{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T01:23:42Z","timestamp":1777339422455,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":109,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T00:00:00Z","timestamp":1604016000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["CNS-1618493"],"award-info":[{"award-number":["CNS-1618493"]}]},{"name":"National Science Foundation","award":["CNS-1838083"],"award-info":[{"award-number":["CNS-1838083"]}]},{"name":"National Science Foundation","award":["CNS-1801432"],"award-info":[{"award-number":["CNS-1801432"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,30]]},"DOI":"10.1145\/3372297.3417255","type":"proceedings-article","created":{"date-parts":[[2020,11,2]],"date-time":"2020-11-02T18:27:04Z","timestamp":1604341624000},"page":"569-585","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems"],"prefix":"10.1145","author":[{"given":"Haoran","family":"Lu","sequence":"first","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luyi","family":"Xing","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yue","family":"Xiao","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yifan","family":"Zhang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaojing","family":"Liao","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"XiaoFeng","family":"Wang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xueqiang","family":"Wang","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, Bloomington, IN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,11,2]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2011. HTML5 Fullscreen API Attack. https:\/\/feross.org\/html5-fullscreen-api-attack\/.  2011. HTML5 Fullscreen API Attack. https:\/\/feross.org\/html5-fullscreen-api-attack\/."},{"key":"e_1_3_2_2_2_1","unstructured":"2011. The Inception Bar. https:\/\/jameshfisher.com\/2019\/04\/27\/the-inception-bar-a-new-phishing-method\/.  2011. The Inception Bar. https:\/\/jameshfisher.com\/2019\/04\/27\/the-inception-bar-a-new-phishing-method\/."},{"key":"e_1_3_2_2_3_1","unstructured":"2018. Java Runnable. https:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/lang\/Runnable.html.  2018. Java Runnable. https:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/lang\/Runnable.html."},{"key":"e_1_3_2_2_4_1","unstructured":"2018. A one year PWA retrospective. https:\/\/medium.com\/pinterest-engineering\/a-one-year-pwa-retrospective-f4a2f4129e05.  2018. A one year PWA retrospective. https:\/\/medium.com\/pinterest-engineering\/a-one-year-pwa-retrospective-f4a2f4129e05."},{"key":"e_1_3_2_2_5_1","unstructured":"2018. Wechat 1 million sub-apps. https:\/\/www.scmp.com\/tech\/article\/2153705\/tencents-wechat-now-host-1-million-mini-programs.  2018. Wechat 1 million sub-apps. https:\/\/www.scmp.com\/tech\/article\/2153705\/tencents-wechat-now-host-1-million-mini-programs."},{"key":"e_1_3_2_2_6_1","unstructured":"2018. WeChat reaches 1M sub-apps half the size of Apple's App Store. https:\/\/techcrunch.com\/2018\/11\/07\/wechat-mini-apps-200-million-users\/.  2018. WeChat reaches 1M sub-apps half the size of Apple's App Store. https:\/\/techcrunch.com\/2018\/11\/07\/wechat-mini-apps-200-million-users\/."},{"key":"e_1_3_2_2_7_1","unstructured":"2018. Xposed. https:\/\/api.xposed.info\/reference\/packages.html.  2018. Xposed. https:\/\/api.xposed.info\/reference\/packages.html."},{"key":"e_1_3_2_2_8_1","unstructured":"2019. AdBlock. https:\/\/getadblock.com.  2019. AdBlock. https:\/\/getadblock.com."},{"key":"e_1_3_2_2_9_1","unstructured":"2019. Android Location permissions. https:\/\/developers.google.com\/maps\/documentation\/android-sdk\/location.  