{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T04:08:08Z","timestamp":1768968488084,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":20,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,10]],"date-time":"2023-07-10T00:00:00Z","timestamp":1688947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,10]]},"DOI":"10.1145\/3579856.3582832","type":"proceedings-article","created":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T14:52:13Z","timestamp":1688568733000},"page":"899-912","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["CryptoShield - Automatic On-Device Mitigation for Crypto API Misuse in Android Applications"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3477-1511","authenticated-orcid":false,"given":"Florian","family":"Draschbacher","sequence":"first","affiliation":[{"name":"Graz University of Technology, Austria and Secure Information Technology Center Austria, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3624-3165","authenticated-orcid":false,"given":"Johannes","family":"Feichtner","sequence":"additional","affiliation":[{"name":"Dynatrace Austria GmbH, Austria"}]}],"member":"320","published-online":{"date-parts":[[2023,7,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses","author":"Afrose Sharmin","year":"2019","unstructured":"Sharmin Afrose , Sazzadur Rahaman , and Danfeng Yao . 2019. CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses . In IEEE Cybersecurity Development (SecDev) . https:\/\/doi.org\/10.1109\/SecDev. 2019 .00017 10.1109\/SecDev.2019.00017 Sharmin Afrose, Sazzadur Rahaman, and Danfeng Yao. 2019. CryptoAPI-Bench: A Comprehensive Benchmark on Java Cryptographic API Misuses. In IEEE Cybersecurity Development (SecDev). https:\/\/doi.org\/10.1109\/SecDev.2019.00017"},{"key":"e_1_3_2_1_2_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Bates Adam","year":"2014","unstructured":"Adam Bates , Joe Pletcher , Tyler Nichols , Braden Hollembaek , Dave Tian , Kevin R.\u00a0B. Butler , and Abdulrahman Alkhelaifi . 2014 . Securing SSL Certificate Verification through Dynamic Linking . In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10 .1145\/2660267.2660338 10.1145\/2660267.2660338 Adam Bates, Joe Pletcher, Tyler Nichols, Braden Hollembaek, Dave Tian, Kevin R.\u00a0B. Butler, and Abdulrahman Alkhelaifi. 2014. Securing SSL Certificate Verification through Dynamic Linking. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/2660267.2660338"},{"key":"e_1_3_2_1_3_1","volume-title":"IFIP Networking Conference, Networking and Workshops. https:\/\/doi.org\/10","author":"Buhov Damjan","year":"2016","unstructured":"Damjan Buhov , Markus Huber , Georg Merzdovnik , and Edgar\u00a0 R. Weippl . 2016 . Pin it! Improving Android network security at runtime . In IFIP Networking Conference, Networking and Workshops. https:\/\/doi.org\/10 .1109\/IFIPNetworking.2016.7497238 10.1109\/IFIPNetworking.2016.7497238 Damjan Buhov, Markus Huber, Georg Merzdovnik, and Edgar\u00a0R. Weippl. 2016. Pin it! Improving Android network security at runtime. In IFIP Networking Conference, Networking and Workshops. https:\/\/doi.org\/10.1109\/IFIPNetworking.2016.7497238"},{"key":"e_1_3_2_1_4_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Egele Manuel","year":"2013","unstructured":"Manuel Egele , David Brumley , Yanick Fratantonio , and Christopher Kruegel . 2013 . An empirical study of cryptographic misuse in android applications . In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10 .1145\/2508859.2516693 10.1145\/2508859.2516693 Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in android applications. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_5_1","volume-title":"ACM Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Fahl Sascha","year":"2012","unstructured":"Sascha Fahl , Marian Harbach , Thomas Muders , Matthew Smith , Lars Baumg\u00e4rtner , and Bernd Freisleben . 