{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T04:20:11Z","timestamp":1759033211310,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":58,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T00:00:00Z","timestamp":1604793600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001866","name":"Fonds National de la Recherche Luxembourg","doi-asserted-by":"publisher","award":["PRIDE15\/10621687\/SPsquared"],"award-info":[{"award-number":["PRIDE15\/10621687\/SPsquared"]}],"id":[{"id":"10.13039\/501100001866","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007601","name":"Horizon 2020","doi-asserted-by":"publisher","award":["830892"],"award-info":[{"award-number":["830892"]}],"id":[{"id":"10.13039\/501100007601","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,11,8]]},"DOI":"10.1145\/3368089.3409745","type":"proceedings-article","created":{"date-parts":[[2020,11,8]],"date-time":"2020-11-08T06:03:52Z","timestamp":1604815432000},"page":"939-951","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Borrowing your enemy\u2019s arrows: the case of code reuse in Android via direct inter-app code invocation"],"prefix":"10.1145","author":[{"given":"Jun","family":"Gao","sequence":"first","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Li","family":"Li","sequence":"additional","affiliation":[{"name":"Monash University, Australia"}]},{"given":"Pingfan","family":"Kong","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Tegawend\u00e9 F.","family":"Bissyand\u00e9","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]}],"member":"320","published-online":{"date-parts":[[2020,11,8]]},"reference":[{"volume-title":"Software reuse research: Status and future","year":"2005","author":"Frakes William B","key":"e_1_3_2_2_1_1"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPC.2012.6240477"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2901679"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.230"},{"volume-title":"Hyeong-Chan Lee, and Jeong Hyun Yi. Repackaging attack on android banking applications and its countermeasures. Wireless Personal Communications, 73 ( 4 ): 1421-1437","year":"2013","author":"Jung Jin-Hyuk","key":"e_1_3_2_2_6_1"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484315"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23255"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837614.2837661"},{"key":"e_1_3_2_2_11_1","first-page":"543","volume-title":"Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13)","author":"Octeau Damien","year":"2013"},{"key":"e_1_3_2_2_12_1","first-page":"543","volume-title":"Presented as part of the 22nd {USENIX} Security Symposium ({USENIX} Security 13)","author":"Octeau Damien","year":"2013"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA619331"},{"volume-title":"Scandroid: Automated security certification of android. Technical report","year":"2009","author":"Fuchs Adam P","key":"e_1_3_2_2_15_1"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516728"},{"key":"e_1_3_2_2_17_1","first-page":"88","volume-title":"USENIX Security Symposium","volume":"30","author":"Felt Adrienne Porter","year":"2011"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2689702.2689705"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053004"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2889495"},{"volume-title":"Vineeta Jain, Vijay Laxmi, Akka Zemmari, Manoj Singh Gaur, Mohamed Mosbah, and Mauro Conti. Android inter-app communication threats and detection techniques. Computers & Security, 70 : 392-421","year":"2017","author":"Bhandari Shweta","key":"e_1_3_2_2_22_1"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-18467-8_34"},{"key":"e_1_3_2_2_24_1","unstructured":"TikTok. Web site: https:\/\/www.tiktok.com. TikTok. Web site: https:\/\/www.tiktok.com."},{"volume-title":"Scandal: Static analyzer for detecting privacy leaks in android applications. MoST, 12 ( 110 ): 1","year":"2012","author":"Kim Jinyung","key":"e_1_3_2_2_25_1"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232009"},{"key":"e_1_3_2_2_27_1","first-page":"1171","volume-title":"Unblocking stolen mobile devices using ss7-map vulnerabilities: Exploiting the relationship between imei and imsi for eir access. In 2015 IEEE Trustcom\/BigDataSE\/ISPA","author":"Rao Siddharth Prakash","year":"2015"},{"volume-title":"Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. SIGPLAN Not., 49 ( 6 )","year":"2014","author":"Arzt Steven","key":"e_1_3_2_2_28_1"},{"key":"e_1_3_2_2_29_1","first-page":"1125","volume-title":"NDSS","volume":"14","author":"Rasthofer Siegfried"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931044"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.64"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420956"},{"key":"e_1_3_2_2_33_1","first-page":"35","volume-title":"Cetus Users and Compiler Infastructure Workshop (CETUS 2011 )","volume":"15","author":"Lam Patrick","year":"2011"},{"volume-title":"Collecting millions of android apps and their metadata for the research community","year":"2017","author":"Li Li","key":"e_1_3_2_2_34_1"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3278532.3278558"},{"key":"e_1_3_2_2_36_1","unstructured":"VirusTotal. Web site: https:\/\/www.virustotal.com\/. VirusTotal. Web site: https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_2_37_1","first-page":"1","article-title":"Understanding the evolution of android app vulnerabilities","author":"Gao J.","year":"2019","journal-title":"IEEE Transactions on Reliability, pages"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897667.2897673"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381949"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2018.00031"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931044"},{"volume-title":"The Web Conference 2020 (WWW 2020 )","year":"2020","author":"Liu Tianming","key":"e_1_3_2_2_43_1"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236045"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3177102.3177113"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2015.36"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1145\/2307636.2307663","volume-title":"Proceedings of the 10th international conference on Mobile systems, applications, and services","author":"Grace Michael","year":"2012"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892218"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2019.00013"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330572"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180243"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2865733"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931054"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/2896921.2896932"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106298"},{"volume-title":"Automatic detection of inter-application permission leaks in android applications. IBM Journal of Research and Development, 57 ( 6 ): 10-1","year":"2013","author":"Sb\u00eerlea Dragos","key":"e_1_3_2_2_57_1"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771800"}],"event":{"name":"ESEC\/FSE '20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Virtual Event USA","acronym":"ESEC\/FSE '20"},"container-title":["Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409745","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3368089.3409745","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:57Z","timestamp":1750197717000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409745"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,11,8]]},"references-count":58,"alternative-id":["10.1145\/3368089.3409745","10.1145\/3368089"],"URL":"https:\/\/doi.org\/10.1145\/3368089.3409745","relation":{},"subject":[],"published":{"date-parts":[[2020,11,8]]},"assertion":[{"value":"2020-11-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}