2019. Android Location permissions. https:\/\/developers.google.com\/maps\/documentation\/android-sdk\/location."},{"key":"e_1_3_2_2_10_1","unstructured":"2019. Apache Cordova. https:\/\/cordova.apache.org\/.  2019. Apache Cordova. https:\/\/cordova.apache.org\/."},{"key":"e_1_3_2_2_11_1","unstructured":"2019. Apina Supporting Website. https:\/\/sites.google.com\/view\/appinapp\/.  2019. Apina Supporting Website. https:\/\/sites.google.com\/view\/appinapp\/."},{"key":"e_1_3_2_2_12_1","unstructured":"2019. Browser Extension JavaScript APIs. https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Add-ons\/WebExtensions\/Browser_support_for_JavaScript_APIs.  2019. Browser Extension JavaScript APIs. https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Add-ons\/WebExtensions\/Browser_support_for_JavaScript_APIs."},{"key":"e_1_3_2_2_13_1","unstructured":"2019. Browser Plug-in. https:\/\/developer.mozilla.org\/en-US\/docs\/Plugins\/Guide\/Plug-in_Basics#Understanding_the_Runtime_Model.  2019. Browser Plug-in. https:\/\/developer.mozilla.org\/en-US\/docs\/Plugins\/Guide\/Plug-in_Basics#Understanding_the_Runtime_Model."},{"key":"e_1_3_2_2_14_1","unstructured":"2019. Droid Plugin. http:\/\/droidpluginteam.github.io\/DroidPlugin\/.  2019. Droid Plugin. http:\/\/droidpluginteam.github.io\/DroidPlugin\/."},{"key":"e_1_3_2_2_15_1","unstructured":"2019. EditThisCookie. http:\/\/www.editthiscookie.com\/.  2019. EditThisCookie. http:\/\/www.editthiscookie.com\/."},{"key":"e_1_3_2_2_16_1","unstructured":"2019. Entitlements. https:\/\/developer.apple.com\/documentation\/bundleresources\/entitlements.  2019. Entitlements. https:\/\/developer.apple.com\/documentation\/bundleresources\/entitlements."},{"key":"e_1_3_2_2_17_1","unstructured":"2019. External-Storage. https:\/\/developer.android.com\/guide\/topics\/data\/data-storage.  2019. External-Storage. https:\/\/developer.android.com\/guide\/topics\/data\/data-storage."},{"key":"e_1_3_2_2_18_1","unstructured":"2019. Ionic. https:\/\/ionicframework.com.  2019. Ionic. https:\/\/ionicframework.com."},{"key":"e_1_3_2_2_19_1","unstructured":"2019. JavaScript. https:\/\/en.wikipedia.org\/wiki\/JavaScript.  2019. JavaScript. https:\/\/en.wikipedia.org\/wiki\/JavaScript."},{"key":"e_1_3_2_2_20_1","unstructured":"2019. JavaScript data types and data structures. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Data_structures.  2019. JavaScript data types and data structures. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/JavaScript\/Data_structures."},{"key":"e_1_3_2_2_21_1","unstructured":"2019. MorzillaSecurity Funfuzz. https:\/\/github.com\/MozillaSecurity\/funfuzz\/blob\/master\/src\/funfuzz\/js\/shared\/random.js.  2019. MorzillaSecurity Funfuzz. https:\/\/github.com\/MozillaSecurity\/funfuzz\/blob\/master\/src\/funfuzz\/js\/shared\/random.js."},{"key":"e_1_3_2_2_22_1","unstructured":"2019. Parallel Space App. http:\/\/parallelspace-app.com.  2019. Parallel Space App. http:\/\/parallelspace-app.com."},{"key":"e_1_3_2_2_23_1","unstructured":"2019. PhoneGap. https:\/\/phonegap.com.  2019. PhoneGap. https:\/\/phonegap.com."},{"key":"e_1_3_2_2_24_1","unstructured":"2019. Pinduoduo. https:\/\/www.digitalcommerce360.com\/2019\/04\/16\/why-china-ecommerce-is-going-crazy-for-wechat-mini%E2%80%91programs\/.  2019. Pinduoduo. https:\/\/www.digitalcommerce360.com\/2019\/04\/16\/why-china-ecommerce-is-going-crazy-for-wechat-mini%E2%80%91programs\/."},{"key":"e_1_3_2_2_25_1","unstructured":"2019. Virtual App. https:\/\/github.com\/asLody\/VirtualApp.  2019. Virtual App. https:\/\/github.com\/asLody\/VirtualApp."