{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,20]],"date-time":"2025-07-20T04:05:04Z","timestamp":1752984304998,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,14]],"date-time":"2024-04-14T00:00:00Z","timestamp":1713052800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,14]]},"DOI":"10.1145\/3639477.3639742","type":"proceedings-article","created":{"date-parts":[[2024,5,31]],"date-time":"2024-05-31T13:27:26Z","timestamp":1717162046000},"page":"106-117","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["PrivacyCAT: Privacy-Aware Code Analysis at Scale"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3956-9184","authenticated-orcid":false,"given":"Ke","family":"Mao","sequence":"first","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6729-5931","authenticated-orcid":false,"given":"Cons","family":"\u00c5hs","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1396-1049","authenticated-orcid":false,"given":"Sopot","family":"Cela","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5644-5411","authenticated-orcid":false,"given":"Dino","family":"Distefano","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6094-5375","authenticated-orcid":false,"given":"Nick","family":"Gardner","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1128-0311","authenticated-orcid":false,"given":"Radu","family":"Grigore","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-0682-5056","authenticated-orcid":false,"given":"Per","family":"Gustafsson","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8001-8865","authenticated-orcid":false,"given":"\u00c1kos","family":"Hajdu","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8261-9650","authenticated-orcid":false,"given":"Timotej","family":"Kapus","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4478-9931","authenticated-orcid":false,"given":"Matteo","family":"Marescotti","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3701-277X","authenticated-orcid":false,"given":"Gabriela Cunha","family":"Sampaio","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-2517-0057","authenticated-orcid":false,"given":"Thibault","family":"Suzanne","sequence":"additional","affiliation":[{"name":"Meta, London, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2024,5,31]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99241-9_1"},{"key":"e_1_3_2_1_2_1","volume-title":"USENIX Security Symposium. 585--602","author":"Andow Benjamin","year":"2019","unstructured":"Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play.. In USENIX Security Symposium. 585--602."},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security'20)","author":"Andow Benjami","year":"2020","unstructured":"Benjami Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions speak louder than words: Entity-sensitive privacy policy and data flow analysis with policheck. In Proceedings of the 29th USENIX Security Symposium (USENIX Security'20)."},{"key":"e_1_3_2_1_4_1","unstructured":"AppCensus. 2023. App Search. https:\/\/www.appcensus.io\/search. Accessed: 2023-05-29."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1809100.1809110"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1646353.1646374"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20398-5_33"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970347"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2009.28"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/567752.567778"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338112"},{"volume-title":"Facebook's SEV Process","author":"Eason Gareth","key":"e_1_3_2_1_13_1","unstructured":"Gareth Eason. 2016. Incident Response @ FB, Facebook's SEV Process. USENIX Association, Dublin."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2020.106466"},{"key":"e_1_3_2_1_15_1","unstructured":"Manuel Egele Christopher Kruegel Engin Kirda and Giovanni Vigna. 2011. PiOS: Detecting privacy leaks in iOS applications.. In NDSS. 177--183."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_1_17_1","volume-title":"Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15, 2012. Proceedings 5. Springer, 291--307","author":"Gibler Clint","year":"2012","unstructured":"Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. 2012. AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. In Trust and Trustworthy Computing: 5th International Conference, TRUST 2012, Vienna, Austria, June 13-15, 2012. Proceedings 5. Springer, 291--307."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36742-7_19"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3546186.3549929"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2878020"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568229"},{"key":"e_1_3_2_1_23_1","volume-title":"Zoncolan: How Facebook uses static analysis to detect and prevent security issues. https:\/\/engineering.fb.com\/2019\/08\/15\/security\/zoncolan\/.","author":"Logozzo Francesco","year":"2019","unstructured":"Francesco Logozzo, Manuel Fahndrich, Ibrahim Mosaad, and Pieter Hooimeijer. 2019. Zoncolan: How Facebook uses static analysis to detect and prevent security issues. https:\/\/engineering.fb.com\/2019\/08\/15\/security\/zoncolan\/."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-SEIP58684.2023.00034"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931054"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICST53961.2022.00036"},{"key":"e_1_3_2_1_27_1","volume-title":"2019 IEEE\/ACM 27th International Conference on Program Comprehension (ICPC). IEEE, 209--219","author":"Marcilio Diego","year":"2019","unstructured":"Diego Marcilio, Rodrigo Bonif\u00e1cio, Eduardo Monteiro, Edna Canedo, Welder Luz, and Gustavo Pinto. 2019. Are static analysis violations really fixed? a closer look at realistic usage of SonarQube. In 2019 IEEE\/ACM 27th International Conference on Program Comprehension (ICPC). IEEE, 209--219."},{"key":"e_1_3_2_1_28_1","volume-title":"Proc. of ICSE'2023 (Industry Forum).","author":"Marescotti Matteo","year":"2023","unstructured":"Matteo Marescotti, \u00c1kos Hajdu, Dino Distefano, and Ke Mao. 2023. Boosting Static Analysis with Dynamic Runtime Data at WhatsApp Server. In Proc. of ICSE'2023 (Industry Forum)."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2004.17"},{"key":"e_1_3_2_1_30_1","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Ming Jiang","year":"2015","unstructured":"Jiang Ming, Dinghao Wu, Gaoyao Xiao, Jun Wang, and Peng Liu. 2015. Taintpipe: Pipelined symbolic taint analysis. In 24th USENIX Security Symposium (USENIX Security 15). 65--80."},{"key":"e_1_3_2_1_31_1","volume-title":"NDSS","volume":"5","author":"Newsome James","year":"2005","unstructured":"James Newsome and Dawn Xiaodong Song. 2005. Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software.. In NDSS, Vol. 5. Citeseer, 3--4."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2799522"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884855"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00050"},{"key":"e_1_3_2_1_35_1","volume-title":"International Conference on Applied Cryptography and Network Security. Springer, 418--435","author":"Tran Minh","year":"2012","unstructured":"Minh Tran, Xinshu Dong, Zhenkai Liang, and Xuxian Jiang. 2012. Tracking the trackers: Fast and scalable dynamic analysis of web content for privacy violations. In International Conference on Applied Cryptography and Network Security. Springer, 418--435."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCSE.2012.26"}],"event":{"name":"ICSE-SEIP '24: 46th International Conference on Software Engineering: Software Engineering in Practice","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS","Faculty of Engineering of University of Porto"],"location":"Lisbon Portugal","acronym":"ICSE-SEIP '24"},"container-title":["Proceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3639477.3639742","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3639477.3639742","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:31Z","timestamp":1750290271000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3639477.3639742"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,14]]},"references-count":36,"alternative-id":["10.1145\/3639477.3639742","10.1145\/3639477"],"URL":"https:\/\/doi.org\/10.1145\/3639477.3639742","relation":{},"subject":[],"published":{"date-parts":[[2024,4,14]]},"assertion":[{"value":"2024-05-31","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}