{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T19:10:03Z","timestamp":1755976203355,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T00:00:00Z","timestamp":1748995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,4]]},"DOI":"10.1145\/3716816.3727972","type":"proceedings-article","created":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T18:36:12Z","timestamp":1749062172000},"page":"32-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["PendingMutent: An Authorization Framework for Preventing PendingIntent Attacks in Android-based Mobile Cyber-Physical Systems"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1085-4005","authenticated-orcid":false,"given":"Pradeep Kumar","family":"Duraisamy Soundrapandian","sequence":"first","affiliation":[{"name":"Vellore Institute of Technology, Chennai, Tamilnadu, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8931-6412","authenticated-orcid":false,"given":"Carlos","family":"Rubio-Medrano","sequence":"additional","affiliation":[{"name":"Texas A&M University - Corpus Christi, Corpus Christi, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8588-3524","authenticated-orcid":false,"given":"Jaejong","family":"Baek","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, AZ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6850-9423","authenticated-orcid":false,"given":"Geetha","family":"S","sequence":"additional","affiliation":[{"name":"Vellore Institute of Technology, Chennai, Tamilnadu, India"}]}],"member":"320","published-online":{"date-parts":[[2025,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"40th ICSE","author":"Alireza Sadeghi","year":"2018","unstructured":"Alireza Sadeghi et. al. 2018. A temporal permission analysis and enforcement framework for android. In 40th ICSE, (2018)."},{"key":"e_1_3_2_1_2_1","unstructured":"Android 14 Beta. 2024. https:\/\/developer.android.com\/reference\/android\/app\/PendingIntent#FLAG_ALLOW_UNSAFE_IMPLICIT_INTENT"},{"key":"e_1_3_2_1_3_1","volume-title":"Define a custom app permission","author":"Android","year":"2024","unstructured":"Android: Define a custom app permission. 2024. https:\/\/developer.android.com\/guide\/topics\/permissions\/defining Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_4_1","unstructured":"Android Developers Docs Guides <manifest>. 2024. https:\/\/developer.android.com\/guide\/topics\/manifest\/manifest-element#uid Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_5_1","unstructured":"AndroZoo. 2024. https:\/\/androzoo.uni.lu\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_6_1","unstructured":"L\u00ea Van Anh. [n.d.]. Alarm. https:\/\/github.com\/leanh153\/Android-Alarm Accessed: 16-Sep-24."},{"key":"e_1_3_2_1_7_1","unstructured":"Replay attack. 2024. https:\/\/en.wikipedia.org\/wiki\/Replay_attack Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_8_1","volume-title":"MOBILESoft.","author":"Biniam Fisseha","year":"2018","unstructured":"Biniam Fisseha Demissie et.al. 2018. Anflo: detecting anomalous sensitive information flows in android apps. In MOBILESoft. (2018)."},{"key":"e_1_3_2_1_9_1","volume-title":"Empirical Software Engineering.","author":"Biniam Fisseha","year":"2020","unstructured":"Biniam Fisseha Demissie et.al. 2020. Security analysis of permission re-delegation vulnerabilities in android apps. In Empirical Software Engineering. (2020)."},{"key":"e_1_3_2_1_10_1","unstructured":"PendingIntent Cancel. [n. d.]. https:\/\/developer.android.com\/reference\/android\/app\/PendingIntent#cancel() Accessed: 25-Mar-24."},{"key":"e_1_3_2_1_11_1","volume-title":"Number of available applications in the Google Play Store from","author":"Ceci Laura","year":"2017","unstructured":"Laura Ceci. 2024. Number of available applications in the Google Play Store from March 2017 to June 2024. https:\/\/www.statista.com\/statistics\/266210\/number-of-available-applications-in-the-google-play-store\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45337-7_4"},{"key":"e_1_3_2_1_13_1","unstructured":"APK Combo. 