},{"key":"e_1_3_2_2_26_1","volume-title":"WeChat became the 5th most-used app in the world. https:\/\/www.dragonsocial.net\/blog\/wechat-mini-programs\/","unstructured":"2019. WeChat became the 5th most-used app in the world. https:\/\/www.dragonsocial.net\/blog\/wechat-mini-programs\/ . 2019. WeChat became the 5th most-used app in the world. https:\/\/www.dragonsocial.net\/blog\/wechat-mini-programs\/."},{"key":"e_1_3_2_2_27_1","unstructured":"2019. WeChat Mini-programs and social e-commerce. https:\/\/walkthechat.com\/wechat-mini-programs-simple-introduction\/.  2019. WeChat Mini-programs and social e-commerce. https:\/\/walkthechat.com\/wechat-mini-programs-simple-introduction\/."},{"key":"e_1_3_2_2_28_1","unstructured":"2019. WeChat Mini Programs: The Complete Guide for Business. https:\/\/topdigital.agency\/wechat-mini-programs-the-complete-guide-for-business\/.  2019. WeChat Mini Programs: The Complete Guide for Business. https:\/\/topdigital.agency\/wechat-mini-programs-the-complete-guide-for-business\/."},{"key":"e_1_3_2_2_29_1","unstructured":"2019. Wechat sub-app review process. https:\/\/developers.weixin.qq.com\/miniprogram\/en\/product\/reject.html.  2019. Wechat sub-app review process. https:\/\/developers.weixin.qq.com\/miniprogram\/en\/product\/reject.html."},{"key":"e_1_3_2_2_30_1","unstructured":"2019. What is a Hybrid Mobile App? https:\/\/www.telerik.com\/blogs\/what-is-a-hybrid-mobile-app-.  2019. What is a Hybrid Mobile App? https:\/\/www.telerik.com\/blogs\/what-is-a-hybrid-mobile-app-."},{"key":"e_1_3_2_2_31_1","unstructured":"2020. Android version distribution. https:\/\/gs.statcounter.com\/os-version-market-share\/android.  2020. Android version distribution. https:\/\/gs.statcounter.com\/os-version-market-share\/android."},{"key":"e_1_3_2_2_32_1","unstructured":"2020. OCR SPACE. https:\/\/ocr.space.  2020. OCR SPACE. https:\/\/ocr.space."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243842"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.33"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627399"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243778"},{"key":"e_1_3_2_2_37_1","unstructured":"Apple. 2014. Objective-C.https:\/\/developer.apple.com\/library\/archive\/documentation\/Cocoa\/Conceptual\/ProgrammingWithObjectiveC\/Introduction\/Introduction.html.  Apple. 2014. Objective-C.https:\/\/developer.apple.com\/library\/archive\/documentation\/Cocoa\/Conceptual\/ProgrammingWithObjectiveC\/Introduction\/Introduction.html."},{"key":"e_1_3_2_2_38_1","unstructured":"Apple. 2018. Swift. https:\/\/developer.apple.com\/swift\/.  Apple. 2018. Swift. https:\/\/developer.apple.com\/swift\/."},{"key":"e_1_3_2_2_39_1","unstructured":"Apple. 2019. Apple Entitlements. https:\/\/developer.apple.com\/library\/archive\/documentation\/Miscellaneous\/Reference\/EntitlementKeyReference\/Chapters\/AboutEntitlements.html.  Apple. 2019. Apple Entitlements. https:\/\/developer.apple.com\/library\/archive\/documentation\/Miscellaneous\/Reference\/EntitlementKeyReference\/Chapters\/AboutEntitlements.html."},{"key":"e_1_3_2_2_40_1","unstructured":"Apple. 2019. Microphone Usage Entitlement. https:\/\/developer.apple.com\/documentation\/avfoundation\/avaudiosession\/1616601-requestrecordpermission.  Apple. 2019. Microphone Usage Entitlement. https:\/\/developer.apple.com\/documentation\/avfoundation\/avaudiosession\/1616601-requestrecordpermission."},{"key":"e_1_3_2_2_41_1","unstructured":"Apple. 2019. NE Hotspot Requirement. https:\/\/developer.apple.com\/library\/archive\/qa\/qa1942\/_index.html.  Apple. 2019. NE Hotspot Requirement. https:\/\/developer.apple.com\/library\/archive\/qa\/qa1942\/_index.html."},{"key":"e_1_3_2_2_42_1","unstructured":"Apple. 