{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T01:13:22Z","timestamp":1755825202200,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,13]],"date-time":"2024-05-13T00:00:00Z","timestamp":1715558400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,13]]},"DOI":"10.1145\/3589334.3645721","type":"proceedings-article","created":{"date-parts":[[2024,5,8]],"date-time":"2024-05-08T07:08:13Z","timestamp":1715152093000},"page":"3106-3116","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Don't Bite Off More than You Can Chew: Investigating Excessive Permission Requests in Trigger-Action Integrations"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-7090-1493","authenticated-orcid":false,"given":"Liuhuo","family":"Wan","sequence":"first","affiliation":[{"name":"University of Queensland, Brisbane, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3977-6573","authenticated-orcid":false,"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2388-1790","authenticated-orcid":false,"given":"Kulani","family":"Mahadewa","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6390-9890","authenticated-orcid":false,"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"University of Queensland, Brisbane, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,5,13]]},"reference":[{"volume-title":"General Data Protection Regulation . https:\/\/gdpr-info.eu\/. Online","year":"2022","key":"e_1_3_2_2_1_1","unstructured":"2022. General Data Protection Regulation . https:\/\/gdpr-info.eu\/. Online; Accessed: 2022-08-01."},{"volume-title":"IFTTT homepage. https:\/\/ifttt.com\/. Online","year":"2022","key":"e_1_3_2_2_2_1","unstructured":"2022. IFTTT homepage. https:\/\/ifttt.com\/. Online; Accessed: 2022-08-01."},{"key":"e_1_3_2_2_3_1","volume-title":"https:\/\/datatracker.ietf.org\/doc\/ html\/draft-ietf-oauth-rar-12. Online","author":"Rich Authorization Requests Auth","year":"2022","unstructured":"2022. OAuth 2.0 Rich Authorization Requests . https:\/\/datatracker.ietf.org\/doc\/ html\/draft-ietf-oauth-rar-12. Online; Accessed: 2022-08-01."},{"volume-title":"OAuth protocol. https:\/\/oauth.net\/. Online","year":"2022","key":"e_1_3_2_2_4_1","unstructured":"2022. OAuth protocol. https:\/\/oauth.net\/. Online; Accessed: 2022-08-01."},{"volume-title":"Zapier homepage. https:\/\/zapier.com\/. Online","year":"2022","key":"e_1_3_2_2_5_1","unstructured":"2022. Zapier homepage. https:\/\/zapier.com\/. Online; Accessed: 2022-08-01."},{"key":"e_1_3_2_2_6_1","volume-title":"https:\/\/www.appcensus.io\/search. Online","author":"Homepage AppSensus","year":"2023","unstructured":"2023. AppSensus Homepage. https:\/\/www.appcensus.io\/search. Online; Accessed: 2023-01--15."},{"key":"e_1_3_2_2_7_1","unstructured":"2023. De Swert K. Calculating inter-coder reliability in media content analysis using Krippendorff's Alpha. http:\/\/www.polcomm.org\/wp-content\/uploads\/ ICR01022012.pdf. Online; Accessed: 2023-04--27."},{"volume-title":"IFTTT Statistics and Facts. https:\/\/expandedramblings.com\/index.php\/iftttstatistics- and-facts\/. Online","year":"2023","key":"e_1_3_2_2_8_1","unstructured":"2023. IFTTT Statistics and Facts. https:\/\/expandedramblings.com\/index.php\/iftttstatistics- and-facts\/. Online; Accessed: 2023-02--10."},{"key":"e_1_3_2_2_9_1","volume-title":"LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3079--3097","author":"Hedin Daniel","year":"2023","unstructured":"MohammadMAhmadpanah, Daniel Hedin, and Andrei Sabelfeld. 2023. LazyTAP: On-Demand Data Minimization for Trigger-Action Applications. In 2023 IEEE Symposium on Security and Privacy (SP). IEEE, 3079--3097."},{"key":"e_1_3_2_2_10_1","volume-title":"PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Andow Benjamin","year":"2019","unstructured":"Benjamin Andow, Samin Yaseer Mahmud,WenyuWang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 585--602. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/andow"},{"key":"e_1_3_2_2_11_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Andow Benjamin","year":"2020","unstructured":"Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions speak louder than words:{Entity-Sensitive} privacy policy and data flowanalysis with {PoliCheck}. In 29th USENIX Security Symposium (USENIX Security 20). 985--1002."},{"key":"e_1_3_2_2_12_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Balash David G","year":"2022","unstructured":"David G Balash, Xiaoyuan Wu, Miles Grant, Irwin Reyes, and Adam J Aviv. 2022. Security and Privacy Perceptions of {Third-Party} Application Access for Google Accounts. In 31st USENIX Security Symposium (USENIX Security 22). 3397--3414."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243841"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598084"},{"key":"e_1_3_2_2_15_1","volume-title":"Yuanzhi Li, Scott Lundberg, et al.","author":"Bubeck S\u00e9bastien","year":"2023","unstructured":"S\u00e9bastien Bubeck, Varun Chandrasekaran, Ronen Eldan, Johannes Gehrke, Eric Horvitz, Ece Kamar, Peter Lee, Yin Tat Lee, Yuanzhi Li, Scott Lundberg, et al. 2023. Sparks of artificial general intelligence: Early experiments with gpt-4. arXiv preprint arXiv:2303.12712 (2023)."},{"key":"e_1_3_2_2_16_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Celik Z Berkay","year":"2018","unstructured":"Z Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A Selcuk Uluagac. 2018. Sensitive information tracking in commodity {IoT}. In 27th USENIX Security Symposium (USENIX Security 18). 1687--1704."