{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T06:18:00Z","timestamp":1773555480075,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,13]],"date-time":"2024-05-13T00:00:00Z","timestamp":1715558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,13]]},"DOI":"10.1145\/3589334.3645697","type":"proceedings-article","created":{"date-parts":[[2024,5,8]],"date-time":"2024-05-08T07:08:13Z","timestamp":1715152093000},"page":"1892-1901","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Is It Safe to Share Your Files? An Empirical Security Analysis of Google Workspace"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-7090-1493","authenticated-orcid":false,"given":"Liuhuo","family":"Wan","sequence":"first","affiliation":[{"name":"University of Queensland, Brisbane, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3977-6573","authenticated-orcid":false,"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6390-9890","authenticated-orcid":false,"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"University of Queensland, Brisbane, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,5,13]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2023. Add-ons types. https:\/\/developers.google.com\/apps-script\/reference\/gmail\/gmail-app#sendemailrecipient -subject -body -options"},{"key":"e_1_3_2_2_2_1","unstructured":"2023. Build Google Workspace Add-ons. https:\/\/developers.google.com\/apps-script\/add-ons\/how-tos\/building-workspace-addons"},{"key":"e_1_3_2_2_3_1","unstructured":"2023. General Access for your file. https:\/\/support.google.com\/drive\/answer\/2494822?hl=en&co=GENIE.Platform%3DDesktop&sjid=7887102158262290938-AP#zippy=%2Cchoose-if-people-can-view-comment-or-edit%2Cchange-the-general-access-for-your-file"},{"key":"e_1_3_2_2_4_1","unstructured":"2023. Google API Services User Data Policy. https:\/\/developers.google.com\/terms\/api-services-user-data-policy"},{"key":"e_1_3_2_2_5_1","unstructured":"2023. Google Workspace Marketplace. https:\/\/en.wikipedia.org\/wiki\/Google_Workspace_Marketplace"},{"key":"e_1_3_2_2_6_1","volume-title":"Google Workspace User Stats","year":"2023","unstructured":"2023. Google Workspace User Stats (2023). https:\/\/explodingtopics.com\/blog\/google-workspace-stats"},{"key":"e_1_3_2_2_7_1","unstructured":"2023. Market Share of Google Workspace. https:\/\/6sense.com\/tech\/office-suites\/google-workspace-market-share"},{"key":"e_1_3_2_2_8_1","unstructured":"2023. OAuth API verification FAQs. https:\/\/support.google.com\/cloud\/answer\/9110914?hl=en&sjid=7420817705128385010-AP"},{"key":"e_1_3_2_2_9_1","unstructured":"2023. Publish apps to the Google Workspace Marketplace. https:\/\/developers.google.com\/workspace\/marketplace\/how-to-publish"},{"key":"e_1_3_2_2_10_1","unstructured":"2023. Zoho Third Party App. https:\/\/marketplace.zoho.com\/home"},{"key":"e_1_3_2_2_11_1","unstructured":"2024. Get Document Details. https:\/\/www.zoho.com\/writer\/help\/api\/v1\/get-document-details.html"},{"key":"e_1_3_2_2_12_1","unstructured":"2024. word package. https:\/\/learn.microsoft.com\/en-us\/javascript\/api\/word?view=word-js-preview"},{"key":"e_1_3_2_2_13_1","volume-title":"LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3079--3097","author":"Ahmadpanah Mohammad M","year":"2023","unstructured":"Mohammad M Ahmadpanah, Daniel Hedin, and Andrei Sabelfeld. 2023. LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3079--3097."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243778"},{"key":"e_1_3_2_2_15_1","volume-title":"Security and Privacy Perceptions of Third-Party Application Access for Google Accounts. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Balash David G.","unstructured":"David G. Balash, Xiaoyuan Wu, Miles Grant, Irwin Reyes, and Adam J. Aviv. 2022. Security and Privacy Perceptions of Third-Party Application Access for Google Accounts. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3397--3414. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/balash"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243841"},{"key":"e_1_3_2_2_17_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Celik Z Berkay","year":"2018","unstructured":"Z Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A Selcuk Uluagac. 2018. Sensitive information tracking in commodity {IoT}. In 27th USENIX Security Symposium (USENIX Security 18). 1687--1704."},{"key":"e_1_3_2_2_18_1","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Celik Z Berkay","year":"2018","unstructured":"Z Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated {IoT} safety and security analysis. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). 147--158."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660323"},{"key":"e_1_3_2_2_20_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Chen Sanchuan","year":"2021","unstructured":"Sanchuan Chen, Zhiqiang Lin, and Yinqian Zhang. 2021. {SelectiveTaint}: Efficient Data Flow Tracking With Static Binary Rewriting. In 30th USENIX Security Symposium (USENIX Security 21). 1665--1682."},{"key":"e_1_3_2_2_21_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Chen Yunang","year":"2022","unstructured":"Yunang Chen, Mohannad Alhanahnah, Andrei Sabelfeld, Rahul Chatterjee, and Earlence Fernandes. 