{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,13]],"date-time":"2026-06-13T05:38:41Z","timestamp":1781329121330,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":102,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,4]],"date-time":"2024-11-04T00:00:00Z","timestamp":1730678400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,4]]},"DOI":"10.1145\/3646547.3688405","type":"proceedings-article","created":{"date-parts":[[2024,11,1]],"date-time":"2024-11-01T09:40:26Z","timestamp":1730454026000},"page":"114-129","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Whatcha Lookin' At: Investigating Third-Party Web Content in Popular Android Apps"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8354-7241","authenticated-orcid":false,"given":"Dhruv","family":"Kuchhal","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-7962-4460","authenticated-orcid":false,"given":"Karthik","family":"Ramakrishnan","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2242-048X","authenticated-orcid":false,"given":"Frank","family":"Li","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,11,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2015. Android Developers Blog: Chrome custom tabs smooth the transition between apps and the web. https:\/\/android-developers.googleblog.com\/2015\/09\/chromecustom-tabs-smooth-transition.html."},{"key":"e_1_3_2_1_2_1","unstructured":"2015. Chrome custom tabs smooth the transition between apps and the web. https:\/\/android-developers.googleblog.com\/2015\/09\/chrome-customtabs-smooth-transition.html."},{"key":"e_1_3_2_1_3_1","unstructured":"2019. How to Disable In-App Browser for Android Apps. https:\/\/gadgetstouse.com\/blog\/2019\/12\/21\/how-to-disable-in-app-browser-for-android-apps\/"},{"key":"e_1_3_2_1_4_1","unstructured":"2020. Firebase Android SDK Release Notes. https:\/\/firebase.google.com\/support\/ release-notes\/android#2020-11-12"},{"key":"e_1_3_2_1_5_1","unstructured":"2020. Securing WebViews with Chrome Custom Tabs. https:\/\/plaid.com\/blog\/securing-webviews-with-chrome-custom-tabs."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. Deprecating Facebook Login support on Android WebViews. https:\/\/developers.facebook.com\/docs\/facebook-login\/android\/deprecatingwebviews\/."},{"key":"e_1_3_2_1_7_1","unstructured":"2021. Deprecating support for FB Login authentication on Android embedded browsers. https:\/\/developers.facebook.com\/blog\/post\/2021\/06\/28\/deprecatingsupport-fb-login-authentication-android-embedded-browsers\/."},{"key":"e_1_3_2_1_8_1","unstructured":"2022. Google Groups: Clarifying WebView and Chrome Custom Tabs support for Android's implementation of Passkeys. https:\/\/groups.google.com\/a\/fidoalliance. org\/g\/fido-dev\/c\/SWuq7ORnnLQ."},{"key":"e_1_3_2_1_9_1","unstructured":"2023. About checkout on Facebook and Instagram Shops. https:\/\/www.facebook. com\/business\/help\/2509359009104717?id=533228987210412"},{"key":"e_1_3_2_1_10_1","unstructured":"2023. androguard\/androguard. https:\/\/github.com\/androguard\/androguard"},{"key":"e_1_3_2_1_11_1","unstructured":"2023. Android Developers: Web-based content. https:\/\/developer.android.com\/ develop\/ui\/views\/layout\/webapps."},{"key":"e_1_3_2_1_12_1","unstructured":"2023. Android Developers: WebView. https:\/\/developer.android.com\/reference\/ android\/webkit\/WebView"},{"key":"e_1_3_2_1_13_1","unstructured":"2023. AndroidRadar. https:\/\/github.com\/cedexis\/androidradar"},{"key":"e_1_3_2_1_14_1","unstructured":"2023. App Tracking Transparency. https:\/\/developer.apple.com\/documentation\/ apptrackingtransparency"},{"key":"e_1_3_2_1_15_1","unstructured":"2023. Create Deep Links to App Content. https:\/\/developer.android.com\/training\/ app-links\/deep-linking."