2024. https:\/\/apkcombo.com\/"},{"key":"e_1_3_2_1_14_1","unstructured":"Android custom push notification layouts. 2024. https:\/\/github.com\/WebEngage\/android-custom-push-layouts Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_15_1","unstructured":"CVE-2014-8609. 2024. Android Settings application privilege leakage. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-8609\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_16_1","unstructured":"CVE-2020-4100. 2024. Android dynamic code loading. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-4100\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_17_1","unstructured":"CVE-2021-25352. [n.d.]. Using PendingIntent with implicit intent. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-25352 Accessed: 16-Sep-24."},{"key":"e_1_3_2_1_18_1","unstructured":"CVE-2021-25364. [n.d.]. A pendingIntent hijacking vulnerability. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-25364 Accessed: 16-Sep-24."},{"key":"e_1_3_2_1_19_1","unstructured":"CVE-2022-22285. [n.d.]. Execute privileged action. https:\/\/www.cvedetails.com\/cve\/CVE-2022-22285\/ Accessed: 16-Sep-24."},{"key":"e_1_3_2_1_20_1","unstructured":"CVE-2022-22286. [n.d.]. Execute privileged action. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-22286 Accessed: 16-Sep-24."},{"key":"e_1_3_2_1_21_1","unstructured":"CVE-2023-20950. 2024. Bypass background activity via a pendingIntent. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20950 Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_22_1","unstructured":"CVE-2023-20962. 2024. Start foreground activity via unsafe PendingIntent. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20962 Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_23_1","unstructured":"CVE-2023-35676. 2024. Trigger a background activity launch due to an unsafe PendingIntent. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-35676"},{"key":"e_1_3_2_1_24_1","unstructured":"CVE-2023-42471. 2024. Remote attacker executing arbitrary JavaScript code via a crafted intent. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-42471\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_25_1","unstructured":"Andro-AutoPsy Dataset. 2024. Andro-AutoPsy Dataset. https:\/\/ocslab.hksecurity.net\/andro-autopsy Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3197231.3197241"},{"key":"e_1_3_2_1_27_1","volume-title":"Rubio-Medrano et.al","author":"Carlos","year":"2023","unstructured":"Carlos E. Rubio-Medrano et.al. 2023. DyPolDroid: Protecting Against Permission-Abuse Attacks in Android. Information Systems Frontiers, (2023)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3507657.3528555"},{"key":"e_1_3_2_1_29_1","volume-title":"9th MobiSys.","author":"Erika Chin","year":"2011","unstructured":"Erika Chin et.al. 2011a. Analyzing inter-application communication in android. In 9th MobiSys. (2011)."},{"key":"e_1_3_2_1_30_1","volume-title":"USENIX Symposium","author":"Felt A P","year":"2011","unstructured":"Felt A P et.al. 2011b. Permission re-delegation: Attacks and defenses. In USENIX Symposium (2011)."},{"key":"e_1_3_2_1_31_1","volume-title":"ACM CCS'14","author":"Fengguo Wei","year":"2014","unstructured":"Fengguo Wei et.al. 2014a. Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In ACM CCS'14. (2014)."},{"key":"e_1_3_2_1_32_1","volume-title":"Myers et.al","author":"Glenford","year":"2015","unstructured":"Glenford J. Myers et.al. 2015a. The Art of Software Testing, 3rd Edition. Wiley Publishing. ISBN: 978-1-119-20248-6. (2015).","edition":"3"},{"key":"e_1_3_2_1_33_1","volume-title":"Raicc: Revealing atypical inter-component communication in android apps. In 43rd ICSE","author":"Jordan Samhi","year":"2021","unstructured":"Jordan Samhi et.al. 2021a. Raicc: Revealing atypical inter-component communication in android apps. In 43rd ICSE, IEEE\/ACM, (2021)."