{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T20:10:06Z","timestamp":1755893406322,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":32,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,19]],"date-time":"2024-06-19T00:00:00Z","timestamp":1718755200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Science and Technology Council (NSTC)","award":["112-2223-E-002-010-MY4"],"award-info":[{"award-number":["112-2223-E-002-010-MY4"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,19]]},"DOI":"10.1145\/3626232.3653274","type":"proceedings-article","created":{"date-parts":[[2024,6,10]],"date-time":"2024-06-10T18:20:25Z","timestamp":1718043625000},"page":"253-264","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Risky Cohabitation: Understanding and Addressing Over-privilege Risks of Commodity Application Virtualization Platforms in Android"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-2973-3945","authenticated-orcid":false,"given":"Shou-Ching","family":"Hsiao","sequence":"first","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6883-5373","authenticated-orcid":false,"given":"Shih-Wei","family":"Li","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9592-6911","authenticated-orcid":false,"given":"Hsu-Chun","family":"Hsiao","sequence":"additional","affiliation":[{"name":"National Taiwan University, Taipei, Taiwan"}]}],"member":"320","published-online":{"date-parts":[[2024,6,19]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"A Novel Attack Leveraging Android Virtualization\". In: arXiv preprint arXiv:2010.10639","author":"Alecci Marco","year":"2020","unstructured":"Marco Alecci, Riccardo Cestaro, Mauro Conti, Ketan Kanishka, and Eleonora Losiouk. \"Mascara: A Novel Attack Leveraging Android Virtualization\". In: arXiv preprint arXiv:2010.10639 (2020)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_1_3_1","unstructured":"Android Developers. 2023. url: https:\/\/developer.android.com\/reference\/."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2019.2950134"},{"key":"e_1_3_2_1_5_1","unstructured":"asLody. VirtualApp. 2022. url: https:\/\/github.com\/asLody\/VirtualApp."},{"key":"e_1_3_2_1_6_1","first-page":"691","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Backes Michael","year":"2015","unstructured":"Michael Backes, Sven Bugiel, Christian Hammer, Oliver Schranz, and Philipp von Styp-Rekowsky. \"Boxify: Full-edged app sandboxing for stock android\". In: 24th USENIX Security Symposium (USENIX Security 15). 2015, pp. 691--706."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808122"},{"key":"e_1_3_2_1_8_1","volume-title":"Android Statistics","author":"Curry David","year":"2022","unstructured":"David Curry. Android Statistics (2022). url: https:\/\/www.businessofapps.com\/ data\/android-statistics\/."},{"key":"e_1_3_2_1_9_1","first-page":"25","volume-title":"ACM Symposium on Access Control Models and Technologies.","author":"Dai Deshun","year":"2020","unstructured":"Deshun Dai, Ruixuan Li, Junwei Tang, Ali Davanian, and Heng Yin. \"Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android\". In: ACM Symposium on Access Control Models and Technologies. 2020, pp. 25--32."},{"key":"e_1_3_2_1_10_1","unstructured":"Dual Space. url: http:\/\/www.dualspace.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"Google. Declare permissions for your app. url: https:\/\/support.google.com\/ googleplay\/android-developer\/answer\/9214102."},{"key":"e_1_3_2_1_12_1","unstructured":"Google. Permissions and APIs that Access Sensitive Information. url: https : \/\/support.google.com\/googleplay\/android-developer\/answer\/9888170."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 43rd IEEE Symposium on Security and Privacy.","author":"Hsiao Shou-Ching","year":"2022","unstructured":"Shou-Ching Hsiao and Hsu-Chun Hsiao. \"POSTER: PLUGINPERMCHECK: Preventing Permission Escalation in App Virtualization\". In: Proceedings of the 43rd IEEE Symposium on Security and Privacy. 2022."