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978320"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203425"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435377"}],"container-title":["Proceedings of the ACM on Measurement and Analysis of Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3322205.3311088","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3322205.3311088","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:25:55Z","timestamp":1750206355000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3322205.3311088"}},"subtitle":["Demystify Application Virtualization in Android and its Security Threats"],"short-title":[],"issued":{"date-parts":[[2019,3,26]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,3,26]]}},"alternative-id":["10.1145\/3322205.3311088"],"URL":"https:\/\/doi.org\/10.1145\/3322205.3311088","relation":{},"ISSN":["2476-1249"],"issn-type":[{"value":"2476-1249","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3,26]]},"assertion":[{"value":"2019-03-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}