{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:32:18Z","timestamp":1766442738601,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62572209, 62502168"],"award-info":[{"award-number":["62572209, 62502168"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Hubei Provincial Key Research and Development Program","award":["2025BAB057"],"award-info":[{"award-number":["2025BAB057"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765034","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:42:02Z","timestamp":1763854922000},"page":"2683-2698","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Parcel Mismatch Demystified: Addressing a Decade-Old Security Challenge in Android"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-1532-1636","authenticated-orcid":false,"given":"Sheng","family":"Cao","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8890-9208","authenticated-orcid":false,"given":"Hao","family":"Zhou","sequence":"additional","affiliation":[{"name":"The Hong Kong Polytechnic University, Hong Kong, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-8764-0582","authenticated-orcid":false,"given":"Songzhou","family":"Shi","sequence":"additional","affiliation":[{"name":"Guangdong Baiyun University, Guangzhou, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8793-5367","authenticated-orcid":false,"given":"Yanjie","family":"Zhao","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Black Hat Europe","author":"Ke Hao","year":"2022","unstructured":"Hao Ke, Bernardo Rufino, Yang Yang, and Maria Uretsky. 2022. Android parcels: the bad, the good and the betterintroducing android's safer parcel. In Black Hat Europe 2022. London, UK."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER60148.2024.00032"},{"key":"e_1_3_2_1_3_1","unstructured":"davincifans101. 2023. Analysis report of pdd backdoors. Accessed: 2025-04--11. (2023). https:\/\/github.com\/davincifans101\/pinduoduo%5C_backdoor%5C_det ailed%5C_report."},{"key":"e_1_3_2_1_4_1","unstructured":"Sarah Zheng and Vlad Savov. 2023. Google suspends pinduoduo after finding malware in versions. Accessed: 2025-04--11. (2023). https:\/\/www.bloomberg.co m\/news\/articles\/2023-03--21\/google-suspends-pdd-s-main-app-after-findin g-malware-in-versions."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00017"},{"key":"e_1_3_2_1_6_1","unstructured":"Android Open Source Project. 2025. Checkkeyintentparceledcorrectly patch in accountmanagerservice.java. Accessed: 2025-04--11. (2025). https:\/\/cs.android.com\/android\/platform\/superproject\/main\/\/main:frameworks\/base\/services \/core\/java\/com\/android\/server\/accounts\/AccountManagerService.java;l=5140?q=checkKeyIntentParceledCorrectly."},{"key":"e_1_3_2_1_7_1","volume-title":"The Free Encyclopedia. Accessed: 2025-04--11. (Feb","author":"Emui Wikipedia","year":"2025","unstructured":"Wikipedia contributors. 2025. Emui. Wikipedia, The Free Encyclopedia. Accessed: 2025-04--11. (Feb. 2025)."},{"key":"e_1_3_2_1_8_1","volume-title":"Cve-2024--49721: parcel mismatch in inputmethodsubtypearray. Android Security Bulletin. Accessed: 2025-04--11. (Feb","author":"Source Project Android Open","year":"2024","unstructured":"Android Open Source Project. 2024. Cve-2024--49721: parcel mismatch in inputmethodsubtypearray. Android Security Bulletin. Accessed: 2025-04--11. (Feb. 2024). https:\/\/source.android.com\/security\/bulletin\/2025-02-01."},{"key":"e_1_3_2_1_9_1","unstructured":"Android Open Source Project. 2025. Android Open Source Project. Accessed: 2025-04--14. (2025). https:\/\/source.android.com\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Michal Bednarski. 2023. Looking for your suggestions - issue #4. Accessed: 2025-04--11. (2023). https:\/\/github.com\/michalbednarski\/ReparcelBug2\/issues\/4."},{"key":"e_1_3_2_1_11_1","volume-title":"Cve-2024--43080: elevation of privilege due to unsafe deserialization in apprestrictionsfragment. Android Security Bulletin. Accessed: 2025-04--11. (Nov","author":"Source Project Android Open","year":"2024","unstructured":"Android Open Source Project. 2024. Cve-2024--43080: elevation of privilege due to unsafe deserialization in apprestrictionsfragment. Android Security Bulletin. Accessed: 2025-04--11. (Nov. 2024). https:\/\/source.android.com\/docs\/security\/b ulletin\/2024--11-01."},{"key":"e_1_3_2_1_12_1","volume-title":"Cve-2024--49744: bypass intent type check inside accountmanagerservice via bundle mismatch. Android Security Bulletin. Accessed: 2025-04--11. (Jan","author":"Source Project Android Open","year":"2025","unstructured":"Android Open Source Project. 