{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:00:46Z","timestamp":1750309246315,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,15]],"date-time":"2024-04-15T00:00:00Z","timestamp":1713139200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,15]]},"DOI":"10.1145\/3643991.3644901","type":"proceedings-article","created":{"date-parts":[[2024,7,2]],"date-time":"2024-07-02T13:05:13Z","timestamp":1719925513000},"page":"361-372","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Keep Me Updated: An Empirical Study on Embedded Javascript Engines in Android Apps"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0340-9392","authenticated-orcid":false,"given":"Elliott","family":"Wen","sequence":"first","affiliation":[{"name":"The University of Auckland, Auckland, New Zealand"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-0504-9478","authenticated-orcid":false,"given":"Jiaxiang","family":"Zhou","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, Hong Kong"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9082-3208","authenticated-orcid":false,"given":"Xiapu","family":"Luo","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, Hong Kong"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6987-0803","authenticated-orcid":false,"given":"Giovanni","family":"Russello","sequence":"additional","affiliation":[{"name":"University of Auckland, Auckland, New Zealand"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9019-6550","authenticated-orcid":false,"given":"Jens","family":"Dietrich","sequence":"additional","affiliation":[{"name":"Victoria University of Wellington, Wellington, New Zealand"}]}],"member":"320","published-online":{"date-parts":[[2024,7,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Alipay developer portal. https:\/\/global.alipay.com\/docs\/ac\/tool\/miniapp."},{"key":"e_1_3_2_1_2_1","unstructured":"Aliyundrive: A file sharing service. http:\/\/www.appchina.com\/app\/com.alicloud.databox."},{"key":"e_1_3_2_1_3_1","unstructured":"Android app bundle. https:\/\/developer.android.com\/guide\/app-bundle."},{"key":"e_1_3_2_1_4_1","unstructured":"Android process and thread model. https:\/\/developer.android.com\/guide\/components\/processes-and-threads."},{"key":"e_1_3_2_1_5_1","unstructured":"Apkmirror. https:\/\/www.apkmirror.com\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Apkpure. https:\/\/apkpure.com\/."},{"key":"e_1_3_2_1_7_1","unstructured":"Appbrain ranking. https:\/\/www.appbrain.com\/stats."},{"key":"e_1_3_2_1_8_1","unstructured":"Appchina. http:\/\/m.appchina.com\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Chromium bugtracker. https:\/\/bugs.chromium.org\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Dex to java decompiler. https:\/\/github.com\/skylot\/jadx."},{"key":"e_1_3_2_1_11_1","unstructured":"Dingtalk: an enterprise-level collaboration and application development platform. https:\/\/play.google.com\/store\/apps\/details?id=com.alibaba.android.rimet."},{"key":"e_1_3_2_1_12_1","unstructured":"Finds cve pocs on github. https:\/\/github.com\/trickest\/find-gh-poc."},{"key":"e_1_3_2_1_13_1","unstructured":"J2v8. https:\/\/github.com\/eclipsesource\/J2V8."},{"key":"e_1_3_2_1_14_1","unstructured":"Language features in hermes. https:\/\/hermesengine.dev\/docs\/language-features\/."},{"key":"e_1_3_2_1_15_1","unstructured":"Layaair game engine. https:\/\/layaair.layabox.com\/."},{"key":"e_1_3_2_1_16_1","unstructured":"Liquidcore. https:\/\/github.com\/LiquidPlayer\/LiquidCore."},{"key":"e_1_3_2_1_17_1","unstructured":"Memory cage in v8. https:\/\/www.electronjs.org\/blog\/v8-memory-cage."},{"key":"e_1_3_2_1_18_1","unstructured":"Pointer compression in v8. Available at https:\/\/v8.dev\/blog\/pointer-compression."},{"key":"e_1_3_2_1_19_1","unstructured":"A powerful disassembler and a versatile debugger. https:\/\/hex-rays.com\/ida-pro\/."},{"key":"e_1_3_2_1_20_1","unstructured":"Webkit bugtracker. https:\/\/bugs.webkit.org\/."},{"key":"e_1_3_2_1_21_1","unstructured":"Zipfile library. https:\/\/docs.python.org\/3\/library\/zipfile.html."},{"key":"e_1_3_2_1_22_1","unstructured":"Zipline: using kotlin\/js libraries from kotlin\/jvm. https:\/\/github.com\/cashapp\/zipline."},{"issue":"4","key":"e_1_3_2_1_23_1","first-page":"841","article-title":"Diversified binary crash reporting","volume":"17","author":"Abrath B.","year":"2018","unstructured":"B. Abrath, B. Coppens, M. Mishra, J. Van den Broeck, and B. De Sutter. Breakpad: Diversified binary crash reporting. IEEE Transactions on Dependable and Secure Computing, 17(4):841--856, 2018.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_24_1","volume-title":"Kali Linux-Assuring security by penetration testing","author":"Allen L.","year":"2014","unstructured":"L. Allen, T. Heriyanto, and S. Ali. Kali Linux-Assuring security by penetration testing. Packt Publishing Ltd, 2014."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00122"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/3002491"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3607199.3607236"},{"key":"e_1_3_2_1_30_1","first-page":"46","volume-title":"FREENIX Track","volume":"41","author":"Bellard F.","unstructured":"F. Bellard. Qemu, a fast and portable dynamic translator. In USENIX annual technical conference, FREENIX Track, volume 41, page 46. Califor-nia, USA, 2005."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICACCAF.2017.8344724"},{"key":"e_1_3_2_1_32_1","volume-title":"The national vulnerability database (nvd): Overview","author":"Booth H.","year":"2013","unstructured":"H. Booth, D. Rike, and G. A. Witte. The national vulnerability database (nvd): Overview. 2013."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17143-7_34"},{"key":"e_1_3_2_1_34_1","volume-title":"Information Security Applications: 14th International Workshop, WISA 2013","author":"Chin E.","year":"2013","unstructured":"E. Chin and D. Wagner. Bifocals: Analyzing webview vulnerabilities in android applications. In Information Security Applications: 14th International Workshop, WISA 2013, Jeju Island, Korea, August 19-21, 2013, Revised Selected Papers 14, pages 138--159. Springer, 2014."