2022. Practical Data Access Minimization in {Trigger- Action} Platforms. In 31st USENIX Security Symposium (USENIX Security 22). 2929--2945."},{"key":"e_1_3_2_2_22_1","volume-title":"Experimental Security Analysis of the App Model in Business Collaboration Platforms. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Chen Yunang","year":"2022","unstructured":"Yunang Chen, Yue Gao, Nick Ceccio, Rahul Chatterjee, Kassem Fawaz, and Earlence Fernandes. 2022. Experimental Security Analysis of the App Model in Business Collaboration Platforms. In 31st USENIX Security Symposium (USENIX Security 22). 2011--2028."},{"key":"e_1_3_2_2_23_1","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS","author":"Cobb Camille","year":"2020","unstructured":"Camille Cobb, Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, and Limin Jia. 2020. How Risky Are Real Users'{IFTTT} Applets?. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). 505--529."},{"key":"e_1_3_2_2_24_1","volume-title":"Pios: Detecting privacy leaks in ios applications.. In NDSS. 177--183.","author":"Egele Manuel","year":"2011","unstructured":"Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2011. Pios: Detecting privacy leaks in ios applications.. In NDSS. 177--183."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.44"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13198-015-0376-0"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCAA.2016.7813778"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897886"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03237-0_17"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2018.8486369"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3092703.3092708"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559371"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00061"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2960449"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464838"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3409118.3475144"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23176"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3131365.3131369"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23092"},{"key":"e_1_3_2_2_41_1","volume-title":"NDSS","volume":"5","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Xiaodong Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software.. In NDSS, Vol. 5. Citeseer, 3--4."},{"key":"e_1_3_2_2_42_1","volume-title":"Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK. In Annual Computer Security Applications Conference. 234--248","author":"Oesch Sean","year":"2020","unstructured":"Sean Oesch, Ruba Abu-Salma, Oumar Diallo, Juliane Kr\u00e4mer, James Simmons, Justin Wu, and Scott Ruoti. 2020. Understanding User Perceptions of Security and Privacy for Group Chat: A Survey of Users in the US and UK. In Annual Computer Security Applications Conference. 234--248."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00036"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_2_45_1","unstructured":"William Stallings. 2015. Computer security principles and practice."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052709"},{"key":"e_1_3_2_2_47_1","volume-title":"NDSS","volume":"2007","author":"Vogt Philipp","year":"2007","unstructured":"Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2007. Cross site scripting prevention with dynamic data tainting and static analysis.. In NDSS, Vol. 2007. 12."},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00086"},{"key":"e_1_3_2_2_49_1","volume-title":"Uncovering and Exploiting Hidden APIs in Mobile Super Apps. arXiv preprint arXiv:2306.08134","author":"Wang Chao","year":"2023","unstructured":"Chao Wang, Yue Zhang, and Zhiqiang Lin. 2023. Uncovering and Exploiting Hidden APIs in Mobile Super Apps. arXiv preprint arXiv:2306.08134 (2023)."},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516727"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3560416"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.2197\/ipsjjip.31.609"},{"key":"e_1_3_2_2_53_1","volume-title":"Hazard Integrated: Understanding the Security Risks of App Extensions on Team Chat Systems. In Network and Distributed Systems Security Symposium. 24--28","author":"Zha Mingming","year":"2022","unstructured":"Mingming Zha, J Wang, et al. 2022. Hazard Integrated: Understanding the Security Risks of App Extensions on Team Chat Systems. In Network and Distributed Systems Security Symposium. 24--28."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516661"}],"event":{"name":"WWW '24: The ACM Web Conference 2024","location":"Singapore Singapore","acronym":"WWW '24","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the ACM Web Conference 2024"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645697","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589334.3645697","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:33:09Z","timestamp":1755822789000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645697"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,13]]},"references-count":54,"alternative-id":["10.1145\/3589334.3645697","10.1145\/3589334"],"URL":"https:\/\/doi.org\/10.1145\/3589334.3645697","relation":{},"subject":[],"published":{"date-parts":[[2024,5,13]]},"assertion":[{"value":"2024-05-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}