{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T10:22:51Z","timestamp":1771064571367,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427658","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"263-276","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Up2Dep: Android Tool Support to Fix Insecure Code Dependencies"],"prefix":"10.1145","author":[{"given":"Duc Cuong","family":"Nguyen","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Germany"}]},{"given":"Erik","family":"Derr","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Germany"}]},{"given":"Michael","family":"Backes","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Germany"}]},{"given":"Sven","family":"Bugiel","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Germany"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Accessed 2016. 2016 State of the Software Supply Chain. https:\/\/www.sonatype.com\/software-supply-chain.  Accessed 2016. 2016 State of the Software Supply Chain. https:\/\/www.sonatype.com\/software-supply-chain."},{"key":"e_1_3_2_1_2_1","unstructured":"Accessed 2018. Gradle Build Tool. https:\/\/gradle.org\/.  Accessed 2018. Gradle Build Tool. https:\/\/gradle.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Accessed 2018. Lint Tool. http:\/\/tools.android.com\/tips\/lint.  Accessed 2018. Lint Tool. http:\/\/tools.android.com\/tips\/lint."},{"key":"e_1_3_2_1_4_1","unstructured":"Accessed 2018. Top most popular libraries on Maven. https:\/\/mvnrepository.com\/popular.  Accessed 2018. Top most popular libraries on Maven. https:\/\/mvnrepository.com\/popular."},{"key":"e_1_3_2_1_5_1","unstructured":"Accessed 2019. Cognicrypt Crypto API rules. https:\/\/github.com\/CROSSINGTUD\/Crypto-API-Rules.  Accessed 2019. Cognicrypt Crypto API rules. https:\/\/github.com\/CROSSINGTUD\/Crypto-API-Rules."},{"key":"e_1_3_2_1_6_1","unstructured":"Accessed 2019. F-Droid App Repository. https:\/\/f-droid.org\/en\/.  Accessed 2019. F-Droid App Repository. https:\/\/f-droid.org\/en\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Accessed 2019. LibScout. https:\/\/github.com\/reddr\/LibScout.  Accessed 2019. LibScout. https:\/\/github.com\/reddr\/LibScout."},{"key":"e_1_3_2_1_8_1","unstructured":"Accessed 2019. Snyk: A developer-first solution that automates finding & fixing vulnerabilities in your dependencies. https:\/\/snyk.io.  Accessed 2019. Snyk: A developer-first solution that automates finding & fixing vulnerabilities in your dependencies. https:\/\/snyk.io."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX security symposium","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne\u00a0Porter Felt . 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness .. In USENIX security symposium 2013 , Vol .\u00a013. Devdatta Akhawe and Adrienne\u00a0Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.. In USENIX security symposium 2013, Vol.\u00a013."},{"key":"e_1_3_2_1_11_1","unstructured":"Android Developer Documentation. Accessed 2019. App security improvement program. https:\/\/developer.android.com\/google\/play\/asi.  Android Developer Documentation. Accessed 2019. App security improvement program. https:\/\/developer.android.com\/google\/play\/asi."},{"key":"e_1_3_2_1_12_1","unstructured":"Android Developer Documentation. Accessed 2019. Shrink obfuscate and optimize your app. https:\/\/developer.android.com\/studio\/build\/shrink-code.  Android Developer Documentation. Accessed 2019. Shrink obfuscate and optimize your app. https:\/\/developer.android.com\/studio\/build\/shrink-code."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.5555\/2835587.2835589"},{"key":"e_1_3_2_1_16_1","unstructured":"Theodore Book Adam Pridgen and Dan\u00a0S. Wallach. 2013. Longitudinal Analysis of Android Ad Library Permissions. CoRR abs\/1303.0857(2013).  Theodore Book Adam Pridgen and Dan\u00a0S. Wallach. 2013. Longitudinal Analysis of Android Ad Library Permissions. CoRR abs\/1303.0857(2013)."},{"key":"e_1_3_2_1_17_1","volume-title":"SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194","author":"John Brooke","year":"1996","unstructured":"John Brooke 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 ( 1996 ), 4\u20137. John Brooke 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4\u20137."},{"key":"#cr-split#-e_1_3_2_1_18_1.1","doi-asserted-by":"crossref","unstructured":"Alexia Chatzikonstantinou Mezza Group Christoforos Ntantogian Christos Xenakis and Georgios Karopoulos. 2015. Evaluation of Cryptography Usage in Android Applications. https:\/\/doi.org\/10.4108\/eai.3-12-2015.2262471 10.4108\/eai.3-12-2015.2262471","DOI":"10.4108\/eai.3-12-2015.2262471"},{"key":"#cr-split#-e_1_3_2_1_18_1.2","doi-asserted-by":"crossref","unstructured":"Alexia Chatzikonstantinou Mezza Group Christoforos Ntantogian Christos Xenakis and Georgios Karopoulos. 