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-15-1304-6_28"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2901679"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"e_1_3_2_1_17_1","first-page":"23","volume-title":"IEEE\/ACM International Conference on Software Engineering Companion (ICSE-C). IEEE.","author":"Li Yuanchun","year":"2017","unstructured":"Yuanchun Li, Ziyue Yang, Yao Guo, and Xiangqun Chen. \"Droidbot: a lightweight ui-guided test input generator for android\". In: IEEE\/ACM International Conference on Software Engineering Companion (ICSE-C). IEEE. 2017, pp. 23--26."},{"key":"e_1_3_2_1_18_1","unstructured":"LSPosed. LSPosed. url: https:\/\/github.com\/LSPosed\/LSPosed."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of Blackhat Asia","author":"Luo Tongbo","year":"2017","unstructured":"Tongbo Luo, Cong Zheng, Zhi Xu, and Xin Ouyang. \"Anti-plugin: Don't let your app play as an Android plugin\". In: Proceedings of Blackhat Asia (2017)."},{"key":"e_1_3_2_1_20_1","unstructured":"Maven Repository. 2023. url: https:\/\/mvnrepository.com\/."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102181"},{"key":"e_1_3_2_1_22_1","unstructured":"Parallel Space. url: http:\/\/parallel-app.com\/."},{"key":"e_1_3_2_1_23_1","unstructured":"Qihoo360. DroidPlugin. 2022. url: https : \/ \/ github.com\/DroidPluginTeam\/ DroidPlugin."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23485"},{"key":"e_1_3_2_1_25_1","first-page":"222","volume-title":"Annual International Conference on Mobile Systems, Applications, and Services.","author":"Shi Luman","year":"2019","unstructured":"Luman Shi, Jianming Fu, Zhengwei Guo, and Jiang Ming. \"Jekyll and Hyde\" is Risky: Shared-Everything Threat Mitigation in Dual-Instance Apps\". In: Annual International Conference on Mobile Systems, Applications, and Services. 2019, pp. 222--235."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423341"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-191325"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2013.6698893"},{"issue":"3","key":"e_1_3_2_1_29_1","first-page":"228","article-title":"Permission-based android malware detection","volume":"2","author":"Zarni Aung Win Zaw","year":"2013","unstructured":"Win Zaw Zarni Aung. \"Permission-based android malware detection\". In: In- ternational Journal of Scientific & Technology Research 2.3 (2013), pp. 228--234.","journal-title":"In- ternational Journal of Scientific & Technology Research"},{"key":"e_1_3_2_1_30_1","article-title":"Research on third-party libraries in android apps: A taxonomy and systematic literature review","author":"Zhan Xian","year":"2021","unstructured":"Xian Zhan, Tianming Liu, Lingling Fan, Li Li, Sen Chen, Xiapu Luo, and Yang Liu. \"Research on third-party libraries in android apps: A taxonomy and systematic literature review\". In: IEEE Transactions on Software Engineering (2021).","journal-title":"IEEE Transactions on Software Engineering ("},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3322205.3311088"},{"issue":"3","key":"e_1_3_2_1_32_1","first-page":"479","article-title":"AdCapsule: Practical confinement of advertisements in android applications","volume":"17","author":"Zhu Xiaonan","year":"2018","unstructured":"Xiaonan Zhu, Jinku Li, Yajin Zhou, and Jianfeng Ma. \"AdCapsule: Practical confinement of advertisements in android applications\". In: IEEE Transactions on Dependable and Secure Computing 17.3 (2018), pp. 479--492.","journal-title":"IEEE Transactions on Dependable and Secure Computing"}],"event":{"name":"CODASPY '24: Fourteenth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Porto Portugal","acronym":"CODASPY '24"},"container-title":["Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3626232.3653274","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3626232.3653274","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T19:49:47Z","timestamp":1755892187000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3626232.3653274"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,19]]},"references-count":32,"alternative-id":["10.1145\/3626232.3653274","10.1145\/3626232"],"URL":"https:\/\/doi.org\/10.1145\/3626232.3653274","relation":{},"subject":[],"published":{"date-parts":[[2024,6,19]]},"assertion":[{"value":"2024-06-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}