{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:14:23Z","timestamp":1763968463611,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T00:00:00Z","timestamp":1638748800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,12,6]]},"DOI":"10.1145\/3485832.3485884","type":"proceedings-article","created":{"date-parts":[[2021,12,6]],"date-time":"2021-12-06T13:42:32Z","timestamp":1638798152000},"page":"996-1010","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["The Emperor\u2019s New Autofill Framework:A Security Analysis of Autofill on iOS and Android"],"prefix":"10.1145","author":[{"given":"Sean","family":"Oesch","sequence":"first","affiliation":[{"name":"The University of Tennessee, USA"}]},{"given":"Anuj","family":"Gautam","sequence":"additional","affiliation":[{"name":"The University of Tennessee, USA"}]},{"given":"Scott","family":"Ruoti","sequence":"additional","affiliation":[{"name":"The University of Tennessee, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,12,6]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243778"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.62"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.44"},{"key":"e_1_3_2_1_5_1","unstructured":"Anupam Das Joseph Bonneau Matthew Caesar Nikita Borisov and XiaoFeng Wang. 2014. The Tangled Web of Password Reuse.. In NDSS Vol.\u00a014. 23\u201326."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2010.5461951"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_3_2_1_8_1","unstructured":"Adrienne\u00a0Porter Felt and David Wagner. 2011. Phishing on mobile devices. na."},{"key":"e_1_3_2_1_9_1","volume-title":"International Conference on Financial Cryptography and Data Security. Springer, 41\u201359","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes, Qi\u00a0Alfred Chen, Justin Paupore, Georg Essl, J\u00a0Alex Halderman, Z\u00a0Morley Mao, and Atul Prakash. 2016. Android ui deception revisited: Attacks and defenses. In International Conference on Financial Cryptography and Data Security. Springer, 41\u201359."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.39"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.12.006"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660295"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.13089\/JKIISC.2016.26.1.177"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA614474"},{"key":"e_1_3_2_1_16_1","volume-title":"International Symposium on Foundations and Practice of Security. Springer, 227\u2013243","author":"Luo Tongbo","year":"2012","unstructured":"Tongbo Luo, Xing Jin, Ajai Ananthanarayanan, and Wenliang Du. 2012. Touchjacking attacks on web in android, ios, and windows phone. In International Symposium on Foundations and Practice of Security. Springer, 227\u2013243."},{"key":"e_1_3_2_1_17_1","volume-title":"Studying the Impact of Managers on Password Strength and Reuse. In 27th USENIX Security Symposium. 203\u2013220","author":"Lyastani Sanam\u00a0Ghorbani","year":"2018","unstructured":"Sanam\u00a0Ghorbani Lyastani, Michael Schilling, Sascha Fahl, Michael Backes, and Sven Bugiel. 2018. Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse. In 27th USENIX Security Symposium. 203\u2013220."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2019-0031"},{"key":"e_1_3_2_1_19_1","unstructured":"Cybercrime\u00a0Support Network. 2020. Is Hotel Wifi Safe? No and Here\u2019s Why. https:\/\/cybercrimesupport.org\/is-hotel-wifi-safe\/. Accessed: 2020-10-08."},{"key":"e_1_3_2_1_20_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Oesch Sean","year":"2020","unstructured":"Sean Oesch and Scott Ruoti. 2020. That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/oesch"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133973"},{"key":"e_1_3_2_1_22_1","first-page":"2833","article-title":"Password security: What users know and what they actually do","volume":"8","author":"Riley Shannon","year":"2006","unstructured":"Shannon Riley. 2006. Password security: What users know and what they actually do. Usability News 8, 1 (2006), 2833\u20132836.","journal-title":"Usability News"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2015.63021"},{"key":"e_1_3_2_1_24_1","volume-title":"USENIX Security Symposium. 449\u2013464","author":"Silver David","year":"2014","unstructured":"David Silver, Suman Jana, Dan Boneh, Eric\u00a0Yawei Chen, and Collin Jackson. 2014. Password Managers: Attacks and Defenses.. In USENIX Security Symposium. 449\u2013464."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590336"},{"key":"e_1_3_2_1_26_1","volume-title":"Web Applications vulnerabilities and threats: statistics for","author":"Technologies Positive","year":"2019","unstructured":"Positive Technologies. 2020. Web Applications vulnerabilities and threats: statistics for 2019. https:\/\/www.ptsecurity.com\/ww-en\/analytics\/web-vulnerabilities-2020\/. Accessed: 2020-10-08."},{"key":"e_1_3_2_1_27_1","volume-title":"See No Evil: Phishing for Permissions with False Transparency. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Tuncay G\u00fcliz\u00a0Seray","year":"2020","unstructured":"G\u00fcliz\u00a0Seray Tuncay, Jingyu Qian, and Carl\u00a0A. Gunter. 2020. See No Evil: Phishing for Permissions with False Transparency. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 415\u2013432. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/tuncay"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Ke\u00a0Coby Wang and Michael\u00a0K Reiter. 2018. How to end password reuse on the web. arXiv preprint arXiv:1805.00566(2018).","DOI":"10.14722\/ndss.2019.23360"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2014.6911743"},{"key":"e_1_3_2_1_30_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Yang GuangLiang","year":"2019","unstructured":"GuangLiang Yang, Jeff Huang, and Guofei Gu. 2019. Iframes\/popups are dangerous in mobile webview: studying and mitigating differential context vulnerabilities. In 28th USENIX Security Symposium (USENIX Security 19). 977\u2013994."},{"key":"e_1_3_2_1_31_1","unstructured":"ZDNet. 2020. FBI warns about ongoing attacks against software supply chain companies. https:\/\/www.zdnet.com\/article\/fbi-warns-about-ongoing-attacks-against-software-supply-chain-companies\/. Accessed: 2020-10-08."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242659"}],"event":{"name":"ACSAC '21: Annual Computer Security Applications Conference","acronym":"ACSAC '21","location":"Virtual Event USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3485884","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485832.3485884","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:13:43Z","timestamp":1755890023000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485832.3485884"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12,6]]},"references-count":32,"alternative-id":["10.1145\/3485832.3485884","10.1145\/3485832"],"URL":"https:\/\/doi.org\/10.1145\/3485832.3485884","relation":{},"subject":[],"published":{"date-parts":[[2021,12,6]]},"assertion":[{"value":"2021-12-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}