},{"key":"e_1_3_2_1_16_1","unstructured":"2023. Custom Tabs: Getting started. https:\/\/developer.chrome.com\/docs\/android\/ custom-tabs\/guide-get-started."},{"key":"e_1_3_2_1_17_1","unstructured":"2023. Flutter. https:\/\/flutter.dev"},{"key":"e_1_3_2_1_18_1","unstructured":"2023. flutter_inappwebview. https:\/\/pub.dev\/packages\/flutter_inappwebview"},{"key":"e_1_3_2_1_19_1","unstructured":"2023. Frida. https:\/\/frida.re."},{"key":"e_1_3_2_1_20_1","unstructured":"2023. google-play-scraper. https:\/\/pypi.org\/project\/google-play-scraper\/"},{"key":"e_1_3_2_1_21_1","unstructured":"2023. Google Play SDK Index. https:\/\/play.google.com\/sdks."},{"key":"e_1_3_2_1_22_1","unstructured":"2023. Integrate the WebView API for Ads. https:\/\/developers.google.com\/admob\/ android\/webview"},{"key":"e_1_3_2_1_23_1","unstructured":"2023. LineageOS Android Distribution. https:\/\/lineageos.org\/."},{"key":"e_1_3_2_1_24_1","unstructured":"2023. Meta Pay. https:\/\/pay.facebook.com"},{"key":"e_1_3_2_1_25_1","unstructured":"2023. Mobile vs. Desktop vs. Tablet Traffic Market Share. https:\/\/www. similarweb.com\/platforms\/"},{"key":"e_1_3_2_1_26_1","unstructured":"2023. Naming a Package. https:\/\/docs.oracle.com\/javase\/tutorial\/java\/package\/ namingpkgs.html."},{"key":"e_1_3_2_1_27_1","unstructured":"2023. NidOAuthBehavior.kt. https:\/\/github.com\/naver\/naveridlogin-sdkandroid\/ blob\/master\/Nid-OAuth\/src\/main\/java\/com\/navercorp\/nid\/oauth\/NidOAuthBehavior.kt."},{"key":"e_1_3_2_1_28_1","unstructured":"2023. Open a Custom Tab for links in a WebView. https:\/\/developer.chrome.com\/ docs\/android\/custom-tabs\/howto-custom-tab-from-webview"},{"key":"e_1_3_2_1_29_1","unstructured":"2023. Partial Custom Tabs. https:\/\/developer.chrome.com\/blog\/whats-new-inweb-on-android-io2023\/#partial-custom-tabs"},{"key":"e_1_3_2_1_30_1","unstructured":"2023. Radar. https:\/\/docs.netscaler.com\/en-us\/citrix-intelligent-trafficmanagement\/ radar.html"},{"key":"e_1_3_2_1_31_1","unstructured":"2023. Remote debug Android devices. https:\/\/developer.chrome.com\/docs\/ devtools\/remote-debugging\/"},{"key":"e_1_3_2_1_32_1","unstructured":"2023. System WebView Shell. https:\/\/chromium.googlesource.com\/chromium\/src\/\/HEAD\/android_webview\/docs\/webview-shell.md"},{"key":"e_1_3_2_1_33_1","unstructured":"2023. url_launcher. https:\/\/pub.dev\/packages\/url_launcher"},{"key":"e_1_3_2_1_34_1","unstructured":"2023. View logs with Logcat. https:\/\/developer.android.com\/studio\/debug\/logcat"},{"key":"e_1_3_2_1_35_1","unstructured":"2023. Web links. https:\/\/developer.android.com\/training\/app-links#web-links."},{"key":"e_1_3_2_1_36_1","unstructured":"2024. Optimize Custom Tabs (Beta). https:\/\/developers.google.com\/admob\/ android\/browser\/custom-tabs"},{"key":"e_1_3_2_1_37_1","unstructured":"Google AdMob. 2023. Ad units ad formats & ad types. https:\/\/support.google.com\/admob\/answer\/6128738"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2022.23003"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_1_40_1","volume-title":"Damien Octeau, and Patrick McDaniel.","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM SIGPLAN Notices (2014)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_2_1_42_1","volume-title":"BridgeTaint: A Bi-Directional Dynamic Taint Tracking Method for JavaScript Bridges in Android Hybrid Applications","author":"Bai Junyang","year":"2018","unstructured":"Junyang Bai, Weiping Wang, Yan Qin, Shigeng Zhang, Jianxin Wang, and Yi Pan. 2018. BridgeTaint: A Bi-Directional Dynamic Taint Tracking Method for JavaScript Bridges in Android Hybrid Applications. IEEE Transactions on Information Forensics and Security (2018)."},{"key":"e_1_3_2_1_43_1","volume-title":"Tabbed Out: Subverting the Android Custom Tab Security Model. In IEEE Symposium on Security and Privacy.","author":"Beer Philipp","year":"2024","unstructured":"Philipp Beer, Marco Squarcina, Lorenzo Veronese, and Martina Lindorfer. 