{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T16:19:42Z","timestamp":1783009182989,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CSIRO Research Office"},{"name":"the Major Project of Ministry of Industry and Information Technology of China ([2018] No.36).","award":["[2018] No.36"],"award-info":[{"award-number":["[2018] No.36"]}]},{"name":"the General Program of National Natural Science Foundation of China","award":["61872237"],"award-info":[{"award-number":["61872237"]}]},{"name":"the Key Program of National Natural Science Foundation of China","award":["U1636217"],"award-info":[{"award-number":["U1636217"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359828","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"339-354","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":35,"title":["An empirical study of SMS one-time password authentication in Android apps"],"prefix":"10.1145","author":[{"given":"Siqi","family":"Ma","sequence":"first","affiliation":[{"name":"CSIRO"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Runhan","family":"Feng","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Juanru","family":"Li","sequence":"additional","affiliation":[{"name":"Shanghai Jiao Tong University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Xidian University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[{"name":"Ostry, CSIRO"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"family":"Diethelm","sequence":"additional","affiliation":[{"name":"Ostry, CSIRO"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Robert H.","family":"Deng","sequence":"additional","affiliation":[{"name":"Singapore Management University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhuo","family":"Ma","sequence":"additional","affiliation":[{"name":"Xidian University"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sanjay","family":"Jha","sequence":"additional","affiliation":[{"name":"University of New South Wales"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Android [n. d.]. UI Automator. https:\/\/developer.android.com\/training\/testing\/ui-automator. Android [n. d.]. UI Automator. https:\/\/developer.android.com\/training\/testing\/ui-automator."},{"key":"e_1_3_2_1_2_1","unstructured":"Android. [n. d.]. UI\/Application Exerciser Monkey Tool. https:\/\/developer.android.com\/studio\/test\/monkey. Android. [n. d.]. UI\/Application Exerciser Monkey Tool. https:\/\/developer.android.com\/studio\/test\/monkey."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2001.991545"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017.88"},{"key":"e_1_3_2_1_5_1","unstructured":"CITI Bank. [n. d.]. CITI Bank Mobile Token. https:\/\/www.citibank.com.au\/aus\/banking\/citi-mobile-token.htm. CITI Bank. [n. d.]. CITI Bank Mobile Token. https:\/\/www.citibank.com.au\/aus\/banking\/citi-mobile-token.htm."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134615"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_8_1","volume-title":"In Proceedings of the 22nd Usenix Security Symposium (USENIX). 131--146","author":"Bugiel Sven","year":"2013","unstructured":"Sven Bugiel , Stephen Heuser , and Ahmad-Reza Sadeghi . 2013 . Flexible and fine-grained mandatory access control on android for diverse security and privacy policies . In In Proceedings of the 22nd Usenix Security Symposium (USENIX). 131--146 . Sven Bugiel, Stephen Heuser, and Ahmad-Reza Sadeghi. 2013. Flexible and fine-grained mandatory access control on android for diverse security and privacy policies. In In Proceedings of the 22nd Usenix Security Symposium (USENIX). 131--146."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2011.6080776"},{"key":"e_1_3_2_1_10_1","volume-title":"International Conference on Financial Cryptography and Data Security. Springer, 231--249","author":"Carter Patrick","year":"2016","unstructured":"Patrick Carter , Collin Mulliner , Martina Lindorfer , William Robertson , and Engin Kirda . 2016 . CuriousDroid: automated user interface interaction for android application analysis sandboxes . In International Conference on Financial Cryptography and Data Security. Springer, 231--249 . Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, and Engin Kirda. 2016. CuriousDroid: automated user interface interaction for android application analysis sandboxes. In International Conference on Financial Cryptography and Data Security. Springer, 231--249."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1080\/10658980601051318"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_24"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.amc.2016.08.051"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ITNG.2011.64"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2806891"},{"key":"e_1_3_2_1_19_1","volume-title":"In Proceedings of the 1st International Conference on Advanced Computer Science Applications and Technologies (ACSAT). IEEE, 25--30","author":"Gauravaram Praveen","year":"2012","unstructured":"Praveen Gauravaram . 2012 . Security Analysis of salt|| password Hashes . In In Proceedings of the 1st International Conference on Advanced Computer Science Applications and Technologies (ACSAT). IEEE, 25--30 . Praveen Gauravaram. 2012. Security Analysis of salt|| password Hashes. In In Proceedings of the 1st International Conference on Advanced Computer Science Applications and Technologies (ACSAT). IEEE, 25--30."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. [n. d.]. Google Authenticator. https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2&hl=en_AU. Google. [n. d.]. Google Authenticator. https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2&hl=en_AU."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2010.12.001"},{"key":"e_1_3_2_1_23_1","volume-title":"Securing SMS based one time password technique from Man in the middle attack. arXiv preprint arXiv:1405.4828","author":"Hamdare Safa","year":"2014","unstructured":"Safa Hamdare , Varsha Nagpurkar , and Jayashri Mittal . 