},{"key":"e_1_3_2_2_17_1","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Celik Z Berkay","year":"2018","unstructured":"Z Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. Soteria: Automated {IoT} Safety and Security Analysis. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). 147--158."},{"key":"e_1_3_2_2_18_1","volume-title":"Practical Data Access Minimization in Trigger-Action Platforms. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Chen Yunang","year":"2022","unstructured":"Yunang Chen, Mohannad Alhanahnah, Andrei Sabelfeld, Rahul Chatterjee, and Earlence Fernandes. 2022. Practical Data Access Minimization in Trigger-Action Platforms. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2929--2945. https:\/\/www.usenix.org\/conference\/ usenixsecurity22\/presentation\/chen-yunang-practical"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00108"},{"key":"e_1_3_2_2_20_1","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020","author":"Cobb Camille","year":"2020","unstructured":"Camille Cobb, Milijana Surbatovich, Anna Kawakami, Mahmood Sharif, Lujo Bauer, Anupam Das, and Limin Jia. 2020. How Risky Are Real Users' IFTTT Applets?. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 505--529. https:\/\/www.usenix.org\/conference\/soups2020\/ presentation\/cobb"},{"key":"e_1_3_2_2_21_1","volume-title":"Permission based Android security: Issues and countermeasures. computers & security 43","author":"Fang Zheran","year":"2014","unstructured":"Zheran Fang,Weili Han, and Yingjiu Li. 2014. Permission based Android security: Issues and countermeasures. computers & security 43 (2014), 205--218."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381943"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23119"},{"volume-title":"Introduction to lattice theory with computer science applications","author":"Garg Vijay K","key":"e_1_3_2_2_24_1","unstructured":"Vijay K Garg. 2015. Introduction to lattice theory with computer science applications. John Wiley & Sons."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833729"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2021.106608"},{"key":"e_1_3_2_2_27_1","volume-title":"Ambiguity and Generality in Natural Language Privacy Policies. In 2021 IEEE 29th International Requirements Engineering Conference (RE). IEEE, 70--81","author":"Hosseini Mitra Bokaei","year":"2021","unstructured":"Mitra Bokaei Hosseini, John Heaps, Rocky Slavin, Jianwei Niu, and Travis Breaux. 2021. Ambiguity and Generality in Natural Language Privacy Policies. In 2021 IEEE 29th International Requirements Engineering Conference (RE). IEEE, 70--81."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2899758"},{"key":"e_1_3_2_2_29_1","volume-title":"NDSS","volume":"2","author":"Jia Yunhan Jack","year":"2017","unstructured":"Yunhan Jack Jia, Qi Alfred Chen, ShiqiWang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, Atul Prakash, and SJ Unviersity. 2017. ContexloT: Towards providing contextual integrity to appified IoT platforms.. In NDSS, Vol. 2. San Diego, 2--2."},{"volume-title":"Content analysis: An introduction to its methodology","author":"Krippendorff Klaus","key":"e_1_3_2_2_30_1","unstructured":"Klaus Krippendorff. 2018. Content analysis: An introduction to its methodology. Sage publications."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2022.deelio-1.10"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464838"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICECCS2018"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23176"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.241422"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24287"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052709"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345662"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23282"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180196"},{"key":"e_1_3_2_2_42_1","volume-title":"Quoc Le, and Denny Zhou.","author":"Wei Jason","year":"2022","unstructured":"Jason Wei, Xuezhi Wang, Dale Schuurmans, Maarten Bosma, Ed H. Chi, Quoc Le, and Denny Zhou. 2022. Chain of Thought Prompting Elicits Reasoning in Large Language Models. CoRR abs\/2201.11903 (2022). arXiv:2201.11903 https: \/\/arxiv.org\/abs\/2201.11903"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3560416"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00043"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3432192"},{"key":"e_1_3_2_2_46_1","volume-title":"Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 622--625","author":"Zhang Shiyu","year":"2020","unstructured":"Shiyu Zhang, Juan Zhai, Lei Bu, Mingsong Chen, LinzhangWang, and Xuandong Li. 2020. Automated generation of ltl specifications for smart home iot using natural language. In 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 622--625."}],"event":{"name":"WWW '24: The ACM Web Conference 2024","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Singapore Singapore","acronym":"WWW '24"},"container-title":["Proceedings of the ACM Web Conference 2024"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645721","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589334.3645721","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:31:20Z","timestamp":1755822680000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589334.3645721"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,13]]},"references-count":46,"alternative-id":["10.1145\/3589334.3645721","10.1145\/3589334"],"URL":"https:\/\/doi.org\/10.1145\/3589334.3645721","relation":{},"subject":[],"published":{"date-parts":[[2024,5,13]]},"assertion":[{"value":"2024-05-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}