2024. Tabbed Out: Subverting the Android Custom Tab Security Model. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_44_1","volume-title":"Workshop of Designing Security for the Web.","author":"Beer Philipp","year":"2022","unstructured":"Philipp Beer, Lorenzo Veronese, Marco Squarcina, and Martina Lindorfer. 2022. The Bridge between Web Applications and Mobile Platforms is Still Broken. In Workshop of Designing Security for the Web."},{"key":"e_1_3_2_1_45_1","volume-title":"USENIX Security Symposium.","author":"Bonett Richard","year":"2018","unstructured":"Richard Bonett, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, and Denys Poshyvanyk. 2018. Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation. In USENIX Security Symposium."},{"key":"e_1_3_2_1_46_1","unstructured":"Chris Bracco. 2023. HTML5 Test Page. https:\/\/github.com\/cbracco\/html5-testpage"},{"key":"e_1_3_2_1_47_1","volume-title":"Revisiting Mobile Advertising Threats with MAdLife. In The World Wide Web Conference.","author":"Chen Gong","year":"2019","unstructured":"Gong Chen, Wei Meng, and John Copeland. 2019. Revisiting Mobile Advertising Threats with MAdLife. In The World Wide Web Conference."},{"key":"e_1_3_2_1_48_1","volume":"201","author":"Denniss W.","unstructured":"W. Denniss and J. Bradley. 2017. OAuth 2.0 for Native Apps. https:\/\/datatracker. ietf.org\/doc\/html\/rfc8252","journal-title":"J. Bradley."},{"key":"e_1_3_2_1_49_1","unstructured":"Android Developers. 2023. App components. https:\/\/developer.android.com\/guide\/components\/fundamentals.html"},{"key":"e_1_3_2_1_50_1","unstructured":"Android Developers. 2023. UI\/Application Exerciser Monkey. https:\/\/developer. android.com\/studio\/test\/other-testing-tools\/monkey"},{"key":"e_1_3_2_1_51_1","unstructured":"Chrome Developers. 2023. Measuring User Engagement. https:\/\/developer. chrome.com\/docs\/android\/custom-tabs\/guide-engagement-signals"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Shuaike Dong Menghao Li Wenrui Diao Xiangyu Liu Jian Liu Zhou Li Fenghao Xu Kai Chen Xiaofeng Wang and Kehuan Zhang. 2018. Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild. In Security and Privacy in Communication Networks.","DOI":"10.1007\/978-3-030-01701-9_10"},{"key":"e_1_3_2_1_53_1","volume-title":"Cloaker Catcher: A Clientbased Cloaking Detection System. arXiv preprint arXiv:1710.01387","author":"Duan Ruian","year":"2017","unstructured":"Ruian Duan, Weiren Wang, and Wenke Lee. 2017. Cloaker Catcher: A Clientbased Cloaking Detection System. arXiv preprint arXiv:1710.01387 (2017)."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3577923.3583658"},{"key":"e_1_3_2_1_55_1","unstructured":"GitHub. 2023. android-customtabs. https:\/\/github.com\/saschpe\/androidcustomtabs"},{"key":"e_1_3_2_1_56_1","unstructured":"GitHub. 2023. owasp-masvs. https:\/\/github.com\/OWASP\/owasp-masvs"},{"key":"e_1_3_2_1_57_1","unstructured":"GitHub. 2023. skylot\/jadx. https:\/\/github.com\/skylot\/jadx"},{"key":"e_1_3_2_1_58_1","unstructured":"Google. 2023. Google Safe Browsing. https:\/\/safebrowsing.google.com"},{"key":"e_1_3_2_1_59_1","unstructured":"Google. 2023. NetLog: Chrome's network logging system. https:\/\/www.chromium. org\/developers\/design-documents\/network-stack\/netlog\/"},{"key":"e_1_3_2_1_60_1","unstructured":"Google. 2024. Web on Android. https:\/\/web.dev\/articles\/web-on-android."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238180"},{"key":"e_1_3_2_1_62_1","volume-title":"CHI Conference on Human Factors in Computing Systems.","author":"Hutton Hannah J","year":"2023","unstructured":"Hannah J Hutton and David A Ellis. 2023. Exploring User Motivations Behind iOS App Tracking Transparency Decisions. In CHI Conference on Human Factors in Computing Systems."