{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T15:40:42Z","timestamp":1779291642530,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":61,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,21]],"date-time":"2022-05-21T00:00:00Z","timestamp":1653091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Shandong Provincial Natural Science Foundation","award":["ZR2020MF055, ZR2021LZH007, ZR2020LZH002, ZR2020QF045"],"award-info":[{"award-number":["ZR2020MF055, ZR2021LZH007, ZR2020LZH002, ZR2020QF045"]}]},{"name":"Joint Funds of the National Natural Science Foundation of China","award":["U1836113"],"award-info":[{"award-number":["U1836113"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002203, 92064008, 61902148"],"award-info":[{"award-number":["62002203, 92064008, 61902148"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Qilu Young Scholar Program of Shandong University"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,21]]},"DOI":"10.1145\/3510003.3510072","type":"proceedings-article","created":{"date-parts":[[2022,7,5]],"date-time":"2022-07-05T22:42:59Z","timestamp":1657060979000},"page":"1257-1268","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Large-scale security measurements on the android firmware ecosystem"],"prefix":"10.1145","author":[{"given":"Qinsheng","family":"Hou","sequence":"first","affiliation":[{"name":"Shandong University and Tsinghua University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wenrui","family":"Diao","sequence":"additional","affiliation":[{"name":"Shandong University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yanhao","family":"Wang","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiaofeng","family":"Liu","sequence":"additional","affiliation":[{"name":"Shandong University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Song","family":"Liu","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lingyun","family":"Ying","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shanqing","family":"Guo","sequence":"additional","affiliation":[{"name":"Shandong University and Quancheng Laboratory, Jinan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuanzhi","family":"Li","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Meining","family":"Nie","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,7,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"accessed: 2021-09-03. Android Compatibility Program. https:\/\/source.android.com\/compatibility\/overview."},{"key":"e_1_3_2_1_2_1","unstructured":"accessed: 2021-09-03. Android Dumps. https:\/\/dumps.tadiphone.dev\/dumps."},{"key":"e_1_3_2_1_3_1","unstructured":"accessed: 2021-09-03. Android Enterprise Security White Paper. https:\/\/static.googleusercontent.com\/media\/www.android.com\/zh-us\/\/static\/2016\/pdfs\/enterprise\/Android_Enterprise_Security_White_Paper_2019.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"accessed: 2021-09-03. Android Open Source Project. https:\/\/source.android.com\/."},{"key":"e_1_3_2_1_5_1","unstructured":"accessed: 2021-09-03. Android Security Bulletins. https:\/\/source.android.google.cn\/security\/bulletin?hl=en."},{"key":"e_1_3_2_1_6_1","unstructured":"accessed: 2021-09-03. brotli. https:\/\/github.com\/google\/brotli."},{"key":"e_1_3_2_1_7_1","unstructured":"accessed: 2021-09-03. Certified Partners. https:\/\/www.android.com\/certified\/partners\/."},{"key":"e_1_3_2_1_8_1","unstructured":"accessed: 2021-09-03. Compatibility Test Suite. https:\/\/source.android.com\/compatibility\/cts."},{"key":"e_1_3_2_1_9_1","unstructured":"accessed: 2021-09-03. CVE. https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_10_1","unstructured":"accessed: 2021-09-03. Factory Images for Nexus and Pixel Devices. https:\/\/developers.google.com\/android\/images."},{"key":"e_1_3_2_1_11_1","unstructured":"accessed: 2021-09-03. Full OTA Images for Nexus and Pixel Devices. https:\/\/developers.google.com\/android\/ota."},{"key":"e_1_3_2_1_12_1","unstructured":"accessed: 2021-09-03. How to address WebView SSL Error Handler alerts in your apps. https:\/\/support.google.com\/faqs\/answer\/7071387."},{"key":"e_1_3_2_1_13_1","unstructured":"accessed: 2021-09-03. How to fix apps containing an unsafe implementation of TrustManager. https:\/\/support.google.com\/faqs\/answer\/6346016."},{"key":"e_1_3_2_1_14_1","unstructured":"accessed: 2021-09-03. How to resolve Insecure HostnameVerifier. https:\/\/support.google.com\/faqs\/answer\/7188426."