2019. Web Clip. https:\/\/developer.apple.com\/library\/archive\/documentation\/AppleApplications\/Reference\/SafariWebContent\/ConfiguringWebApplications\/ConfiguringWebApplications.html.  Apple. 2019. Web Clip. https:\/\/developer.apple.com\/library\/archive\/documentation\/AppleApplications\/Reference\/SafariWebContent\/ConfiguringWebApplications\/ConfiguringWebApplications.html."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_2_44_1","volume-title":"On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. In 25th USENIX Security Symposium. 1101--1118","author":"Backes Michael","year":"2016","unstructured":"Michael Backes , Sven Bugiel , Erik Derr , Patrick D McDaniel , Damien Octeau , and Sebastian Weisgerber . 2016 . On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. In 25th USENIX Security Symposium. 1101--1118 . Michael Backes, Sven Bugiel, Erik Derr, Patrick D McDaniel, Damien Octeau, and Sebastian Weisgerber. 2016. On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. In 25th USENIX Security Symposium. 1101--1118."},{"key":"e_1_3_2_2_45_1","volume-title":"24th USENIX Security Symposium. 691--706","author":"Backes Michael","year":"2015","unstructured":"Michael Backes , Sven Bugiel , Christian Hammer , Oliver Schranz , and Philippvon Styp-Rekowsky . 2015 . Boxify: Full-fledged app sandboxing for stock android . In 24th USENIX Security Symposium. 691--706 . Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philippvon Styp-Rekowsky. 2015. Boxify: Full-fledged app sandboxing for stock android. In 24th USENIX Security Symposium. 691--706."},{"key":"e_1_3_2_2_46_1","volume-title":"Vetting Browser Extensions for Security Vulnerabilities with VEX. Commun. ACM54, 9 (Sept","author":"Bandhakavi Sruthi","year":"2011","unstructured":"Sruthi Bandhakavi , Nandit Tiku , Wyatt Pittman , Samuel T. King , P. Mad-husudan, and Marianne Winslett . 2011. Vetting Browser Extensions for Security Vulnerabilities with VEX. Commun. ACM54, 9 (Sept . 2011 ), 91--99.https:\/\/doi.org\/10.1145\/1995376.1995398 10.1145\/1995376.1995398 Sruthi Bandhakavi, Nandit Tiku, Wyatt Pittman, Samuel T. King, P. Mad-husudan, and Marianne Winslett. 2011. Vetting Browser Extensions for Security Vulnerabilities with VEX. Commun. ACM54, 9 (Sept. 2011), 91--99.https:\/\/doi.org\/10.1145\/1995376.1995398"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.62"},{"key":"e_1_3_2_2_48_1","volume-title":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 27--38","author":"Bianchi Antonio","unstructured":"Antonio Bianchi , Yanick Fratantonio , Christopher Kruegel , and Giovanni Vigna .2015. Njas : Sandboxing unmodified applications in non-rooted devices running stock android . In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 27--38 . Antonio Bianchi, Yanick Fratantonio, Christopher Kruegel, and Giovanni Vigna.2015. Njas: Sandboxing unmodified applications in non-rooted devices running stock android. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 27--38."},{"key":"e_1_3_2_2_49_1","unstructured":"Byte Dance. 2019. Tiktok sub-app review process. https:\/\/developer.toutiao.com\/dev\/cn\/mini-app\/operation\/agreement\/agreement.  Byte Dance. 2019. Tiktok sub-app review process. https:\/\/developer.toutiao.com\/dev\/cn\/mini-app\/operation\/agreement\/agreement."},{"key":"e_1_3_2_2_50_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Chen Qi Alfred","unstructured":"Qi Alfred Chen , Zhiyun Qian , and Z. Morley Mao . 2014. Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks . In 23rd USENIX Security Symposium (USENIX Security 14) . USENIX Association, San Diego, CA, 1037--1052. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/chen Qi Alfred Chen, Zhiyun Qian, and Z. Morley Mao. 2014. Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. In 23rd USENIX Security Symposium (USENIX Security 14). USENIX Association, San Diego, CA, 1037--1052. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/chen"},{"key":"e_1_3_2_2_51_1","volume-title":"USENIX Security Symposium. 1037--1052","author":"Chen Qi Alfred","year":"2014","unstructured":"Qi Alfred Chen , Zhiyun Qian , and Zhuoqing Morley Mao . 2014 . Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks . In USENIX Security Symposium. 1037--1052 . Qi Alfred Chen, Zhiyun Qian, and Zhuoqing Morley Mao. 2014. Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks. In USENIX Security Symposium. 1037--1052."},{"key":"e_1_3_2_2_52_1","volume-title":"Securing script-based extensibility in web browsers","author":"Djeric Vladan","unstructured":"Vladan Djeric and Ashvin Goel . 2009. Securing script-based extensibility in web browsers . University of Toronto . Vladan Djeric and Ashvin Goel. 2009. Securing script-based extensibility in web browsers. University of Toronto."},{"key":"e_1_3_2_2_53_1","unstructured":"Facebook. 2019. React Native. https:\/\/facebook.github.io\/react-native\/.  Facebook. 2019. React Native. https:\/\/facebook.github.io\/react-native\/."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_2_55_1","unstructured":"Adrienne Porter Felt and David Wagner. 2011.Phishing on mobile devices. na.  Adrienne Porter Felt and David Wagner. 2011.Phishing on mobile devices. na."},{"key":"e_1_3_2_2_56_1","volume-title":"International Conference on Financial Cryptography and Data Security. Springer, 41--59","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes , Qi Alfred Chen , Justin Paupore , Georg Essl , J Alex Halder-man, Z Morley Mao , and Atul Prakash . 2016 . Android ui deception revisited:Attacks and defenses . In International Conference on Financial Cryptography and Data Security. Springer, 41--59 . Earlence Fernandes, Qi Alfred Chen, Justin Paupore, Georg Essl, J Alex Halder-man, Z Morley Mao, and Atul Prakash. 2016. Android ui deception revisited:Attacks and defenses. In International Conference on Financial Cryptography and Data Security. Springer, 41--59."},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.39"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23323"},{"key":"e_1_3_2_2_59_1","unstructured":"Google. 2018. Android Developers. https:\/\/developer.android.com\/.  Google. 2018. Android Developers. https:\/\/developer.android.com\/."},{"key":"e_1_3_2_2_60_1","unstructured":"Google. 2018.Android Media Projection. https:\/\/developer.android.com\/reference\/android\/media\/projection\/MediaProjection.  Google. 2018.Android Media Projection. https:\/\/developer.android.com\/reference\/android\/media\/projection\/MediaProjection."},{"key":"e_1_3_2_2_61_1","unstructured":"Google. 2018. Android Recents Screen. https:\/\/developer.android.com\/guide\/components\/activities\/recents.  Google. 2018. Android Recents Screen. https:\/\/developer.android.com\/guide\/components\/activities\/recents."},{"key":"e_1_3_2_2_62_1","unstructured":"Google. 2018. Android Signature Permissions. https:\/\/developer.android.com\/guide\/topics\/permissions\/overview#signature_permissions.  Google. 2018. Android Signature Permissions. https:\/\/developer.android.com\/guide\/topics\/permissions\/overview#signature_permissions."},{"key":"e_1_3_2_2_63_1","unstructured":"Google. 2018. Android UsbManager. https:\/\/developer.android.com\/reference\/android\/hardware\/usb\/UsbManager.  Google. 2018. Android UsbManager. https:\/\/developer.android.com\/reference\/android\/hardware\/usb\/UsbManager."},{"key":"e_1_3_2_2_64_1","unstructured":"Google. 2018. Progressive Web App. https:\/\/developers.google.com\/web\/progressive-web-apps\/.  