},{"key":"e_1_3_2_1_63_1","unstructured":"Juspay. 2023. AmazonPay S2S Tokenised Flow. https:\/\/developer.juspay.in\/v5.1\/docs\/amazonpay-s2s-tokenised-flow"},{"key":"e_1_3_2_1_64_1","unstructured":"Nico Kokonas. 2023. Trace.js. https:\/\/gist.github.com\/nicoandmee\/ 62ecd1829d761fbed779dc3a3ba35c64"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3531146.3533116"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0079"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487857"},{"key":"e_1_3_2_1_68_1","unstructured":"IAB Tech Lab. 2023. Open Measurement SDK. https:\/\/iabtechlab.com\/standards\/open-measurement-sdk\/"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970368"},{"key":"e_1_3_2_1_70_1","volume-title":"Static Analysis of Android Apps: A Systematic Literature Review. Information and Software Technology","author":"Li Li","year":"2017","unstructured":"Li Li, Tegawend\u00e9 F Bissyand\u00e9, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Le Traon. 2017. Static Analysis of Android Apps: A Systematic Literature Review. Information and Software Technology (2017)."},{"key":"e_1_3_2_1_71_1","volume-title":"MadDroid: Characterizing and Detecting Devious Ad Contents for Android Apps. In The Web Conference.","author":"Liu Tianming","year":"2020","unstructured":"Tianming Liu, Haoyu Wang, Li Li, Xiapu Luo, Feng Dong, Yao Guo, Liu Wang, Tegawend\u00e9 Bissyand\u00e9, and Jacques Klein. 2020. MadDroid: Characterizing and Detecting Devious Ad Contents for Android Apps. In The Web Conference."},{"key":"e_1_3_2_1_72_1","volume-title":"Annual Computer Security Applications Conference.","author":"Luo Tongbo","year":"2011","unstructured":"Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin. 2011. Attacks on WebView in the Android system. In Annual Computer Security Applications Conference."},{"key":"e_1_3_2_1_73_1","volume-title":"Analysis of Payment Service Provider SDKs in Android. In Annual Computer Security Applications Conference.","author":"Mahmud Samin Yaseer","year":"2022","unstructured":"Samin Yaseer Mahmud, K Virgil English, Seaver Thorn, William Enck, Adam Oest, and Muhammad Saad. 2022. Analysis of Payment Service Provider SDKs in Android. In Annual Computer Security Applications Conference."},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER50967.2021.00044"},{"key":"e_1_3_2_1_75_1","unstructured":"Mozilla. 2023. Web APIs: MDN Web Docs. https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/API."},{"key":"e_1_3_2_1_76_1","volume-title":"Mobile Security Technologies Workshop.","author":"Mutchler Patrick","year":"2015","unstructured":"Patrick Mutchler, Adam Doup\u00e9, John Mitchell, Chris Kruegel, and Giovanni Vigna. 2015. A Large-Scale Study of MobileWeb App Security. In Mobile Security Technologies Workshop."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/2414456.2414498"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560665"},{"key":"e_1_3_2_1_79_1","volume-title":"Not Your Average App: A Large-scale Privacy Analysis of Android Browsers. In Privacy Enhancing Technologies Symposium.","author":"Pradeep Amogh","year":"2023","unstructured":"Amogh Pradeep, \u00c1lvaro Feal, Julien Gamba, Ashwin Rao, Martina Lindorfer, Narseo Vallina-Rodriguez, David Choffnes, et al. 2023. Not Your Average App: A Large-scale Privacy Analysis of Android Browsers. In Privacy Enhancing Technologies Symposium."},{"key":"e_1_3_2_1_80_1","unstructured":"PyPI. 2023. javalang. https:\/\/pypi.org\/project\/javalang\/"},{"key":"e_1_3_2_1_81_1","volume-title":"Duc Linh Giang Nguyen, Muhammad Ikram, Gareth Tyson, and Mohamed Ali Kaafar.","author":"Qayyum Hina","year":"2022","unstructured":"Hina Qayyum, Muhammad Salman, I Wayan Budi Sentana, Duc Linh Giang Nguyen, Muhammad Ikram, Gareth Tyson, and Mohamed Ali Kaafar. 