{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T13:06:46Z","timestamp":1775912806423,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":71,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T00:00:00Z","timestamp":1593216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Research Foundation, Prime Ministers Office, Singapore under its National Cybersecurity R&D Program","award":["NRF2018NCR-NCR005-0001"],"award-info":[{"award-number":["NRF2018NCR-NCR005-0001"]}]},{"name":"National Satellite of Excellence in Trustworthy Software System","award":["NRF2018NCR-NSOE003-0001"],"award-info":[{"award-number":["NRF2018NCR-NSOE003-0001"]}]},{"name":"Singapore National Research Foundation under NCR","award":["NRF2018NCR-NSOE004-0001"],"award-info":[{"award-number":["NRF2018NCR-NSOE004-0001"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,6,27]]},"DOI":"10.1145\/3377811.3380417","type":"proceedings-article","created":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T18:25:34Z","timestamp":1601576734000},"page":"1310-1322","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":51,"title":["An empirical assessment of security risks of global Android banking apps"],"prefix":"10.1145","author":[{"given":"Sen","family":"Chen","sequence":"first","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lingling","family":"Fan","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guozhu","family":"Meng","sequence":"additional","affiliation":[{"name":"University of Chinese Academy of Sciences, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ting","family":"Su","sequence":"additional","affiliation":[{"name":"ETH Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Minhui","family":"Xue","sequence":"additional","affiliation":[{"name":"The University of Adelaide, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yinxing","family":"Xue","sequence":"additional","affiliation":[{"name":"University of Science and Technology of China, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore and Zhejiang Sci-Tech University, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lihua","family":"Xu","sequence":"additional","affiliation":[{"name":"New York University Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2007. Kenya sets world first with money transfers by mobile. https:\/\/www.theguardian.com\/money\/2007\/mar\/20\/kenya.mobilephones. (2007)."},{"key":"e_1_3_2_1_2_1","unstructured":"2015. AndroBugs. https:\/\/github.com\/AndroBugs\/. (2015)."},{"key":"e_1_3_2_1_3_1","unstructured":"2015. Over $7 000 lost in malware attack at fake banking portal. http:\/\/www.straitstimes.com\/singapore\/over-7000-lost-in-malware-attack-at-fake-banking-portal\/. (2015)."},{"key":"e_1_3_2_1_4_1","unstructured":"2017. Android vulnerability allows attackers to modify apps without affecting their signatures. https:\/\/www.helpnetsecurity.com\/2017\/12\/11\/android-modify-apps-without-afecting-signatures\/. (2017)."},{"key":"e_1_3_2_1_5_1","unstructured":"2017. Apktool: A tool for reverse engineering Android apk files. https:\/\/ibotpeaches.github.io\/Apktool\/. (2017)."},{"key":"e_1_3_2_1_6_1","unstructured":"2017. Burp Suite. https:\/\/portswigger.net\/burp. (2017)."},{"key":"e_1_3_2_1_7_1","unstructured":"2017. Data Dispatch: The world's 100 largest banks. http:\/\/www.snl.com\/web\/client?auth=inherit#news\/article?id=40223698&cdid=A-40223698-11568. (2017)."},{"key":"e_1_3_2_1_8_1","unstructured":"2017. Fiddler: Free Web Debugging Proxy - Telerik. http:\/\/www.telerik.com\/fiddler. (2017)."},{"key":"e_1_3_2_1_9_1","unstructured":"2017. Flaw discovered in banking apps leaving millions vulnerable to hack. http:\/\/www.telegraph.co.uk\/science\/2017\/12\/06\/flaw-discovered-banking-apps-leaving-millions-vulnerable-hack\/. (2017)."},{"key":"e_1_3_2_1_10_1","volume-title":"Google Best Practices for Security & Privacy. https:\/\/developer.android.com\/training\/best-security.html. (2","year":"2017","unstructured":"2017. Google Best Practices for Security & Privacy. https:\/\/developer.android.com\/training\/best-security.html. (2 2017)."},{"key":"e_1_3_2_1_11_1","unstructured":"2017. Hackers' Delight: Mobile bank app security flaw could have smacked millions. https:\/\/www.theregister.co.uk\/2017\/12\/11\/mobile_banking_security_research\/. (2017)."},{"key":"e_1_3_2_1_12_1","unstructured":"2017. Kenya tops Africa in use of mobile financial services. http:\/\/kenyanwallstreet.com\/kenya-tops-africa-use-mobile-financial-services-report. (2017)."},{"key":"e_1_3_2_1_13_1","unstructured":"2017. Mobile-Security-Framework-MobSF. https:\/\/github.com\/MobSF\/Mobile-Security-Framework-MobSF. (2017)."},{"key":"e_1_3_2_1_14_1","volume-title":"OWASP: OWASP Mobile Security Project. https:\/\/www.owasp.org\/index.php\/Mobile_Top_10_2016-Top_10. (2","year":"2017","unstructured":"2017. OWASP: OWASP Mobile Security Project. https:\/\/www.owasp.org\/index.php\/Mobile_Top_10_2016-Top_10. (2 2017)."