{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:39:52Z","timestamp":1773513592393,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-20-1-2734"],"award-info":[{"award-number":["N00014-20-1-2734"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1700544"],"award-info":[{"award-number":["1700544"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3471845","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"312-323","source":"Crossref","is-referenced-by-count":9,"title":["The Service Worker Hiding in Your Browser: The Next Web Attack Target?"],"prefix":"10.1145","author":[{"given":"Phakpoom","family":"Chinprutthiwong","sequence":"first","affiliation":[{"name":"Texas A&amp;M University, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Raj","family":"Vardhan","sequence":"additional","affiliation":[{"name":"Texas A&amp;M University, US"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"GuangLiang","family":"Yang","sequence":"additional","affiliation":[{"name":"Fudan University, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yangyong","family":"Zhang","sequence":"additional","affiliation":[{"name":"Texas A&amp;M Univeristy, US"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[{"name":"Texas A&amp;M University, US"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. Android Intent. https:\/\/developer.android.com\/reference\/android\/content\/Intent.  [n.d.]. Android Intent. https:\/\/developer.android.com\/reference\/android\/content\/Intent."},{"key":"e_1_3_2_1_2_1","volume-title":"Marketing Report","year":"2018","unstructured":"[n.d.]. AWS Location-based Marketing Report 2018 . https:\/\/s3.amazonaws.com\/factual-content\/marketing\/downloads\/LocationBasedMarketingReport_Factual.pdf. [n.d.]. AWS Location-based Marketing Report 2018. https:\/\/s3.amazonaws.com\/factual-content\/marketing\/downloads\/LocationBasedMarketingReport_Factual.pdf."},{"key":"e_1_3_2_1_3_1","volume-title":"Marketing Report","year":"2019","unstructured":"[n.d.]. AWS Location-based Marketing Report 2019 . https:\/\/s3.amazonaws.com\/factual-content\/marketing\/downloads\/Factual-2019-Location-Based-Market-Report.pdf. [n.d.]. AWS Location-based Marketing Report 2019. https:\/\/s3.amazonaws.com\/factual-content\/marketing\/downloads\/Factual-2019-Location-Based-Market-Report.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"[n.d.]. Chromium Push Issue. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=803106.  [n.d.]. Chromium Push Issue. https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=803106."},{"key":"e_1_3_2_1_5_1","unstructured":"[n.d.]. Cookie Store API. https:\/\/wicg.github.io\/cookie-store\/.  [n.d.]. Cookie Store API. https:\/\/wicg.github.io\/cookie-store\/."},{"key":"e_1_3_2_1_6_1","unstructured":"[n.d.]. Geofencing on push notification. https:\/\/retailtouchpoints.com\/features\/executive-viewpoints\/geofencing-and-mobile-push-notifications-a-match-made-in-customer-engagement-heaven.  [n.d.]. Geofencing on push notification. https:\/\/retailtouchpoints.com\/features\/executive-viewpoints\/geofencing-and-mobile-push-notifications-a-match-made-in-customer-engagement-heaven."},{"key":"e_1_3_2_1_7_1","unstructured":"[n.d.]. Kaspersky Report on Stalkerware. https:\/\/www.kaspersky.com\/about\/press-releases\/2019_could-someone-be-spying-on-you-through-your-phone.  [n.d.]. Kaspersky Report on Stalkerware. https:\/\/www.kaspersky.com\/about\/press-releases\/2019_could-someone-be-spying-on-you-through-your-phone."},{"key":"e_1_3_2_1_8_1","unstructured":"[n.d.]. Location-triggered notification. https:\/\/documentation.onesignal.com\/docs\/location-triggered-event#section-web-setup.  [n.d.]. Location-triggered notification. https:\/\/documentation.onesignal.com\/docs\/location-triggered-event#section-web-setup."},{"key":"e_1_3_2_1_9_1","unstructured":"[n.d.]. OneSignal Report. https:\/\/onesignal.com\/blog\/increase-opt-in-rates-for-push-notifications\/.  [n.d.]. OneSignal Report. https:\/\/onesignal.com\/blog\/increase-opt-in-rates-for-push-notifications\/."},{"key":"e_1_3_2_1_10_1","unstructured":"[n.d.]. OpenBugBounty. https:\/\/openbugbounty.org\/.  [n.d.]. OpenBugBounty. https:\/\/openbugbounty.org\/."},{"key":"e_1_3_2_1_11_1","unstructured":"[n.d.]. Pushwoosh geo-based notification. https:\/\/www.pushwoosh.com\/blog\/geo-based-push-notifications\/.  [n.d.]. Pushwoosh geo-based notification. https:\/\/www.pushwoosh.com\/blog\/geo-based-push-notifications\/."},{"key":"e_1_3_2_1_12_1","unstructured":"[n.d.]. PWA Checklist. https:\/\/developers.google.com\/web\/progressive-web-apps\/checklist.  [n.d.]. PWA Checklist. https:\/\/developers.google.com\/web\/progressive-web-apps\/checklist."},{"key":"e_1_3_2_1_13_1","unstructured":"[n.d.]. Shadow Worker. https:\/\/shadow-workers.github.io\/.  [n.d.]. Shadow Worker. https:\/\/shadow-workers.github.io\/."},{"key":"e_1_3_2_1_14_1","unstructured":"[n.d.]. SimilarWeb. https:\/\/www.similarweb.com\/\/.  [n.d.]. SimilarWeb. https:\/\/www.similarweb.com\/\/."},{"key":"e_1_3_2_1_15_1","unstructured":"[n.d.]. Stalkerware. https:\/\/www.cyberscoop.com\/stalkerware-pandemic-coronavirus-domestic-violence\/.  [n.d.]. Stalkerware. https:\/\/www.cyberscoop.com\/stalkerware-pandemic-coronavirus-domestic-violence\/."