2012 . Why eve and mallory love android: an analysis of android SSL (in)security . In ACM Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10 .1145\/2382196.2382205 10.1145\/2382196.2382205 Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumg\u00e4rtner, and Bernd Freisleben. 2012. Why eve and mallory love android: an analysis of android SSL (in)security. In ACM Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/2382196.2382205"},{"key":"e_1_3_2_1_6_1","volume-title":"ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Fahl Sascha","year":"2013","unstructured":"Sascha Fahl , Marian Harbach , Henning Perl , Markus Koetter , and Matthew Smith . 2013 . Rethinking SSL development in an appified world . In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10 .1145\/2508859.2516655 10.1145\/2508859.2516655 Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Matthew Smith. 2013. Rethinking SSL development in an appified world. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/2508859.2516655"},{"key":"e_1_3_2_1_7_1","volume-title":"35th International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10","author":"Johnson Brittany","year":"2013","unstructured":"Brittany Johnson , Yoonki Song , Emerson\u00a0 R. Murphy-Hill , and Robert\u00a0 W. Bowdidge . 2013 . Why don\u2019t software developers use static analysis tools to find bugs? . In 35th International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10 .1109\/ICSE.2013.6606613 10.1109\/ICSE.2013.6606613 Brittany Johnson, Yoonki Song, Emerson\u00a0R. Murphy-Hill, and Robert\u00a0W. Bowdidge. 2013. Why don\u2019t software developers use static analysis tools to find bugs?. In 35th International Conference on Software Engineering (ICSE). https:\/\/doi.org\/10.1109\/ICSE.2013.6606613"},{"key":"e_1_3_2_1_8_1","unstructured":"Alex Klyubin. 2013. Some SecureRandom Thoughts. https:\/\/android-developers.googleblog.com\/2013\/08\/some-securerandom-thoughts.html  Alex Klyubin. 2013. Some SecureRandom Thoughts. https:\/\/android-developers.googleblog.com\/2013\/08\/some-securerandom-thoughts.html"},{"key":"e_1_3_2_1_9_1","volume-title":"IEEE\/ACM International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10","author":"Kr\u00fcger Stefan","year":"2017","unstructured":"Stefan Kr\u00fcger , Sarah Nadi , Michael Reif , Karim Ali , Mira Mezini , Eric Bodden , Florian G\u00f6pfert , Felix G\u00fcnther , Christian Weinert , Daniel Demmler , and Ram Kamath . 2017 . CogniCrypt: supporting developers in using cryptography . In IEEE\/ACM International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10 .1109\/ASE.2017.8115707 10.1109\/ASE.2017.8115707 Stefan Kr\u00fcger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian G\u00f6pfert, Felix G\u00fcnther, Christian Weinert, Daniel Demmler, and Ram Kamath. 2017. CogniCrypt: supporting developers in using cryptography. In IEEE\/ACM International Conference on Automated Software Engineering (ASE). https:\/\/doi.org\/10.1109\/ASE.2017.8115707"},{"key":"e_1_3_2_1_10_1","volume-title":"CDRep: Automatic Repair of Cryptographic Misuses in Android Applications. In 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS). https:\/\/doi.org\/10","author":"Ma Siqi","year":"2016","unstructured":"Siqi Ma , David Lo , Teng Li , and Robert\u00a0 H. Deng . 2016 . CDRep: Automatic Repair of Cryptographic Misuses in Android Applications. In 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS). https:\/\/doi.org\/10 .1145\/2897845.2897896 10.1145\/2897845.2897896 Siqi Ma, David Lo, Teng Li, and Robert\u00a0H. Deng. 2016. CDRep: Automatic Repair of Cryptographic Misuses in Android Applications. In 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS). https:\/\/doi.org\/10.1145\/2897845.2897896"},{"key":"e_1_3_2_1_11_1","volume-title":"31st Annual International Conference on Computer Science and Software Engineering (CASCON). https:\/\/doi.org\/10","author":"Newbury Kristen","year":"2021","unstructured":"Kristen Newbury , Karim Ali , and Andrew Craik . 