2022. A First Look at Android Apps? Third-Party Resources Loading. In Network and System Security."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"crossref","unstructured":"Claudio Rizzo Lorenzo Cavallaro and Johannes Kinder. 2018. BabelView: Evaluating the Impact of Code Injection Attacks in MobileWebviews. In Research in Attacks Intrusions and Defenses.","DOI":"10.1007\/978-3-030-00470-5_2"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/3517745.3561444"},{"key":"e_1_3_2_1_84_1","unstructured":"secure-software engineering\/FlowDroid. 2018. Analysis does not finish. https: \/\/github.com\/secure-software-engineering\/FlowDroid\/issues\/27"},{"key":"e_1_3_2_1_85_1","volume-title":"USENIX Security Symposium.","author":"Shekhar Shashi","year":"2012","unstructured":"Shashi Shekhar, Michael Dietz, and Dan S Wallach. 2012. AdSplit: Separating smartphone advertising from applications. In USENIX Security Symposium."},{"key":"e_1_3_2_1_86_1","volume-title":"What Mobile Ads Know About Mobile Users. In Network and Distributed System Security Symposium.","author":"Son Sooel","year":"2016","unstructured":"Sooel Son, Daehyeok Kim, and Vitaly Shmatikov. 2016. What Mobile Ads Know About Mobile Users. In Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238221"},{"key":"e_1_3_2_1_88_1","volume-title":"LUDroid: A Large Scale Analysis of Android - Web Hybridization. In International Working Conference on Source Code Analysis and Manipulation.","author":"Tiwari Abhishek","year":"2019","unstructured":"Abhishek Tiwari, Jyoti Prakash, Sascha Gro\u00df, and Christian Hammer. 2019. LUDroid: A Large Scale Analysis of Android - Web Hybridization. In International Working Conference on Source Code Analysis and Manipulation."},{"key":"e_1_3_2_1_89_1","volume-title":"A Large Scale Analysis of Android ' Web Hybridization. Journal of Systems and Software","author":"Tiwari Abhishek","year":"2020","unstructured":"Abhishek Tiwari, Jyoti Prakash, Sascha Gross, and Christian Hammer. 2020. A Large Scale Analysis of Android ' Web Hybridization. Journal of Systems and Software (2020)."},{"key":"e_1_3_2_1_90_1","volume-title":"Our fingerprints don't fade from the Apps we touch: Fingerprinting the Android WebView. arXiv preprint arXiv:2208.01968","author":"Tiwari Abhishek","year":"2022","unstructured":"Abhishek Tiwari, Jyoti Prakash, Alimerdan Rahimov, and Christian Hammer. 2022. Our fingerprints don't fade from the Apps we touch: Fingerprinting the Android WebView. arXiv preprint arXiv:2208.01968 (2022)."},{"key":"e_1_3_2_1_91_1","volume-title":"Understanding the Impact of Fingerprinting in Android Hybrid Apps. In International Conference on Mobile Software Engineering and Systems.","author":"Tiwari Abhishek","year":"2023","unstructured":"Abhishek Tiwari, Jyoti Prakash, Alimerdan Rahimov, and Christian Hammer. 2023. Understanding the Impact of Fingerprinting in Android Hybrid Apps. In International Conference on Mobile Software Engineering and Systems."},{"key":"e_1_3_2_1_92_1","volume-title":"Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. In ACM Conference on Computer and Communications Security.","author":"Tuncay Guliz Seray","year":"2016","unstructured":"Guliz Seray Tuncay, Soteris Demetriou, and Carl A Gunter. 2016. Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. In ACM Conference on Computer and Communications Security."},{"key":"e_1_3_2_1_93_1","volume-title":"Misfits: An Analysis of Domain Classification Services. In ACM Internet Measurement Conference.","author":"Vallina Pelayo","year":"2020","unstructured":"Pelayo Vallina, Victor Le Pochat, \u00c1lvaro Feal, Marius Paraschiv, Julien Gamba, Tim Burke, Oliver Hohlfeld, Juan Tapiador, and Narseo Vallina-Rodriguez. 2020. Mis-shapes, Mistakes, Misfits: An Analysis of Domain Classification Services. In ACM Internet Measurement Conference."