2015. Evaluation of Cryptography Usage in Android Applications. https:\/\/doi.org\/10.4108\/eai.3-12-2015.2262471","DOI":"10.4108\/eai.3-12-2015.2262471"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028088"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702442"},{"key":"e_1_3_2_1_24_1","unstructured":"GitHub Help. Accessed 2019. Viewing and updating vulnerable dependencies in your repository. https:\/\/help.github.com\/articles\/viewing-and-updating-vulnerable-dependencies-in-your-repository\/.  GitHub Help. Accessed 2019. Viewing and updating vulnerable dependencies in your repository. https:\/\/help.github.com\/articles\/viewing-and-updating-vulnerable-dependencies-in-your-repository\/."},{"key":"e_1_3_2_1_25_1","unstructured":"Google Help. Accessed 2019. How to fix apps containing Libpng Vulnerability. https:\/\/support.google.com\/faqs\/answer\/7011127?hl=en.  Google Help. Accessed 2019. How to fix apps containing Libpng Vulnerability. https:\/\/support.google.com\/faqs\/answer\/7011127?hl=en."},{"key":"e_1_3_2_1_26_1","volume-title":"Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS}","author":"Gorski Peter\u00a0Leo","year":"2018","unstructured":"Peter\u00a0Leo Gorski , Luigi\u00a0Lo Iacono , Dominik Wermke , Christian Stransky , Sebastian M\u00f6ller , Yasemin Acar , and Sascha Fahl . 2018 . Developers Deserve Security Warnings , Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018). 265\u2013281. Peter\u00a0Leo Gorski, Luigi\u00a0Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian M\u00f6ller, Yasemin Acar, and Sascha Fahl. 2018. Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse. In Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018). 265\u2013281."},{"key":"e_1_3_2_1_27_1","unstructured":"Gradle. Accessed 2019. Gradle Transitive Dependency. https:\/\/docs.gradle.org\/5.6.2\/userguide\/managing_transitive_dependencies.html.  Gradle. Accessed 2019. Gradle Transitive Dependency. https:\/\/docs.gradle.org\/5.6.2\/userguide\/managing_transitive_dependencies.html."},{"key":"e_1_3_2_1_28_1","volume-title":"Up-To-Crash: Evaluating Third-Party Library Updatability on Android. In 4th IEEE European Symposium on Security and Privacy. https:\/\/publications.cispa.saarland\/2885\/","author":"Huang Jie","year":"2019","unstructured":"Jie Huang , Nataniel Pereira\u00a0Borges Jr ., Sven Bugiel , and Michael Backes . 2019 . Up-To-Crash: Evaluating Third-Party Library Updatability on Android. In 4th IEEE European Symposium on Security and Privacy. https:\/\/publications.cispa.saarland\/2885\/ Jie Huang, Nataniel Pereira\u00a0Borges Jr., Sven Bugiel, and Michael Backes. 2019. Up-To-Crash: Evaluating Third-Party Library Updatability on Android. In 4th IEEE European Symposium on Security and Privacy. https:\/\/publications.cispa.saarland\/2885\/"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115707"},{"key":"e_1_3_2_1_30_1","volume-title":"32nd European Conference on Object-Oriented Programming (ECOOP","author":"Kr\u00fcger Stefan","year":"2018","unstructured":"Stefan Kr\u00fcger , Johannes Sp\u00e4th , Karim Ali , Eric Bodden , and Mira Mezini . 2018 . CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs . In 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik. Stefan Kr\u00fcger, Johannes Sp\u00e4th, Karim Ali, Eric Bodden, and Mira Mezini. 2018. CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs. In 32nd European Conference on Object-Oriented Programming (ECOOP 2018). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik."},{"key":"e_1_3_2_1_31_1","volume-title":"Cetus Users and Compiler Infastructure Workshop (CETUS","author":"Lam Patrick","year":"2011","unstructured":"Patrick Lam , Eric Bodden , Ondrej Lhot\u00e1k , and Laurie Hendren . 2011 . The Soot framework for Java program analysis: a retrospective . In Cetus Users and Compiler Infastructure Workshop (CETUS 2011), Vol.\u00a015. 35. Patrick Lam, Eric Bodden, Ondrej Lhot\u00e1k, and Laurie Hendren. 2011. The Soot framework for Java program analysis: a retrospective. In Cetus Users and Compiler Infastructure Workshop (CETUS 2011), Vol.\u00a015. 35."},{"key":"e_1_3_2_1_32_1","volume-title":"Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Lauinger Tobias","year":"2017","unstructured":"Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , and Engin Kirda . 2017 . Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017 , San Diego, California, USA, February 26 - March 1, 2017. Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017."},{"key":"e_1_3_2_1_33_1","volume-title":"CHI \u201908 extended abstracts on Human factors in computing systems (Florence, Italy)","author":"Li Cheng-Lun","unstructured":"Cheng-Lun Li , Ayse\u00a0 G. Buyuktur , David\u00a0 K. Hutchful , Natasha\u00a0 B. Sant , and Satyendra\u00a0 K. Nainwal . 2008. Portalis: using competitive online interactions to support aid initiatives for the homeless . In CHI \u201908 extended abstracts on Human factors in computing systems (Florence, Italy) . ACM , New York, NY, USA , 3873\u20133878. https:\/\/doi.org\/10.1145\/1358628.1358946 10.1145\/1358628.1358946 Cheng-Lun Li, Ayse\u00a0G. Buyuktur, David\u00a0K. Hutchful, Natasha\u00a0B. Sant, and Satyendra\u00a0K. Nainwal. 