2021 . Hotfixing misuses of crypto APIs in Java programs . In 31st Annual International Conference on Computer Science and Software Engineering (CASCON). https:\/\/doi.org\/10 .5555\/3507788.3507799 10.5555\/3507788.3507799 Kristen Newbury, Karim Ali, and Andrew Craik. 2021. Hotfixing misuses of crypto APIs in Java programs. In 31st Annual International Conference on Computer Science and Software Engineering (CASCON). https:\/\/doi.org\/10.5555\/3507788.3507799"},{"key":"e_1_3_2_1_12_1","volume-title":"Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. In 30th USENIX Security Symposium.","author":"Oltrogge Marten","year":"2021","unstructured":"Marten Oltrogge , Nicolas Huaman , Sabrina Amft , Yasemin Acar , Michael Backes , and Sascha Fahl . 2021 . Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. In 30th USENIX Security Symposium. Marten Oltrogge, Nicolas Huaman, Sabrina Amft, Yasemin Acar, Michael Backes, and Sascha Fahl. 2021. Why Eve and Mallory Still Love Android: Revisiting TLS (In)Security in Android Applications. In 30th USENIX Security Symposium."},{"key":"e_1_3_2_1_13_1","volume-title":"CRYLOGGER: Detecting Crypto Misuses Dynamically. In 42nd IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10","author":"Piccolboni Luca","year":"2021","unstructured":"Luca Piccolboni , Giuseppe\u00a0Di Guglielmo , Luca\u00a0 P. Carloni , and Simha Sethumadhavan . 2021 . CRYLOGGER: Detecting Crypto Misuses Dynamically. In 42nd IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10 .1109\/SP40001.2021.00010 10.1109\/SP40001.2021.00010 Luca Piccolboni, Giuseppe\u00a0Di Guglielmo, Luca\u00a0P. Carloni, and Simha Sethumadhavan. 2021. CRYLOGGER: Detecting Crypto Misuses Dynamically. In 42nd IEEE Symposium on Security and Privacy (SP). https:\/\/doi.org\/10.1109\/SP40001.2021.00010"},{"key":"e_1_3_2_1_14_1","volume-title":"21st Annual Network and Distributed System Security Symposium (NDSS).","author":"Poeplau Sebastian","year":"2014","unstructured":"Sebastian Poeplau , Yanick Fratantonio , Antonio Bianchi , Christopher Kruegel , and Giovanni Vigna . 2014 . Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications . In 21st Annual Network and Distributed System Security Symposium (NDSS). Sebastian Poeplau, Yanick Fratantonio, Antonio Bianchi, Christopher Kruegel, and Giovanni Vigna. 2014. Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In 21st Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_15_1","volume-title":"CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10","author":"Rahaman Sazzadur","year":"2019","unstructured":"Sazzadur Rahaman , Ya Xiao , Sharmin Afrose , Fahad Shaon , Ke Tian , Miles Frantz , Murat Kantarcioglu , and Danfeng\u00a0(Daphne) Yao. 2019 . CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10 .1145\/3319535.3345659 10.1145\/3319535.3345659 Sazzadur Rahaman, Ya Xiao, Sharmin Afrose, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, and Danfeng\u00a0(Daphne) Yao. 2019. CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects. In ACM SIGSAC Conference on Computer and Communications Security (CCS). https:\/\/doi.org\/10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_16_1","volume-title":"25th Annual Network and Distributed System Security Symposium (NDSS).","author":"Ren Jingjing","year":"2018","unstructured":"Jingjing Ren , Martina Lindorfer , Daniel\u00a0 J. Dubois , Ashwin Rao , David\u00a0 R. Choffnes , and Narseo Vallina-Rodriguez . 2018 . Bug Fixes, Improvements,... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions . In 25th Annual Network and Distributed System Security Symposium (NDSS). Jingjing Ren, Martina Lindorfer, Daniel\u00a0J. Dubois, Ashwin Rao, David\u00a0R. Choffnes, and Narseo Vallina-Rodriguez. 2018. Bug Fixes, Improvements,... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions. In 25th Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_17_1","volume-title":"FireBugs: Finding and Repairing Cryptography API Misuses in Mobile Applications","author":"Singleton Larry","year":"2021","unstructured":"Larry Singleton , Rui Zhao , Harvey\u00a0 P. Siy , and Myoungkyu Song . 2021. FireBugs: Finding and Repairing Cryptography API Misuses in Mobile Applications . In IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC) . https:\/\/doi.org\/10.1109\/COMPSAC51774. 2021 .00165 10.1109\/COMPSAC51774.2021.00165 Larry Singleton, Rui Zhao, Harvey\u00a0P. Siy, and Myoungkyu Song. 2021. FireBugs: Finding and Repairing Cryptography API Misuses in Mobile Applications. In IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC). https:\/\/doi.org\/10.1109\/COMPSAC51774.2021.00165"},{"key":"e_1_3_2_1_18_1","volume-title":"Automated Detection of SSL\/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In 21st Annual Network and Distributed System Security Symposium (NDSS).","author":"Sounthiraraj David","year":"2014","unstructured":"David Sounthiraraj , Justin Sahs , Garret Greenwood , Zhiqiang Lin , and Latifur Khan . 2014 . SMV-Hunter: Large Scale , Automated Detection of SSL\/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In 21st Annual Network and Distributed System Security Symposium (NDSS). David Sounthiraraj, Justin Sahs, Garret Greenwood, Zhiqiang Lin, and Latifur Khan. 2014. SMV-Hunter: Large Scale, Automated Detection of SSL\/TLS Man-in-the-Middle Vulnerabilities in Android Apps. In 21st Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_19_1","volume-title":"An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities. CoRR abs\/1410.7745","author":"Tendulkar Vasant","year":"2014","unstructured":"Vasant Tendulkar and William Enck . 2014. An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities. CoRR abs\/1410.7745 ( 2014 ). Vasant Tendulkar and William Enck. 2014. An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities. CoRR abs\/1410.7745 (2014)."},{"key":"e_1_3_2_1_20_1","volume-title":"Idea: Callee-Site Rewriting of Sealed System Libraries. In Engineering Secure Software and Systems - 5th International Symposium (ESSoS). https:\/\/doi.org\/10.1007\/978-3-642-36563-8_3","author":"Styp-Rekowsky Philipp Von","year":"2013","unstructured":"Philipp Von Styp-Rekowsky , Sebastian Gerling , Michael Backes , and Christian Hammer . 2013 . Idea: Callee-Site Rewriting of Sealed System Libraries. In Engineering Secure Software and Systems - 5th International Symposium (ESSoS). https:\/\/doi.org\/10.1007\/978-3-642-36563-8_3 10.1007\/978-3-642-36563-8_3 Philipp Von Styp-Rekowsky, Sebastian Gerling, Michael Backes, and Christian Hammer. 2013. Idea: Callee-Site Rewriting of Sealed System Libraries. In Engineering Secure Software and Systems - 5th International Symposium (ESSoS). https:\/\/doi.org\/10.1007\/978-3-642-36563-8_3"}],"event":{"name":"ASIA CCS '23: ACM ASIA Conference on Computer and Communications Security","location":"Melbourne VIC Australia","acronym":"ASIA CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582832","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:28Z","timestamp":1750182688000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3579856.3582832"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,10]]},"references-count":20,"alternative-id":["10.1145\/3579856.3582832","10.1145\/3579856"],"URL":"https:\/\/doi.org\/10.1145\/3579856.3582832","relation":{},"subject":[],"published":{"date-parts":[[2023,7,10]]},"assertion":[{"value":"2023-07-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}