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-09951-x"},{"issue":"4","key":"e_1_3_2_1_36_1","first-page":"10","article-title":"React native application development. Link\u00f6pings universitet","volume":"10","author":"Danielsson W.","year":"2016","unstructured":"W. Danielsson. React native application development. Link\u00f6pings universitet, Swedia, 10(4):10, 2016.","journal-title":"Swedia"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00050"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"e_1_3_2_1_39_1","volume-title":"Vulnerabilities in android webview objects: Still not the end! Computers & Security, 109:102395","author":"El-Zawawy M. A.","year":"2021","unstructured":"M. A. El-Zawawy, E. Losiouk, and M. Conti. Vulnerabilities in android webview objects: Still not the end! Computers & Security, 109:102395, 2021."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.3044"},{"key":"e_1_3_2_1_41_1","first-page":"27","volume-title":"Proceedings of the 33rd International BCS Human Computer Interaction Conference 33","author":"Goodwin C.","year":"2020","unstructured":"C. Goodwin. \"why sideload?\" user behaviours, interactions and accessibility issues around mobile app installation. In Proceedings of the 33rd International BCS Human Computer Interaction Conference 33, pages 27--30, 2020."},{"key":"e_1_3_2_1_42_1","volume-title":"Binwalk: Firmware analysis tool. URL: https:\/\/code.google.com\/p\/binwalk\/ (visited on 03\/03\/2013)","author":"Heffner C.","year":"2010","unstructured":"C. Heffner. Binwalk: Firmware analysis tool. URL: https:\/\/code.google.com\/p\/binwalk\/ (visited on 03\/03\/2013), 2010."},{"key":"e_1_3_2_1_43_1","volume-title":"Building Android Games with Cocos2d-x","author":"Hernandez R.","year":"2015","unstructured":"R. Hernandez. Building Android Games with Cocos2d-x. Packt Publishing Ltd, 2015."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3197231.3197252"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660275"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-35092-5_3"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134021"},{"key":"e_1_3_2_1_48_1","article-title":"Minitracker: Large-scale sensitive information tracking in mini apps","author":"Li W.","year":"2023","unstructured":"W. Li, B. Yang, H. Ye, L. Xiang, Q. Tao, X. Wang, and C. Zhou. Minitracker: Large-scale sensitive information tracking in mini apps. IEEE Transactions on Dependable and Secure Computing, 2023.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2017.148"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3178876.3186059"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3197231.3197260"},{"key":"e_1_3_2_1_53_1","first-page":"2017","article-title":"Cve details","volume":"16","author":"\u00d6zkan S.","year":"2017","unstructured":"S. \u00d6zkan. Cve details. Retrieved, 16:2017, 2017.","journal-title":"Retrieved"},{"key":"e_1_3_2_1_54_1","first-page":"476","article-title":"Next generation cpu emulator framework","author":"Quynh N. A.","year":"2015","unstructured":"N. A. Quynh and D. H. Vu. Unicorn: Next generation cpu emulator framework. BlackHat USA, 476, 2015.","journal-title":"BlackHat USA"},{"key":"e_1_3_2_1_55_1","first-page":"25","volume-title":"RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings 21","author":"Rizzo C.","year":"2018","unstructured":"C. Rizzo, L. Cavallaro, and J. Kinder. Babelview: Evaluating the impact of code injection attacks in mobile webviews. In Research in Attacks, Intrusions, and Defenses: 21st International Symposium, RAID 2018, Heraklion, Crete, Greece, September 10-12, 2018, Proceedings 21, pages 25--46. Springer, 2018."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23407"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2845851"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC51365.2020.00031"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110775"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516727"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3556921"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23236"},{"key":"e_1_3_2_1_63_1","volume-title":"Sok: Decoding the super app enigma: The security mechanisms, threats, and trade-offs in os-alike apps. arXiv preprint arXiv:2306.07495","author":"Yang Y.","year":"2023","unstructured":"Y. Yang, C. Wang, Y. Zhang, and Z. Lin. Sok: Decoding the super app enigma: The security mechanisms, threats, and trade-offs in os-alike apps. arXiv preprint arXiv:2306.07495, 2023."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560597"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-90421-4_6"},{"key":"e_1_3_2_1_66_1","first-page":"1597","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Zhang L.","year":"2022","unstructured":"L. Zhang, Z. Zhang, A. Liu, Y. Cao, X. Zhang, Y. Chen, Y. Zhang, G. Yang, and M. Yang. Identity confusion in {WebView-based} mobile app-in-app ecosystems. In 31st USENIX Security Symposium (USENIX Security 22), pages 1597--1613, 2022."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471625"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534410"}],"event":{"name":"MSR '24: 21st International Conference on Mining Software Repositories","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE CS"],"location":"Lisbon Portugal","acronym":"MSR '24"},"container-title":["Proceedings of the 21st International Conference on Mining Software Repositories"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643991.3644901","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643991.3644901","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:56:44Z","timestamp":1750291004000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643991.3644901"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,15]]},"references-count":68,"alternative-id":["10.1145\/3643991.3644901","10.1145\/3643991"],"URL":"https:\/\/doi.org\/10.1145\/3643991.3644901","relation":{},"subject":[],"published":{"date-parts":[[2024,4,15]]},"assertion":[{"value":"2024-07-02","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}