},{"key":"e_1_3_2_1_34_1","volume-title":"AndroZoo: Collecting Millions of Android Apps for the Research Community. In ACM 13th MSR'16.","author":"Kevin Allix","year":"2016","unstructured":"Kevin Allix et.al. 2016. AndroZoo: Collecting Millions of Android Apps for the Research Community. In ACM 13th MSR'16. (2016)."},{"key":"e_1_3_2_1_35_1","volume-title":"ESORICS.","author":"Limin Jia","year":"2013","unstructured":"Limin Jia et.al. 2013. Run-time enforcement of information-flow properties on android. In ESORICS. (2013)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"e_1_3_2_1_37_1","volume-title":"ACM CCS.","author":"Long Lu","year":"2018","unstructured":"Long Lu et.al. 2018b. Chex: statically vetting android apps for component hijacking vulnerabilities. In ACM CCS. (2018)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238207"},{"key":"e_1_3_2_1_39_1","volume-title":"30th ASE'15","author":"Paulo Barros","year":"2015","unstructured":"Paulo Barros et.al. 2015c. Static analysis of implicit control flow: Resolving java reflection and android intents. In 30th ASE'15. (2015)."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218126622502243"},{"key":"e_1_3_2_1_41_1","volume-title":"Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts. In l HICSS'54.","author":"Pradeepkumar D S","year":"2021","unstructured":"Pradeepkumar D S et.al. 2021b. Mutent: Dynamic android intent protection with ownership-based key distribution and security contracts. In l HICSS'54. (2021)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_3_2_1_43_1","volume-title":"Towards Taming Privilege-Escalation Attacks on Android. In NDSS'12","author":"Sven Bugiel","year":"2012","unstructured":"Sven Bugiel et.al. 2012. Towards Taming Privilege-Escalation Attacks on Android. In NDSS'12. (2012)."},{"key":"e_1_3_2_1_44_1","volume-title":"Pianalyzer: A precise approach for pendingintent vulnerability analysis. In In ESORICS.","author":"Sascha Gro\u00df","year":"2018","unstructured":"Sascha Gro\u00df et.al. 2018d. Pianalyzer: A precise approach for pendingintent vulnerability analysis. In In ESORICS. (2018)."},{"key":"e_1_3_2_1_45_1","volume-title":"Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations. Forensic Science International: Digital Investigation","author":"Xiaolu Zhang","year":"2021","unstructured":"Xiaolu Zhang et.al. 2021c. Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations. Forensic Science International: Digital Investigation (2021)."},{"key":"e_1_3_2_1_46_1","volume-title":"39th ICSE","author":"Youn Kyu","year":"2017","unstructured":"Youn Kyu Lee et.al. 2017. A sealant for inter-app security holes in android. In 39th ICSE, (2017)."},{"key":"e_1_3_2_1_47_1","unstructured":"Exposure Notifications. 2024. https:\/\/www.google.com\/intl\/en_us\/covid19\/exposurenotifications\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_48_1","unstructured":"Jaison Fernando. [n.d.]. Notification. https:\/\/github.com\/jaisonfdo\/NotificationExample Accessed: 02-Nov-24."},{"key":"e_1_3_2_1_49_1","volume-title":"International Journal of Agricultural Science","author":"Moskvins Genadijs","year":"2022","unstructured":"Genadijs Moskvins. 2022. On Intelligent Sensors and Internet of Things Based Cyber-Physical System for Consumer Protection. In International Journal of Agricultural Science (2022)."},{"key":"e_1_3_2_1_50_1","unstructured":"Google Play ARM 64 v8a System Image. 2024. https:\/\/developer.android.com\/about\/versions\/14\/get Accessed: 24-Mar-24."},{"volume-title":"Mobile Cyber Physical Systems: Current Challenges and Future Networking Applications","year":"2018","key":"e_1_3_2_1_51_1","unstructured":"et.al. Guo, Yanxiang. 2018. Mobile Cyber Physical Systems: Current Challenges and Future Networking Applications. IEEE Access (2018)."},{"key":"e_1_3_2_1_52_1","unstructured":"Android Common intents. 