},{"key":"e_1_3_2_1_15_1","unstructured":"accessed: 2021-09-03. Images. https:\/\/source.android.com\/devices\/bootloader\/images."},{"key":"e_1_3_2_1_16_1","unstructured":"accessed: 2021-09-03. List of supported Android devices. https:\/\/storage.googleapis.com\/play_public\/supported_devices.html."},{"key":"e_1_3_2_1_17_1","unstructured":"accessed: 2021-09-03. Network security configuration. https:\/\/developer.android.com\/training\/articles\/security-config."},{"key":"e_1_3_2_1_18_1","unstructured":"accessed: 2021-09-03. NVD. https:\/\/nvd.nist.gov\/."},{"key":"e_1_3_2_1_19_1","unstructured":"accessed: 2021-09-03. OPPO A57. https:\/\/www.coloros.com\/rom\/firmware?id=126."},{"key":"e_1_3_2_1_20_1","unstructured":"accessed: 2021-09-03. OPPO R9s. https:\/\/www.coloros.com\/rom\/firmware?id=125."},{"key":"e_1_3_2_1_21_1","unstructured":"accessed: 2021-09-03. Play Protect Certified Android devices: safe and secure. https:\/\/www.android.com\/certified\/."},{"key":"e_1_3_2_1_22_1","unstructured":"accessed: 2021-09-03. Prepare for release. https:\/\/developer.android.com\/studio\/publish\/preparing#turn-off-logging-and-debugging."},{"key":"e_1_3_2_1_23_1","unstructured":"accessed: 2021-09-03. Standard partitions. https:\/\/source.android.com\/devices\/bootloader\/partitions."},{"key":"e_1_3_2_1_24_1","unstructured":"accessed: 2021-09-03. Supported devices. https:\/\/support.google.com\/googleplay\/answer\/1727131?hl=en."},{"key":"e_1_3_2_1_25_1","unstructured":"accessed: 2021-09-03. Treble. https:\/\/android-developers.googleblog.com\/2017\/05\/here-comes-treble-modular-base-for.html."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813648"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241094.3241183"},{"key":"e_1_3_2_1_28_1","unstructured":"androguard. accessed: 2021-09-03. Androguard. https:\/\/github.com\/androguard\/androguard."},{"key":"e_1_3_2_1_29_1","unstructured":"Android Police Team. accessed: 2021-09-03. Android security update tracker March 2021: Rankings for popular smartphones. https:\/\/www.androidpolice.com\/2021\/03\/03\/android-phone-security-update-tracker\/."},{"key":"e_1_3_2_1_30_1","unstructured":"Cl\u00e1udio Andr\u00e9. 2018. Gmail Android App Insecure Network Security Configuration. https:\/\/labs.integrity.pt\/articles\/Gmail-Android-app-insecure-Network-Security-Configuration\/index.html."},{"key":"e_1_3_2_1_31_1","unstructured":"anestisb. accessed: 2021-09-03. simg2img. https:\/\/github.com\/anestisb\/androidsimg2img."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDM.2017.56"},{"key":"e_1_3_2_1_33_1","unstructured":"Catalin Cimpanu. 2020. Android OEM patch rates have improved with Nokia and Google leading the charge. https:\/\/www.zdnet.com\/article\/android-oem-patch-rates-have-improved-with-nokia-and-google-leading-the-charge\/."},{"key":"e_1_3_2_1_34_1","unstructured":"CryptoGuardOSS. accessed: 2021-09-03. CryptoGuard. https:\/\/github.com\/CryptoGuardOSS\/cryptoguard."},{"key":"e_1_3_2_1_35_1","unstructured":"cyxx. accessed: 2021-09-03. extract_android_ota_payload. https:\/\/github.com\/cyxx\/extract_android_ota_payload."},{"key":"e_1_3_2_1_36_1","unstructured":"Android Dumps. accessed: 2021-09-03. Firmware_extractor. https:\/\/github.com\/AndroidDumps\/Firmware_extractor."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX-SEC), August 12--14","author":"Elsabagh Mohamed","year":"2020","unstructured":"Mohamed Elsabagh, Ryan Johnson, Angelos Stavrou, Chaoshun Zuo, Qingchuan Zhao, and Zhiqiang Lin. 2020. FIRMSCOPE: Automatic Uncovering of Privilege-Escalation Vulnerabilities in Pre-Installed Apps in Android Firmware. In Proceedings of the 29th USENIX Security Symposium (USENIX-SEC), August 12--14, 2020."},{"key":"e_1_3_2_1_39_1","volume-title":"Aron Laszka, and Jens Grossklags.","author":"Farhang Sadegh","year":"2019","unstructured":"Sadegh Farhang, Mehmet Bahadir Kirdan, Aron Laszka, and Jens Grossklags. 2019. Hey Google, What Exactly Do Your Security Patches Tell Us? A Large-Scale Empirical Study on Android Patched Vulnerabilities. CoRR abs\/1905.09352 (2019)."},{"key":"e_1_3_2_1_40_1","unstructured":"FSecureLABS. accessed: 2021-09-03. Drozer. https:\/\/github.com\/FSecureLABS\/drozer."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00013"},{"key":"e_1_3_2_1_42_1","unstructured":"Gionee. accessed: 2021-09-03. GIONEE. https:\/\/gionee.co.in\/."},{"key":"e_1_3_2_1_43_1","volume-title":"Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS)","author":"Grace Michael C.","year":"2012","unstructured":"Michael C. Grace, Yajin Zhou, Zhi Wang, and Xuxian Jiang. 