2014. Securing SMS based one time password technique from Man in the middle attack. arXiv preprint arXiv:1405.4828 ( 2014 ). Safa Hamdare, Varsha Nagpurkar, and Jayashri Mittal. 2014. Securing SMS based one time password technique from Man in the middle attack. arXiv preprint arXiv:1405.4828 (2014)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771800"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.39"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2008.208"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660275"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11235-018-0437-1"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/358790.358797"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23180"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897896"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2015.93"},{"key":"e_1_3_2_1_33_1","volume-title":"Foundations of statistical natural language processing","author":"Manning Christopher D","unstructured":"Christopher D Manning , Christopher D Manning , and Hinrich Sch\u00fctze . 1999. Foundations of statistical natural language processing . MIT press . Christopher D Manning, Christopher D Manning, and Hinrich Sch\u00fctze. 1999. Foundations of statistical natural language processing. MIT press."},{"key":"e_1_3_2_1_34_1","volume-title":"Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov , Kai Chen , Greg Corrado , and Jeffrey Dean . 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 ( 2013 ). Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc4226"},{"key":"e_1_3_2_1_36_1","volume-title":"Totp: Time-based one-time password algorithm. Technical Report.","author":"M'Raihi David","year":"2011","unstructured":"David M'Raihi , Salah Machani , Mingliang Pei , and Johan Rydell . 2011 . Totp: Time-based one-time password algorithm. Technical Report. David M'Raihi, Salah Machani, Mingliang Pei, and Johan Rydell. 2011. Totp: Time-based one-time password algorithm. Technical Report."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39235-1_9"},{"key":"e_1_3_2_1_38_1","unstructured":"PortSwigger. [n. d.]. Burp Suite. https:\/\/portswigger.net\/burp. PortSwigger. [n. d.]. Burp Suite. https:\/\/portswigger.net\/burp."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1109\/PROC.1969.6869","article-title":"Hadamard transform image coding","volume":"57","author":"Pratt William K","year":"1969","unstructured":"William K Pratt , Julius Kane , and Harry C Andrews . 1969 . Hadamard transform image coding . In Proceedings of the IEEE Journals and Magazines 57 , 1 (1969), 58 -- 68 . William K Pratt, Julius Kane, and Harry C Andrews. 1969. Hadamard transform image coding. In Proceedings of the IEEE Journals and Magazines 57, 1 (1969), 58--68.","journal-title":"Proceedings of the IEEE Journals and Magazines"},{"key":"e_1_3_2_1_40_1","volume-title":"In Proceedings of the 14th Usenix Security Symposium (USENIX)","author":"Ross Blake","year":"2005","unstructured":"Blake Ross , Collin Jackson , Nick Miyake , Dan Boneh , and John C Mitchell . 2005 . Stronger Password Authentication Using Browser Extensions .. In In Proceedings of the 14th Usenix Security Symposium (USENIX) . Baltimore, MD, USA, 17--32. Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C Mitchell. 2005. Stronger Password Authentication Using Browser Extensions.. In In Proceedings of the 14th Usenix Security Symposium (USENIX). Baltimore, MD, USA, 17--32."},{"key":"e_1_3_2_1_41_1","unstructured":"SnowBall. [n. d.]. Porter Stemmer. http:\/\/tartarus.org\/martin\/PorterStemmer\/java.txt. SnowBall. [n. d.]. Porter Stemmer. http:\/\/tartarus.org\/martin\/PorterStemmer\/java.txt."},{"key":"e_1_3_2_1_42_1","unstructured":"PNF Software. [n. d.]. JEB Decompiler. https:\/\/www.pnfsoftware.com\/. PNF Software. [n. d.]. JEB Decompiler. https:\/\/www.pnfsoftware.com\/."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.45"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813692"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIST.2014.6920371"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.09.012"},{"key":"e_1_3_2_1_47_1","volume-title":"Resetting Your Password Is Vulnerable: A Security Study of Common SMS-Based Authentication in IoT Device. The Journal of Wireless Communications and Mobile Computing 2018","author":"Wang Dong","year":"2018","unstructured":"Dong Wang , Xiaosong Zhang , Jiang Ming , Ting Chen , Chao Wang , and Weina Niu . 2018. Resetting Your Password Is Vulnerable: A Security Study of Common SMS-Based Authentication in IoT Device. The Journal of Wireless Communications and Mobile Computing 2018 ( 2018 ). Dong Wang, Xiaosong Zhang, Jiang Ming, Ting Chen, Chao Wang, and Weina Niu. 2018. Resetting Your Password Is Vulnerable: A Security Study of Common SMS-Based Authentication in IoT Device. The Journal of Wireless Communications and Mobile Computing 2018 (2018)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818024"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_3_2_1_50_1","volume-title":"Android-apktool: A tool for reverse engineering android apk files.","author":"Winsniewski R","year":"2012","unstructured":"R Winsniewski . 2012 . Android-apktool: A tool for reverse engineering android apk files. R Winsniewski. 2012. Android-apktool: A tool for reverse engineering android apk files."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-014-1888-3"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052609"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714583"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359828","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359828","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:04Z","timestamp":1750203904000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359828"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":49,"alternative-id":["10.1145\/3359789.3359828","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359828","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}