2024. https:\/\/developer.android.com\/guide\/components\/intents-common\/ Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_53_1","unstructured":"Hongqi Wu. Jice Wang. 2018. Android Inter-App Communication Threats Solutions and Challenges. (2018). https:\/\/arxiv.org\/abs\/1803.05039"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065023"},{"volume-title":"A Threat to Mobile Cyber-Physical Systems: Sensor-Based Privacy Theft Attacks on Android Smartphones","author":"al Lei Lingguang","key":"e_1_3_2_1_55_1","unstructured":"Lingguang et.al Lei. 2013. A Threat to Mobile Cyber-Physical Systems: Sensor-Based Privacy Theft Attacks on Android Smartphones. In IEEE TrustCom'13."},{"key":"e_1_3_2_1_56_1","volume-title":"Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems","author":"al Ma Haoyu","year":"2021","unstructured":"Haoyu et.al Ma. 2021. Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems. IEEE Transactions on Industrial Informatics (2021)."},{"key":"e_1_3_2_1_57_1","unstructured":"Akash Manna. 2024. Keynotes. https:\/\/github.com\/akash2099\/KeepNotes-AndroidApp Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_58_1","volume-title":"Culebra: Ready-to-execute scripts for black box testing. https:\/\/github.com\/dtmilano\/AndroidViewClient\/wiki\/culebra","author":"Milano Diego Torres","year":"2024","unstructured":"Diego Torres Milano. 2024. Culebra: Ready-to-execute scripts for black box testing. https:\/\/github.com\/dtmilano\/AndroidViewClient\/wiki\/culebra"},{"key":"e_1_3_2_1_59_1","volume-title":"https:\/\/www.apkmirror.com\/","author":"Mirror APK","year":"2024","unstructured":"APK Mirror. 2024. (2024). https:\/\/www.apkmirror.com\/"},{"key":"e_1_3_2_1_60_1","unstructured":"Outbreaks Near Me. 2024. https:\/\/outbreaksnearme.org\/us\/en-US Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_61_1","unstructured":"Fernando Ruiz. [n.d.]. SpyLoan: A Global Threat Exploiting Social Engineering. https:\/\/tinyurl.com\/5n95un2f Accessed: 20-Feb-25."},{"key":"e_1_3_2_1_62_1","unstructured":"Application Sandbox. 2024. https:\/\/source.android.com\/docs\/security\/app-sandbox Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_63_1","volume-title":"obfuscate, and optimize your app","author":"Shrink","year":"2024","unstructured":"Shrink, obfuscate, and optimize your app. 2024. https:\/\/developer.android.com\/build\/shrink-code Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Latika Singh and Markus Hofmann. 2017. Dynamic behavior analysis of android applications for malware detection. In 2017 ICCT.","DOI":"10.1109\/INTELCCT.2017.8324010"},{"key":"e_1_3_2_1_65_1","unstructured":"Maddie Stone. 2019. Securing the system: A deep dive into reversing android pre-installed apps."},{"key":"e_1_3_2_1_66_1","unstructured":"Deloitte Survey. 2024. https:\/\/www2.deloitte.com\/us\/en\/pages\/consumer-business\/articles\/retail-recession.html Accessed: 01-Nov-24."},{"key":"e_1_3_2_1_67_1","volume-title":"Journal of Digital Investigation.","author":"Jae","year":"2015","unstructured":"Jae wook Jang et.al. 2015. Andro-AutoPsy: Anti-malware system based on similarity matching of malware and malware creator-centric information,. In Journal of Digital Investigation. (2015)."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2741948.2741966"}],"event":{"name":"CODASPY '25: Fifteenth ACM Conference on Data and Application Security and Privacy","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Pittsburgh PA USA","acronym":"CODASPY '25"},"container-title":["Proceedings of the 2025 ACM Workshop on Secure and Trustworthy Cyber-physical Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3716816.3727972","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3716816.3727972","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T18:33:15Z","timestamp":1755973995000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3716816.3727972"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,4]]},"references-count":68,"alternative-id":["10.1145\/3716816.3727972","10.1145\/3716816"],"URL":"https:\/\/doi.org\/10.1145\/3716816.3727972","relation":{},"subject":[],"published":{"date-parts":[[2025,6,4]]},"assertion":[{"value":"2025-06-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}