},{"key":"e_1_3_2_1_15_1","unstructured":"2017. PCI: Security Standards Council. https:\/\/www.pcisecuritystandards.org\/. (2017)."},{"key":"e_1_3_2_1_16_1","unstructured":"2017. QARK: Tool to look for several security related Android application vulnerabilities. https:\/\/github.com\/linkedin\/qark. (2017)."},{"key":"e_1_3_2_1_17_1","unstructured":"2017. Qihoo360 (Appscan). http:\/\/appscan.360.cn\/. (2017)."},{"key":"e_1_3_2_1_18_1","unstructured":"2017. The EU General Data Protection Regulation. https:\/\/www.eugdpr.org\/. (2017)."},{"key":"e_1_3_2_1_19_1","unstructured":"2018. Apache OpenNLP 1.8.3. https:\/\/opennlp.apache.org\/news\/release-183.html\/. (2018)."},{"key":"e_1_3_2_1_20_1","unstructured":"2018. AUSERA. https:\/\/sites.google.com\/view\/ausera\/. (2018)."},{"key":"e_1_3_2_1_21_1","unstructured":"2018. CVE: Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/. (2018)."},{"key":"e_1_3_2_1_22_1","unstructured":"2018. CWE: Common Weakness Enumeration. https:\/\/cwe.mitre.org\/. (2018)."},{"key":"e_1_3_2_1_23_1","unstructured":"2018. The Common Vulnerability Scoring System. https:\/\/www.first.org\/cvss\/. (2018)."},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/www.apkmonk.com","year":"2019","unstructured":"2019. Apkmonk. (2019). https:\/\/www.apkmonk.com"},{"key":"e_1_3_2_1_25_1","unstructured":"2019. Scoring security vulnerabilities 101: Introducing CVSS for CVEs. (2019). https:\/\/snyk.io\/blog\/scoring-security-vulnerabilities-101-introducing-cvss-for-cve\/"},{"key":"e_1_3_2_1_26_1","unstructured":"2019. Towards Improving CVSS. (2019). https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetID=538368"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176340"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098243.3098247"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3001913.3001919"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1080\/00450618.2016.1182589"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00070"},{"key":"e_1_3_2_1_33_1","volume-title":"GUI-Squatting Attack: Automated Generation of Android Phishing Apps","author":"Chen Sen","year":"2019","unstructured":"Sen Chen, Lingling Fan, Chunyang Chen, Minhui Xue, Yang Liu, and Lihua Xu. 2019. GUI-Squatting Attack: Automated Generation of Android Phishing Apps. IEEE Transactions on Dependable and Secure Computing (2019)."},{"key":"e_1_3_2_1_34_1","volume-title":"Ausera: Large-scale automated security risk assessment of global mobile banking apps. arXiv preprint arXiv:1805.05236","author":"Chen Sen","year":"2018","unstructured":"Sen Chen, Guozhu Meng, Ting Su, Lingling Fan, Minhui Xue, Yinxing Xue, Yang Liu, and Lihua Xu. 2018. Ausera: Large-scale automated security risk assessment of global mobile banking apps. arXiv preprint arXiv:1805.05236 (2018)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3275523"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.007"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/AI4Mobile.2019.8672691"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897860"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2973750.2985246"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_33"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_43_1","volume-title":"TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems","author":"Enck William","year":"2014","unstructured":"William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (2014)."},{"key":"e_1_3_2_1_44_1","first-page":"0031","article-title":"Directive 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data","author":"European Parliament and Council of the European Union.","year":"1995","unstructured":"European Parliament and Council of the European Union. 1995. Directive 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281 (1995), 0031--0050.","journal-title":"Official Journal"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516655"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238170"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180222"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2989055"},{"key":"e_1_3_2_1_50_1","volume-title":"MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform. In 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 61--70","author":"Feng Ruitao","year":"2019","unstructured":"Ruitao Feng, Sen Chen, Xiaofei Xie, Lei Ma, Guozhu Meng, Yang Liu, and Shang-Wei Lin. 2019. MobiDroid: A Performance-Sensitive Malware Detection System on Mobile Platform. In 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 61--70."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_52_1","volume-title":"SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In USENIX Security Symposium. 977--992","author":"Huang Jianjun","year":"2015","unstructured":"Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. 2015. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In USENIX Security Symposium. 