2012. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 5--8, 2012."},{"key":"e_1_3_2_1_44_1","unstructured":"Willem Jan Hengeveld. accessed: 2021-09-03. extfstools. https:\/\/github.com\/nlitsme\/extfstools."},{"key":"e_1_3_2_1_45_1","unstructured":"Simon Hill. 2018. What is Android fragmentation and can Google ever fix it? https:\/\/www.digitaltrends.com\/mobile\/what-is-android-fragmentation-and-can-google-ever-fix-it\/."},{"key":"e_1_3_2_1_46_1","unstructured":"IDC. 2021. Smartphone Market Share. https:\/\/www.idc.com\/promo\/smartphone-market-share\/vendor."},{"key":"e_1_3_2_1_47_1","unstructured":"Leagoo. accessed: 2021-09-03. Leagoo. https:\/\/www.leagoo.com\/."},{"key":"e_1_3_2_1_48_1","unstructured":"Codrut Neagu. 2021. What is firmware? What does firmware do? https:\/\/www.digitalcitizen.life\/simple-questions-what-firmware-what-does-it-do\/."},{"key":"e_1_3_2_1_49_1","volume-title":"Mind the Gap: Uncovering the Android Patch Gap Through Binary-Only Patch Level Analysis. In HITB","author":"Nohl Karsten","year":"2018","unstructured":"Karsten Nohl and Jakob Lell. 2018. Mind the Gap: Uncovering the Android Patch Gap Through Binary-Only Patch Level Analysis. In HITB 2018."},{"key":"e_1_3_2_1_50_1","unstructured":"OWASP. accessed: 2021-09-03. OWASP Mobile Security Testing Guide. https:\/\/owasp.org\/www-project-mobile-security-testing-guide\/."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00074"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_53_1","volume-title":"BlackHat","author":"Stone Maddie","year":"2019","unstructured":"Maddie Stone. 2019. Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps. In BlackHat 2019."},{"key":"e_1_3_2_1_54_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX-SEC)","author":"Tian Dave","year":"2018","unstructured":"Dave (Jing) Tian, Grant Hernandez, Joseph I. Choi, Vanessa Frost, Christie Ruales, Patrick Traynor, Hayawardh Vijayakumar, Lee Harrison, Amir Rahmati, Michael Grace, and Kevin R. B. Butler. 2018. ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem. In Proceedings of the 27th USENIX Security Symposium (USENIX-SEC), Baltimore, MD, USA, August 15--17, 2018."},{"key":"e_1_3_2_1_55_1","unstructured":"Liam Tung. 2018. Android security: Your phone's patch level says you're up to date but that may be a lie. https:\/\/www.zdnet.com\/article\/android-security-your-phones-patch-level-says-youre-up-to-date-but-that-may-be-a-lie\/."},{"key":"e_1_3_2_1_56_1","unstructured":"vicky858. accessed: 2021-09-03. SplitUpdated. https:\/\/github.com\/vicky858\/SplitUpdated."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516728"},{"key":"e_1_3_2_1_58_1","unstructured":"xpirt. accessed: 2021-09-03. sdat2img. https:\/\/github.com\/xpirt\/sdat2img."},{"key":"e_1_3_2_1_59_1","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX-SEC), Virtual Event, August 11--13","author":"Zhang Zheng","year":"2021","unstructured":"Zheng Zhang, Hang Zhang, Zhiyun Qian, and Billy Lau. 2021. An Investigation of the Android Kernel Patch Ecosystem. In Proceedings of the 30th USENIX Security Symposium (USENIX-SEC), Virtual Event, August 11--13, 2021."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590313"},{"key":"e_1_3_2_1_61_1","volume-title":"Proceedings of the 2014 IEEE Symposium on Security and Privacy (Oakland)","author":"Lee Yeonjoon","year":"2014","unstructured":"Xiao-yong Zhou, Yeonjoon Lee, Nan Zhang, Muhammad Naveed, and XiaoFeng Wang. 2014. The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (Oakland), Berkeley, CA, USA, May 18--21, 2014."}],"event":{"name":"ICSE '22: 44th International Conference on Software Engineering","location":"Pittsburgh Pennsylvania","acronym":"ICSE '22","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"]},"container-title":["Proceedings of the 44th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510072","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3510003.3510072","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:12:04Z","timestamp":1750191124000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510072"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,21]]},"references-count":61,"alternative-id":["10.1145\/3510003.3510072","10.1145\/3510003"],"URL":"https:\/\/doi.org\/10.1145\/3510003.3510072","relation":{},"subject":[],"published":{"date-parts":[[2022,5,21]]},"assertion":[{"value":"2022-07-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}