2008. Portalis: using competitive online interactions to support aid initiatives for the homeless. In CHI \u201908 extended abstracts on Human factors in computing systems (Florence, Italy). ACM, New York, NY, USA, 3873\u20133878. https:\/\/doi.org\/10.1145\/1358628.1358946"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3287056"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_3_2_1_36_1","volume-title":"Lotfi ben Othmane, and Andre Kres","author":"Mohan Vaishnavi","year":"2018","unstructured":"Vaishnavi Mohan , Lotfi ben Othmane, and Andre Kres . 2018 . BP: security concerns and best practices for automation of software deployment processes: an industrial case study. In 2018 IEEE Cybersecurity Development (SecDev). IEEE , 21\u201328. Vaishnavi Mohan, Lotfi ben Othmane, and Andre Kres. 2018. BP: security concerns and best practices for automation of software deployment processes: an industrial case study. In 2018 IEEE Cybersecurity Development (SecDev). IEEE, 21\u201328."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2016.92"},{"key":"e_1_3_2_1_38_1","volume-title":"Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. In 2019 2019 IEEE Symposium on Security and Privacy (SP), Vol.\u00a000","author":"Nguyen C.","year":"2019","unstructured":"D.\u00a0 C. Nguyen , E. Derr , M. Backes , and S. Bugiel . 2019. Short Text , Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. In 2019 2019 IEEE Symposium on Security and Privacy (SP), Vol.\u00a000 . 155\u2013169. https:\/\/doi.org\/10.1109\/SP. 2019 .00012 10.1109\/SP.2019.00012 D.\u00a0C. Nguyen, E. Derr, M. Backes, and S. Bugiel. 2019. Short Text, Large Effect: Measuring the Impact of User Reviews on Android App Security & Privacy. In 2019 2019 IEEE Symposium on Security and Privacy (SP), Vol.\u00a000. 155\u2013169. https:\/\/doi.org\/10.1109\/SP.2019.00012"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133977"},{"key":"e_1_3_2_1_40_1","volume-title":"User-Side Updating of Third-Party Libraries for Android Applications. In 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW). IEEE, 452\u2013458","author":"Ogawa Hiroki","year":"2018","unstructured":"Hiroki Ogawa , Eiji Takimoto , Koichi Mouri , and Shoichi Saito . 2018 . User-Side Updating of Third-Party Libraries for Android Applications. In 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW). IEEE, 452\u2013458 . Hiroki Ogawa, Eiji Takimoto, Koichi Mouri, and Shoichi Saito. 2018. User-Side Updating of Third-Party Libraries for Android Applications. In 2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW). IEEE, 452\u2013458."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23328"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_43_1","volume-title":"Modelling Analysis and Auto-detection of Cryptographic Misuse in Android Applications. In 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. 75\u201380","author":"Shuai S.","year":"2014","unstructured":"S. Shuai , D. Guowei , G. Tao , Y. Tianchang , and S. Chenjie . 2014 . Modelling Analysis and Auto-detection of Cryptographic Misuse in Android Applications. In 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. 75\u201380 . https:\/\/doi.org\/10.1109\/DASC. 2014 .22 10.1109\/DASC.2014.22 S. Shuai, D. Guowei, G. Tao, Y. Tianchang, and S. Chenjie. 2014. Modelling Analysis and Auto-detection of Cryptographic Misuse in Android Applications. In 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing. 75\u201380. https:\/\/doi.org\/10.1109\/DASC.2014.22"},{"key":"e_1_3_2_1_44_1","volume-title":"Workshop on Mobile Security Technologies (MoST), Vol.\u00a010","author":"Stevens Ryan","year":"2012","unstructured":"Ryan Stevens , Clint Gibler , Jon Crussell , Jeremy Erickson , and Hao Chen . 2012 . Investigating user privacy in android ad libraries . In Workshop on Mobile Security Technologies (MoST), Vol.\u00a010 . Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, and Hao Chen. 2012. Investigating user privacy in android ad libraries. In Workshop on Mobile Security Technologies (MoST), Vol.\u00a010."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46423-9_2"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.23"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330563"}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","location":"Austin USA","acronym":"ACSAC '20"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427658","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427658","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:25Z","timestamp":1750197745000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427658"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":48,"alternative-id":["10.1145\/3427228.3427658","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427658","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}