977--992."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818791"},{"key":"e_1_3_2_1_55_1","volume-title":"Screenmilker: How to Milk Your Android Screen for Secrets.. In NDSS.","author":"Lin Chia-Chi","year":"2014","unstructured":"Chia-Chi Lin, Hongyang Li, Xiao-yong Zhou, and XiaoFeng Wang. 2014. Screenmilker: How to Milk Your Android Screen for Secrets.. In NDSS."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568229"},{"key":"e_1_3_2_1_57_1","volume-title":"Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2989238.2989239"},{"key":"e_1_3_2_1_60_1","volume-title":"A Security Analysis of The Top 500 Global E-commerce Mobile Apps in USA","author":"Panda Prateek","unstructured":"Prateek Panda. 2016. A Security Analysis of The Top 500 Global E-commerce Mobile Apps in USA, UK, Australia, Singapore and India. Technical Report. Appknox."},{"key":"e_1_3_2_1_61_1","volume-title":"Mobile Money in the Australasian Region-A Technical Security Perspective. In International Conference on Applications and Techniques in Information Security. Springer, 154--162","author":"Parasa Swathi","year":"2016","unstructured":"Swathi Parasa and Lynn Margaret Batten. 2016. Mobile Money in the Australasian Region-A Technical Security Perspective. In International Conference on Applications and Techniques in Information Security. Springer, 154--162."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"Siegfried Rasthofer Steven Arzt and Eric Bodden. 2014. A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks.. In NDSS.","DOI":"10.14722\/ndss.2014.23039"},{"key":"e_1_3_2_1_63_1","first-page":"11","article-title":"Mo (bile) money, Mo (bile) Problems: Analysis of branchless banking applications","volume":"20","author":"Reaves Bradley","year":"2017","unstructured":"Bradley Reaves, Jasmine Bowers, Nolen Scaife, Adam Bates, Arnav Bhartiya, Patrick Traynor, and Kevin RB Butler. 2017. Mo (bile) money, Mo (bile) Problems: Analysis of branchless banking applications. ACM Transactions on Privacy and Security (TOPS) 20, 3 (2017), 11.","journal-title":"ACM Transactions on Privacy and Security (TOPS)"},{"key":"e_1_3_2_1_64_1","unstructured":"Bradley Reaves Nolen Scaife Adam M Bates Patrick Traynor and Kevin RB Butler. 2015. Mo (bile) Money Mo (bile) Problems: Analysis of Branchless Banking Applications in the Developing World. In USENIX Security. 17--32."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23205"},{"key":"e_1_3_2_1_66_1","volume-title":"USA","author":"Stevens Marc","year":"2017","unstructured":"Marc Stevens, Elie Bursztein, Pierre Karpman, Ange Albertini, and Yarik Markov. 2017. The First Collision for Full SHA-1. In Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 20-24, 2017, Proceedings. 570--596."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106298"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP.2019.00028"},{"key":"e_1_3_2_1_69_1","series-title":"Lecture Notes in Computer Science (LNCS)","volume-title":"Financial Cryptography and Data Security","author":"Taylor VF","unstructured":"VF Taylor and I Martinovic. 2017. A Longitudinal Study of Financial Apps in the Google Play Store. In Financial Cryptography and Data Security, Lecture Notes in Computer Science (LNCS). Springer Berlin Heidelberg."},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.5555\/781995.782008"},{"key":"e_1_3_2_1_72_1","volume-title":"Yiqun Lisa Yin, and Hongbo Yu","author":"Wang Xiaoyun","year":"2005","unstructured":"Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu. 2005. Finding collisions in the full SHA-1. In Crypto, Vol. 3621. Springer, 17--36."},{"key":"e_1_3_2_1_73_1","first-page":"19","article-title":"How to break MD5 and other hash functions","volume":"3494","author":"Wang Xiaoyun","year":"2005","unstructured":"Xiaoyun Wang and Hongbo Yu. 2005. How to break MD5 and other hash functions. In Eurocrypt, Vol. 3494. Springer, 19--35.","journal-title":"Eurocrypt"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970312"}],"event":{"name":"ICSE '20: 42nd International Conference on Software Engineering","location":"Seoul South Korea","acronym":"ICSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","KIISE Korean Institute of Information Scientists and Engineers","IEEE CS"]},"container-title":["Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377811.3380417","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3377811.3380417","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:41:40Z","timestamp":1750200100000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377811.3380417"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,27]]},"references-count":71,"alternative-id":["10.1145\/3377811.3380417","10.1145\/3377811"],"URL":"https:\/\/doi.org\/10.1145\/3377811.3380417","relation":{},"subject":[],"published":{"date-parts":[[2020,6,27]]},"assertion":[{"value":"2020-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}