Google. 2018. Progressive Web App. https:\/\/developers.google.com\/web\/progressive-web-apps\/."},{"key":"e_1_3_2_2_65_1","unstructured":"Google. 2018. PWA Checklist. https:\/\/developers.google.com\/web\/progressive-web-apps\/checklist.  Google. 2018. PWA Checklist. https:\/\/developers.google.com\/web\/progressive-web-apps\/checklist."},{"key":"e_1_3_2_2_66_1","unstructured":"Google. 2018. PWA WebAPK. https:\/\/developers.google.com\/web\/fundamentals\/integration\/webapks.  Google. 2018. PWA WebAPK. https:\/\/developers.google.com\/web\/fundamentals\/integration\/webapks."},{"key":"e_1_3_2_2_67_1","unstructured":"Google. 2018. Security Enhancements in Android 6.0. https:\/\/source.android.com\/security\/enhancements\/enhancements60.  Google. 2018. Security Enhancements in Android 6.0. https:\/\/source.android.com\/security\/enhancements\/enhancements60."},{"key":"e_1_3_2_2_68_1","unstructured":"Google. 2019. Android PixelCopy API. https:\/\/developer.android.com\/reference\/android\/view\/PixelCopy.  Google. 2019. Android PixelCopy API. https:\/\/developer.android.com\/reference\/android\/view\/PixelCopy."},{"key":"e_1_3_2_2_69_1","unstructured":"Google. 2019. Android Record Audio Permission. https:\/\/developer.android.com\/reference\/android\/Manifest.permission.html#RECORD_AUDIO.  Google. 2019. Android Record Audio Permission. https:\/\/developer.android.com\/reference\/android\/Manifest.permission.html#RECORD_AUDIO."},{"key":"e_1_3_2_2_70_1","unstructured":"Google. 2019. Android Requiement of Accquiring Dangerous Level Permission.https:\/\/developer.android.com\/guide\/topics\/permissions\/overview.  Google. 2019. Android Requiement of Accquiring Dangerous Level Permission.https:\/\/developer.android.com\/guide\/topics\/permissions\/overview."},{"key":"e_1_3_2_2_71_1","unstructured":"Google. 2019. Android Version Fragmentation. https:\/\/developer.android.com\/about\/dashboards.  Google. 2019. Android Version Fragmentation. https:\/\/developer.android.com\/about\/dashboards."},{"key":"e_1_3_2_2_72_1","unstructured":"Google. 2019. Android WifiManager Documentation. https:\/\/developer.android.com\/reference\/android\/net\/wifi\/WifiManager.  Google. 2019. Android WifiManager Documentation. https:\/\/developer.android.com\/reference\/android\/net\/wifi\/WifiManager."},{"key":"e_1_3_2_2_73_1","unstructured":"Google. 2019. Dangerous Permission Level. https:\/\/developer.android.com\/guide\/topics\/permissions\/overview#dangerous_permissions.  Google. 2019. Dangerous Permission Level. https:\/\/developer.android.com\/guide\/topics\/permissions\/overview#dangerous_permissions."},{"key":"e_1_3_2_2_74_1","unstructured":"Google. 2019. Manifest.permission. https:\/\/developer.android.com\/reference\/android\/Manifest.permission.  Google. 2019. Manifest.permission. https:\/\/developer.android.com\/reference\/android\/Manifest.permission."},{"key":"e_1_3_2_2_75_1","unstructured":"Google. 2019. Progressive Web Apps. https:\/\/developers.google.com\/web\/fundamentals\/app-install-banners\/promoting-install-mobile.  Google. 2019. Progressive Web Apps. https:\/\/developers.google.com\/web\/fundamentals\/app-install-banners\/promoting-install-mobile."},{"key":"e_1_3_2_2_76_1","unstructured":"Google. 2019. WebView. https:\/\/developer.android.com\/reference\/android\/webkit\/WebView.  Google. 2019. WebView. https:\/\/developer.android.com\/reference\/android\/webkit\/WebView."},{"key":"e_1_3_2_2_77_1","unstructured":"Google. 2020. Android 6.0 Change. https:\/\/developer.android.com\/about\/versions\/marshmallow\/android-6.0-changes#behavior-hardware-id.  Google. 2020. Android 6.0 Change. https:\/\/developer.android.com\/about\/versions\/marshmallow\/android-6.0-changes#behavior-hardware-id."