{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T22:33:21Z","timestamp":1769726001289,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T00:00:00Z","timestamp":1701302400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3611643.3616330","type":"proceedings-article","created":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T23:14:38Z","timestamp":1701386078000},"page":"1598-1610","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["ViaLin: Path-Aware Dynamic Taint Analysis for Android"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9946-1162","authenticated-orcid":false,"given":"Khaled","family":"Ahmed","sequence":"first","affiliation":[{"name":"The University of British Columbia, Vancouver, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6531-5420","authenticated-orcid":false,"given":"Yingying","family":"Wang","sequence":"additional","affiliation":[{"name":"The University of British Columbia, Vancouver, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3376-4384","authenticated-orcid":false,"given":"Mieszko","family":"Lis","sequence":"additional","affiliation":[{"name":"The University of British Columbia, Vancouver, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7280-1614","authenticated-orcid":false,"given":"Julia","family":"Rubin","sequence":"additional","affiliation":[{"name":"The University of British Columbia, Vancouver, Canada"}]}],"member":"320","published-online":{"date-parts":[[2023,11,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"[n. d.]. Avoid Hard-coded JWT Secret Keys. https:\/\/www.appmarq.com\/public\/tqi 1025030 Avoid-hard-coded-JWT-secret-keys"},{"key":"e_1_3_2_2_2_1","unstructured":"[n. d.]. DroidBench 3.0. https:\/\/github.com\/secure-software-engineering\/DroidBench\/tree\/develop"},{"key":"e_1_3_2_2_3_1","unstructured":"[n. d.]. ICC-Bench. https:\/\/github.com\/fgwei\/ICC-Bench"},{"key":"e_1_3_2_2_4_1","unstructured":"[n. d.]. JWT Hardcoded Secret Key. https:\/\/docs.boostsecurity.io\/rules\/code-jwt-hardcoded-secret-key.html"},{"key":"e_1_3_2_2_5_1","unstructured":"[n. d.]. Malicious WhatsApp Mod Distributed Through Legitimate Apps. https:\/\/securelist.com\/malicious-whatsapp-mod-distributed-through-legitimate-apps\/107690\/"},{"key":"e_1_3_2_2_6_1","unstructured":"[n. d.]. TaintBench. https:\/\/taintbench.github.io\/taintbenchSuite\/"},{"key":"e_1_3_2_2_7_1","volume-title":"Mandoline: Dynamic Slicing of Android Applications with Trace-Based Alias Analysis. In 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST). 105\u2013115","author":"Ahmed Khaled","year":"2021","unstructured":"Khaled Ahmed, Mieszko Lis, and Julia Rubin. 2021. Mandoline: Dynamic Slicing of Android Applications with Trace-Based Alias Analysis. In 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST). 105\u2013115."},{"key":"e_1_3_2_2_8_1","unstructured":"Khaled Ahmed Yingying Wang Mieszko Lis and Julia Rubin. 2023. Supplementary Materials.. https:\/\/resess.github.io\/artifacts\/ViaLin\/"},{"key":"e_1_3_2_2_9_1","volume-title":"Static Data Flow Analysis for Android Applications. Ph. D. Dissertation","author":"Arzt Steven","unstructured":"Steven Arzt. 2017. Static Data Flow Analysis for Android Applications. Ph. D. Dissertation. Darmstadt University of Technology, Germany."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00118"},{"key":"e_1_3_2_2_12_1","volume-title":"Proc. of International Conference on Security and Cryptography (SECRYPT). 1\u20138.","author":"Babil Golam Sarwar","year":"2013","unstructured":"Golam Sarwar Babil, Olivier Mehani, Roksana Boreli, and Mohamed-Ali Kaafar. 2013. On the Effectiveness of Dynamic Taint Analysis for Protecting Against Private Information Leaks on Android-based Devices. In Proc. of International Conference on Security and Cryptography (SECRYPT). 1\u20138."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.43"},{"key":"e_1_3_2_2_14_1","volume-title":"Proc. of USENIX Security Symposium.","author":"Brumley David","year":"2007","unstructured":"David Brumley, Juan Caballero, Zhenkai Liang, and James Newsome. 2007. Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. In Proc. of USENIX Security Symposium."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510161"},{"key":"e_1_3_2_2_16_1","unstructured":"Jo\u00e3o Cartucho. [n. d.]. Record and Replay Touchscreen Events on Android. https:\/\/github.com\/Cartucho\/android-touch-record-replay"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"e_1_3_2_2_18_1","volume-title":"Proc. of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI).","author":"Enck William","unstructured":"William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. 2010. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proc. of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_2_20_1","volume-title":"Proc. of USENIX Security Symposium. 2093\u20132110","author":"Fu Xiaoqin","year":"2021","unstructured":"Xiaoqin Fu and Haipeng Cai. 2021. FlowDist: Multi-Staged Refinement-Based Dynamic Information Flow Analysis for Distributed Software Systems. In Proc. of USENIX Security Symposium. 2093\u20132110."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17040-4_22"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181775.1181797"},{"key":"e_1_3_2_2_24_1","volume-title":"Proc. of Asia Conference on Computer and Communications Security (ASIA CSS). 625\u2013639","author":"Hassanshah Behnaz","unstructured":"Behnaz Hassanshah and Roland H.C. Yap. 2017. Android Database Attacks Revisited. In Proc. of Asia Conference on Computer and Communications Security (ASIA CSS). 625\u2013639."