{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T15:44:10Z","timestamp":1769787850506,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","award":["RGPIN-2020-07017"],"award-info":[{"award-number":["RGPIN-2020-07017"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000196","name":"Canada Foundation for Innovation","doi-asserted-by":"publisher","award":["40236"],"award-info":[{"award-number":["40236"]}],"id":[{"id":"10.13039\/501100000196","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3485374","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"1598-1611","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Dissecting Residual APIs in Custom Android ROMs"],"prefix":"10.1145","author":[{"given":"Zeinab","family":"El-Rewini","sequence":"first","affiliation":[{"name":"University of Waterloo, Waterloo, Canada"}]},{"given":"Yousra","family":"Aafer","sequence":"additional","affiliation":[{"name":"University of Waterloo, Waterloo, Canada"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2020. The Heartbleed Bug. https:\/\/heartbleed.com."},{"key":"e_1_3_2_1_2_1","unstructured":"2021. apktool. https:\/\/ibotpeaches.github.io\/"},{"key":"e_1_3_2_1_3_1","unstructured":"2021. baksmali. https:\/\/github.com\/JesusFreke\/smali"},{"key":"e_1_3_2_1_4_1","unstructured":"2021. Dynamic Partitions. https:\/\/source.android.com\/devices\/tech\/ota\/dynamic_partition"},{"key":"e_1_3_2_1_5_1","unstructured":"2021. imjtool. http:\/\/newandroidbook.com\/tools\/imjtool.html"},{"key":"e_1_3_2_1_6_1","unstructured":"2021. lpunpack. https:\/\/github.com\/LonelyFool\/lpunpack_and_lpmake"},{"key":"e_1_3_2_1_7_1","unstructured":"2021. oat2Dex. https:\/\/github.com\/testwhat\/SmaliEx"},{"key":"e_1_3_2_1_8_1","unstructured":"2021. SALT. https:\/\/github.com\/steadfasterX\/SALT"},{"key":"e_1_3_2_1_9_1","unstructured":"2021. simg2img. https:\/\/github.com\/anestisb\/android-simg2img"},{"key":"e_1_3_2_1_10_1","unstructured":"2021. vdexExctractor. https:\/\/github.com\/anestisb\/vdexExtractor"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23121"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243842"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813648"},{"key":"e_1_3_2_1_14_1","unstructured":"Kathy Wain Yee Au Yi Fan Zhou Zhen Huang and David Lie. 12. PScout: Analyzing the Android Permission Specification. In CCS. 1070."},{"key":"e_1_3_2_1_15_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Azad Babak Amin","year":"2019","unstructured":"Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis. 2019. Less is More: Quantifying the Security Benefits of Debloating Web Applications. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1697--1714. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/azad"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 25th USENIX Security Symposium. USENIX Association, 48","author":"Backes Michael","year":"2016","unstructured":"Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber. 2016. On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. In Proceedings of the 25th USENIX Security Symposium. USENIX Association, 48."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338502.3359764"},{"key":"e_1_3_2_1_18_1","volume-title":"Towards Better Metrics for Measuring Security Improvements Realized Through Software Debloating. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19)","author":"Michael","unstructured":"Michael D. Brown and Santosh Pande. 2019. Is Less Really More? Towards Better Metrics for Measuring Security Improvements Realized Through Software Debloating. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19). USENIX Association, Santa Clara, CA. https:\/\/www.usenix.org\/conference\/cset19\/presentation\/brown"},{"key":"e_1_3_2_1_19_1","volume-title":"Antonio Ken Iannillo, and Roberto Natella","author":"Cotroneo Domenico","year":"2019","unstructured":"Domenico Cotroneo, Antonio Ken Iannillo, and Roberto Natella. 2019. Evolutionary Fuzzing of Android OS Vendor System Services. CoRR abs\/1906.00621 (2019). arXiv:1906.00621 http:\/\/arxiv.org\/abs\/1906.00621"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23106"},{"key":"e_1_3_2_1_21_1","volume-title":"FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Elsabagh Mohamed","year":"2020","unstructured":"Mohamed Elsabagh, Ryan Johnson, Angelos Stavrou, Chaoshun Zuo, Qingchuan Zhao, and Zhiqiang Lin. 2020. FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2379--2396. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/elsabagh"},{"key":"e_1_3_2_1_22_1","unstructured":"Adrienne Porter Felt Erika Chin Steve Hanna Dawn Song and David Wagner. 2011. Android Permissions Demystified. ACM 726."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766519"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292006.3300023"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3317549.3319725"},{"key":"e_1_3_2_1_26_1","volume-title":"11th USENIX Workshop on Offensive Technologies (WOOT 17)","author":"Hay Roee","year":"2017","unstructured":"Roee Hay. 2017. fastboot oem vuln: Android Bootloader Vulnerabilities in Vendor Customizations. In 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC. https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/hay"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2017.16"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196398.3196419"},{"key":"e_1_3_2_1_29_1","unstructured":"Girish Mururu Chris Porter Prithayan Barua and Santosh Pande. 2019. Binary Debloating for Security via Demand Driven Loading. arXiv:1902.06570 [cs.CR]"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00074"},{"key":"e_1_3_2_1_31_1","volume-title":"JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Schwarz Michael","year":"2018","unstructured":"Michael Schwarz, Moritz Lipp, and Daniel Gruss. 2018. JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018. The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_07A-3_Schwarz_paper.pdf"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23046"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Peter Snyder Cynthia Taylor and Chris Kanich. 2017. Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security. arXiv:1708.08510 [cs.CR]","DOI":"10.1145\/3133956.3133966"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516728"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380357"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978320"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243843"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.33"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485374","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3485374","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:54:09Z","timestamp":1763499249000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3485374"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":38,"alternative-id":["10.1145\/3460120.3485374","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3485374","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}