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427290"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897901"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Soroush Karami Panagiotis Ilia and Jason Polakis. 2021. Awakening the Web\u2019s Sleeper Agents: Misusing Service Workers for Privacy Leakage. In NDSS.  Soroush Karami Panagiotis Ilia and Jason Polakis. 2021. Awakening the Web\u2019s Sleeper Agents: Misusing Service Workers for Privacy Leakage. In NDSS.","DOI":"10.14722\/ndss.2021.23104"},{"key":"e_1_3_2_1_19_1","volume-title":"Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017","author":"Lauinger Tobias","year":"2017","unstructured":"Tobias Lauinger , Abdelberi Chaabane , Sajjad Arshad , William Robertson , Christo Wilson , and Engin Kirda . 2017 . Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017 , San Diego, California, USA, February 26 - March 1, 2017. The Internet Society. Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2017. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web. In 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March 1, 2017. The Internet Society."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243867"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23309"},{"key":"e_1_3_2_1_23_1","unstructured":"Seyed\u00a0M Mirtaheri Mustafa\u00a0Emre Din\u00e7kt\u00fcrk Salman Hooshmand Gregor\u00a0V Bochmann Guy-Vincent Jourdan and Iosif\u00a0Viorel Onut. 2014. A brief history of web crawlers. arXiv preprint arXiv:1405.0749(2014).  Seyed\u00a0M Mirtaheri Mustafa\u00a0Emre Din\u00e7kt\u00fcrk Salman Hooshmand Gregor\u00a0V Bochmann Guy-Vincent Jourdan and Iosif\u00a0Viorel Onut. 2014. A brief history of web crawlers. arXiv preprint arXiv:1405.0749(2014)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_25_1","volume-title":"Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Papadopoulos Panagiotis","year":"2019","unstructured":"Panagiotis Papadopoulos , Panagiotis Ilia , Michalis Polychronakis , Evangelos\u00a0 P. Markatos , Sotiris Ioannidis , and Giorgos Vasiliadis . 2019 . Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019 , San Diego, California, USA , February 24-27, 2019. The Internet Society. Panagiotis Papadopoulos, Panagiotis Ilia, Michalis Polychronakis, Evangelos\u00a0P. Markatos, Sotiris Ioannidis, and Giorgos Vasiliadis. 2019. Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society."},{"key":"e_1_3_2_1_26_1","volume-title":"20th Annual Network and Distributed System Security Symposium, NDSS 2013","author":"Son Sooel","year":"2013","unstructured":"Sooel Son and Vitaly Shmatikov . 2013 . The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites . In 20th Annual Network and Distributed System Security Symposium, NDSS 2013 , San Diego, California, USA , February 24-27, 2013. The Internet Society. Sooel Son and Vitaly Shmatikov. 2013. The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites. In 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24-27, 2013. The Internet Society."},{"key":"e_1_3_2_1_27_1","volume-title":"Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Steffens Marius","year":"2019","unstructured":"Marius Steffens , Christian Rossow , Martin Johns , and Ben Stock . 2019 . Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019 , San Diego, California, USA , February 24-27, 2019. The Internet Society. Marius Steffens, Christian Rossow, Martin Johns, and Ben Stock. 2019. Don\u2019t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society."},{"key":"e_1_3_2_1_28_1","volume-title":"How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Stock Ben","year":"2017","unstructured":"Ben Stock , Martin Johns , Marius Steffens , and Michael Backes . 2017 . How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. In 26th USENIX Security Symposium, USENIX Security 2017 , Vancouver, BC, Canada , August 16-18, 2017., Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 971\u2013987. Ben Stock, Martin Johns, Marius Steffens, and Michael Backes. 2017. How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017., Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 971\u2013987."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Takuya Watanabe Eitaro Shioji Mitsuaki Akiyama and Tatsuya Mori. 2020. Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites. https:\/\/doi.org\/10.14722\/ndss.2020.24140  Takuya Watanabe Eitaro Shioji Mitsuaki Akiyama and Tatsuya Mori. 2020. Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites. https:\/\/doi.org\/10.14722\/ndss.2020.24140","DOI":"10.14722\/ndss.2020.24140"}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","location":"San Sebastian Spain","acronym":"RAID '21"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471845","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471845","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471845","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:48Z","timestamp":1750195488000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471845"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":29,"alternative-id":["10.1145\/3471621.3471845","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3471845","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}