},{"key":"e_1_3_2_2_78_1","unstructured":"Google. 2020. Android Inet Address API. https:\/\/developer.android.com\/reference\/java\/net\/InetAddress#getCanonicalHostName().  Google. 2020. Android Inet Address API. https:\/\/developer.android.com\/reference\/java\/net\/InetAddress#getCanonicalHostName()."},{"key":"e_1_3_2_2_79_1","unstructured":"Google. 2020. Privacy changes in Android 10. https:\/\/developer.android.com\/about\/versions\/10\/privacy\/changes.  Google. 2020. Privacy changes in Android 10. https:\/\/developer.android.com\/about\/versions\/10\/privacy\/changes."},{"key":"e_1_3_2_2_80_1","unstructured":"Google. 2020. Security and Privacy Enhancements in Android 10. https:\/\/source.android.com\/security\/enhancements\/enhancements10#filesystem-restrictions.  Google. 2020. Security and Privacy Enhancements in Android 10. https:\/\/source.android.com\/security\/enhancements\/enhancements10#filesystem-restrictions."},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.36"},{"key":"e_1_3_2_2_82_1","unstructured":"Itseez. 2015. Open Source Computer Vision Library. https:\/\/github.com\/itseez\/opencv.  Itseez. 2015. Open Source Computer Vision Library. https:\/\/github.com\/itseez\/opencv."},{"key":"e_1_3_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660275"},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243867"},{"key":"e_1_3_2_2_85_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134021"},{"key":"e_1_3_2_2_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133987"},{"key":"e_1_3_2_2_87_1","volume-title":"Proceedings of the Mobile Security Technologies Workshop (MoST).","author":"Mutchler Patrick","year":"2015","unstructured":"Patrick Mutchler , Adam Doup\u00e9 , John Mitchell , Chris Kruegel , and Giovanni Vigna . 2015 . A large-scale study of mobile web app security . In Proceedings of the Mobile Security Technologies Workshop (MoST). Patrick Mutchler, Adam Doup\u00e9, John Mitchell, Chris Kruegel, and Giovanni Vigna. 2015. A large-scale study of mobile web app security. In Proceedings of the Mobile Security Technologies Workshop (MoST)."},{"key":"e_1_3_2_2_88_1","unstructured":"Yuhong Nan Zhemin Yang Xiaofeng Wang Yuan Zhang Donglai Zhu and Min Yang. 2018. Finding Clues for Your Secrets: Semantics-Driven Learning-Based Privacy Discovery in Mobile Apps. In NDSS.  Yuhong Nan Zhemin Yang Xiaofeng Wang Yuan Zhang Donglai Zhu and Min Yang. 2018. Finding Clues for Your Secrets: Semantics-Driven Learning-Based Privacy Discovery in Mobile Apps. In NDSS."},{"key":"e_1_3_2_2_89_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.25"},{"key":"e_1_3_2_2_90_1","unstructured":"Olivia Plotnick. 2018. How Brands Are Using We Chat Mini Programs. https:\/\/mavsocial.com\/wechat-mini-programs-for-brands\/.  Olivia Plotnick. 2018. How Brands Are Using We Chat Mini Programs. https:\/\/mavsocial.com\/wechat-mini-programs-for-brands\/."},{"key":"e_1_3_2_2_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243785"},{"key":"e_1_3_2_2_92_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23529"},{"key":"e_1_3_2_2_93_1","volume-title":"Towards Discovering and Understanding Task Hijacking in Android. In 24th USENIX Security Symposium (USENIX Security 15)","author":"Ren Chuangang","year":"2015","unstructured":"Chuangang Ren , Yulong Zhang , Hui Xue , Tao Wei , and Peng Liu . 2015 . Towards Discovering and Understanding Task Hijacking in Android. In 24th USENIX Security Symposium (USENIX Security 15) . USENIX Association, Washington,D.C., 945--959. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/ren-chuangang Chuangang Ren, Yulong Zhang, Hui Xue, Tao Wei, and Peng Liu. 2015. Towards Discovering and Understanding Task Hijacking in Android. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington,D.C., 945--959. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/ren-chuangang"},{"key":"e_1_3_2_2_94_1","volume-title":"Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. In 26th USENIX Security Symposium. USENIX Association","author":"Sanchez-Rola Iskander","year":"2017","unstructured":"Iskander Sanchez-Rola , Igor Santos , and Davide Balzarotti . 2017 . Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. In 26th USENIX Security Symposium. USENIX Association , Vancouver, BC, 679--694. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/sanchez-rola Iskander Sanchez-Rola, Igor Santos, and Davide Balzarotti. 2017. Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies. In 26th USENIX Security Symposium. USENIX Association, Vancouver, BC, 679--694. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/sanchez-rola"},{"key":"e_1_3_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307334.3326072"},{"key":"e_1_3_2_2_96_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_16"},{"key":"e_1_3_2_2_97_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2845851"},{"key":"e_1_3_2_2_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978322"},{"key":"e_1_3_2_2_99_1","unstructured":"W3C. 2017. Web App Javascript API Permissions Working Draft. https:\/\/www.w3.org\/TR\/permissions\/.  W3C. 2017. Web App Javascript API Permissions Working Draft. https:\/\/www.w3.org\/TR\/permissions\/."},{"key":"e_1_3_2_2_100_1","unstructured":"W3C. 2019. Web App navigation scope. https:\/\/www.w3.org\/TR\/appmanifest\/#navigation-scope.  W3C. 2019. Web App navigation scope. https:\/\/www.w3.org\/TR\/appmanifest\/#navigation-scope."},{"key":"e_1_3_2_2_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516727"},{"key":"e_1_3_2_2_102_1","unstructured":"WHATWG. 2020. WHATWG Javascript Fullscreen API Living Standard. https:\/\/fullscreen.spec.whatwg.org\/#security-and-privacy-considerations.  WHATWG. 2020. WHATWG Javascript Fullscreen API Living Standard. https:\/\/fullscreen.spec.whatwg.org\/#security-and-privacy-considerations."},{"key":"e_1_3_2_2_103_1","unstructured":"Wiki. 2019. Single-Sign-On. https:\/\/en.wikipedia.org\/wiki\/Single_sign-on.  Wiki. 2019. Single-Sign-On. https:\/\/en.wikipedia.org\/wiki\/Single_sign-on."},{"key":"e_1_3_2_2_104_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813609"},{"key":"e_1_3_2_2_105_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23236"},{"key":"e_1_3_2_2_106_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00043"},{"key":"e_1_3_2_2_107_1","doi-asserted-by":"publisher","DOI":"10.1145\/3322205.3311088"},{"key":"e_1_3_2_2_108_1","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203425"},{"key":"e_1_3_2_2_109_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516661"}],"event":{"name":"CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event USA","acronym":"CCS '20","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3417255","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372297.3417255","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3372297.3417255","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:30Z","timestamp":1750197690000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3372297.3417255"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,30]]},"references-count":109,"alternative-id":["10.1145\/3372297.3417255","10.1145\/3372297"],"URL":"https:\/\/doi.org\/10.1145\/3372297.3417255","relation":{},"subject":[],"published":{"date-parts":[[2020,10,30]]},"assertion":[{"value":"2020-11-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}