},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1145\/2931021.2931026"},{"key":"e_1_3_2_1_95_1","volume-title":"Automated Generation of Event-Oriented Exploits in Android Hybrid Apps. In Network and Distributed System Security Symposium.","author":"Yang Guangliang","year":"2018","unstructured":"Guangliang Yang and Jeff Huang. 2018. Automated Generation of Event-Oriented Exploits in Android Hybrid Apps. In Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_96_1","volume-title":"Iframes\/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities. In USENIX Security Symposium.","author":"Yang Guangliang","year":"2019","unstructured":"Guangliang Yang, Jeff Huang, and Guofei Gu. 2019. Iframes\/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities. In USENIX Security Symposium."},{"key":"e_1_3_2_1_97_1","doi-asserted-by":"crossref","unstructured":"Guangliang Yang Abner Mendoza Jialong Zhang and Guofei Gu. 2017. Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps. In Research in Attacks Intrusions and Defenses.","DOI":"10.1007\/978-3-319-66332-6_7"},{"key":"e_1_3_2_1_98_1","volume-title":"Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In USENIX Security Symposium.","author":"Zhang Lei","year":"2022","unstructured":"Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, and Min Yang. 2022. Identity Confusion in WebView-based Mobile App-in-app Ecosystems. In USENIX Security Symposium."},{"key":"e_1_3_2_1_99_1","volume-title":"Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective. In IEEE Symposium on Security and Privacy.","author":"Zhang Xiaohan","year":"2023","unstructured":"Xiaohan Zhang, Haoqi Ye, Ziqi Huang, Xiao Ye, Yinzhi Cao, Yuan Zhang, and Min Yang. 2023. Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_100_1","volume-title":"An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications. In USENIX Security Symposium.","author":"Zhang Xiaohan","year":"2018","unstructured":"Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang, Xiaofeng Wang, Long Lu, and Haixin Duan. 2018. An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications. In USENIX Security Symposium."},{"key":"e_1_3_2_1_101_1","volume-title":"On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps. In International Symposium on Research in Attacks, Intrusions and Defenses.","author":"Zhang Zicheng","year":"2021","unstructured":"Zicheng Zhang. 2021. On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps. In International Symposium on Research in Attacks, Intrusions and Defenses."},{"key":"e_1_3_2_1_102_1","volume-title":"TrustedDomain Compromise Attack in App-in-app Ecosystems. In ACM Workshop on Secure and Trustworthy Superapps.","author":"Zhang Zhibo","year":"2023","unstructured":"Zhibo Zhang, Zhangyue Zhang, Keke Lian, Guangliang Yang, Lei Zhang, Yuan Zhang, and Min Yang. 2023. TrustedDomain Compromise Attack in App-in-app Ecosystems. In ACM Workshop on Secure and Trustworthy Superapps."}],"event":{"name":"IMC '24: ACM Internet Measurement Conference","location":"Madrid Spain","acronym":"IMC '24","sponsor":["SIGMETRICS ACM Special Interest Group on Measurement and Evaluation","SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 2024 ACM on Internet Measurement Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3646547.3688405","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3646547.3688405","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T11:48:43Z","timestamp":1755863323000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3646547.3688405"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,4]]},"references-count":102,"alternative-id":["10.1145\/3646547.3688405","10.1145\/3646547"],"URL":"https:\/\/doi.org\/10.1145\/3646547.3688405","relation":{},"subject":[],"published":{"date-parts":[[2024,11,4]]},"assertion":[{"value":"2024-11-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}