},{"key":"e_1_3_2_2_25_1","article-title":"A Practical Approach for Dynamic Taint Tracking with Control-flow Relationships","volume":"31","author":"Hough Katherine","year":"2022","unstructured":"Katherine Hough and Jonathan Bell. 2022. A Practical Approach for Dynamic Taint Tracking with Control-flow Relationships. Transactions on Software Engineering and Methodology (TOSEM), 31, 2 (2022), 26:1\u201326:43.","journal-title":"Transactions on Software Engineering and Methodology (TOSEM)"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2019.00005"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134045"},{"key":"e_1_3_2_2_28_1","volume-title":"Proc. of USENIX Security Symposium. 1705\u20131722","author":"Ji Yang","year":"2018","unstructured":"Yang Ji, Sangho Lee, Mattia Fazzini, Joey Allen, Evan Downing, Taesoo Kim, Alessandro Orso, and Wenke Lee. 2018. Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking. In Proc. of USENIX Security Symposium. 1705\u20131722."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2012.16"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181309.1181313"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/186258.186514"},{"key":"e_1_3_2_2_32_1","volume-title":"Michael A Zhivich, and RP Lippmann.","author":"Leek Timothy Robert","year":"2007","unstructured":"Timothy Robert Leek, Graham Z Baker, Ruben Edward Brown, Michael A Zhivich, and RP Lippmann. 2007. Coverage Maximization Using Dynamic Taint Tracing. MIT Lincoln Laboratory."},{"key":"e_1_3_2_2_33_1","volume-title":"Memoized Forward Computation of Dynamic Slices. In Porc. of International Symposium on Software Reliability Engineering (ISSRE). 23\u201332","author":"Masri Wes","year":"2006","unstructured":"Wes Masri, Nagi Nahas, and Andy Podgurski. 2006. Memoized Forward Computation of Dynamic Slices. In Porc. of International Symposium on Software Reliability Engineering (ISSRE). 23\u201332."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.06.002"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2008.05.008"},{"key":"e_1_3_2_2_36_1","volume-title":"Detecting and Debugging Insecure Information Flows. In Porc. of International Symposium on Software Reliability Engineering (ISSRE). 198\u2013209","author":"Masri Wes","year":"2004","unstructured":"Wes Masri, Andy Podgurski, and David Leon. 2004. Detecting and Debugging Insecure Information Flows. In Porc. of International Symposium on Software Reliability Engineering (ISSRE). 198\u2013209."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23353"},{"key":"e_1_3_2_2_38_1","volume-title":"Proc. of International Conference on Dependable Systems and Networks (DSN). 231\u2013242","author":"Arefi Meisam Navaki","unstructured":"Meisam Navaki Arefi, Geoffrey Alexander, Hooman Rokham, Aokun Chen, Michalis Faloutsos, Xuetao Wei, Daniela Seabra Oliveira, and Jedidiah R. Crandall. 2018. FAROS: Illuminating In-memory Injection Attacks via Provenance-Based Whole-System Dynamic Information Flow Tracking. In Proc. of International Conference on Dependable Systems and Networks (DSN). 231\u2013242."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236029"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213873"},{"key":"e_1_3_2_2_41_1","volume-title":"Proc. of Annual International Conference on Mobile Systems, Applications, and Services (MobiSys). 230\u2013242","author":"Razeen Ali","unstructured":"Ali Razeen, Alvin R. Lebeck, David H. Liu, Alexander Meijer, Valentin Pistol, and Landon P. Cox. 2018. SandTrap: Tracking Information Flows On Demand with Parallel Permissions. In Proc. of Annual International Conference on Mobile Systems, Applications, and Services (MobiSys). 230\u2013242."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/199448.199462"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2007.20"},{"key":"e_1_3_2_2_45_1","volume-title":"Proc. of Conference on Computer and Communications Security (CCS). 331\u2013342","author":"Wei Mingshen","year":"2016","unstructured":"Sun, Mingshen and Wei, Tao and Lui, John C.S.. 2016. TaintART: A Practical Multi-Level Information-Flow Tracking System for Android RunTime. In Proc. of Conference on Computer and Communications Security (CCS). 331\u2013342."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660357"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00031"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2866347"},{"key":"e_1_3_2_2_50_1","volume-title":"Proc. of USENIX Security Symposium. 289\u2013306","author":"Xue Lei","year":"2017","unstructured":"Lei Xue, Yajin Zhou, Ting Chen, Xiapu Luo, and Guofei Gu. 2017. Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART. In Proc. of USENIX Security Symposium. 289\u2013306."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2740169"},{"key":"e_1_3_2_2_53_1","article-title":"Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafe","author":"Zhang Junbin","year":"2021","unstructured":"Junbin Zhang, Yingying Wang, Lina Qiu, and Julia Rubin. 2021. Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafe. Transactions on Software Engineering (TSE).","journal-title":"Transactions on Software Engineering (TSE)."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590312"}],"event":{"name":"ESEC\/FSE '23: 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"San Francisco CA USA","acronym":"ESEC\/FSE '23","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3611643.3616330","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3611643.3616330","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:11Z","timestamp":1750178171000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3611643.3616330"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,30]]},"references-count":54,"alternative-id":["10.1145\/3611643.3616330","10.1145\/3611643"],"URL":"https:\/\/doi.org\/10.1145\/3611643.3616330","relation":{},"subject":[],"published":{"date-parts":[[2023,11,30]]},"assertion":[{"value":"2023-11-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}