2025. Cve-2024--49744: bypass intent type check inside accountmanagerservice via bundle mismatch. Android Security Bulletin. Accessed: 2025-04--11. (Jan. 2025). https:\/\/source.android.com\/docs\/security\/bu lletin\/2025-01-01."},{"key":"e_1_3_2_1_13_1","unstructured":"Huawei Security Team. 2025. Cve-2025--31175: deserialization mismatch vulnerability in the dsoftbus module. Huawei Acknowledgment Page. Accessed: 2025-04--11. (2025). https:\/\/consumer.huawei.com\/en\/support\/acknowledgment \/."},{"key":"e_1_3_2_1_14_1","volume-title":"Cve-2025--32312: unsafe deserialization in createintentslist of packageparser. Android Security Bulletin. Accessed: 2025- 04--11. (Nov","author":"Source Project Android Open","year":"2024","unstructured":"Android Open Source Project. 2024. Cve-2025--32312: unsafe deserialization in createintentslist of packageparser. Android Security Bulletin. Accessed: 2025- 04--11. (Nov. 2024). https:\/\/source.android.com\/docs\/security\/bulletin\/2025-06- 01."},{"key":"e_1_3_2_1_15_1","volume-title":"Cve-2025--48535: launchanywhere vulnerability in apprestrictionsfragment.java. Android Security Bulletin. Accessed: 2025-09-03. (Sept","author":"Source Project Android Open","year":"2025","unstructured":"Android Open Source Project. 2025. Cve-2025--48535: launchanywhere vulnerability in apprestrictionsfragment.java. Android Security Bulletin. Accessed: 2025-09-03. (Sept. 2025). https:\/\/source.android.com\/docs\/security\/bulletin\/202 5-09-01."},{"key":"e_1_3_2_1_16_1","unstructured":"Android Developers. 2023. Parcel. Accessed: 2025-04--11. (2023). https:\/\/develo per.android.com\/reference\/android\/os\/Parcel."},{"key":"e_1_3_2_1_17_1","unstructured":"Android Developers. 2023. Parcelable. Accessed: 2025-04--11. (2023). https:\/\/dev eloper.android.com\/reference\/android\/os\/Parcelable."},{"key":"e_1_3_2_1_18_1","unstructured":"Michal Bednarski. 2018. Reparcelbug. Accessed: 2025-04--11. (2018). https:\/\/gith ub.com\/michalbednarski\/ReparcelBug."},{"key":"e_1_3_2_1_19_1","unstructured":"Android Open Source Project. 2017. Cve-2017-0806: parcel mismatch in gatekeeperresponse. Android Security Bulletin. Accessed: 2025-04--11. (2017). https: \/\/source.android.com\/docs\/security\/bulletin\/2017--10-01."},{"key":"e_1_3_2_1_20_1","volume-title":"Cve-2023--21098: bypass intent validation in accountmanagerservice through packageparser\/pooledstringwriter. Android Security Bulletin. Accessed: 2025-04--11. (Apr","author":"Source Project Android Open","year":"2023","unstructured":"Android Open Source Project. 2023. Cve-2023--21098: bypass intent validation in accountmanagerservice through packageparser\/pooledstringwriter. Android Security Bulletin. Accessed: 2025-04--11. (Apr. 2023). https:\/\/source.android.co m\/docs\/security\/bulletin\/2023-04-01."},{"key":"e_1_3_2_1_21_1","volume-title":"Cve-2023--21131: unsafe intent flag bypass in accountmanagerservice. Android Security Bulletin. Accessed: 2025-04--11. (June","author":"Source Project Android Open","year":"2023","unstructured":"Android Open Source Project. 2023. Cve-2023--21131: unsafe intent flag bypass in accountmanagerservice. Android Security Bulletin. Accessed: 2025-04--11. (June 2023). https:\/\/source.android.com\/docs\/security\/bulletin\/2023-06-01."},{"key":"e_1_3_2_1_22_1","volume-title":"Cve-2023--35669: control activityoptions via accountmanager#removeaccountasuser due to unsafe deserialization. Android Security Bulletin. Accessed: 2025-04--11. (Sept","author":"Source Project Android Open","year":"2023","unstructured":"Android Open Source Project. 2023. Cve-2023--35669: control activityoptions via accountmanager#removeaccountasuser due to unsafe deserialization. Android Security Bulletin. Accessed: 2025-04--11. (Sept. 2023). https:\/\/source.android.co m\/docs\/security\/bulletin\/2023-09-01."},{"key":"e_1_3_2_1_23_1","volume-title":"Cve-2024--31316: launch anywhere bellow android t even on latest android security patch. Android Security Bulletin. Accessed: 2025-04--11. (June","author":"Source Project Android Open","year":"2024","unstructured":"Android Open Source Project. 2024. Cve-2024--31316: launch anywhere bellow android t even on latest android security patch. Android Security Bulletin. Accessed: 2025-04--11. (June 2024). https:\/\/source.android.com\/security\/bulleti n\/2024-06-01."},{"key":"e_1_3_2_1_24_1","unstructured":"Android Open Source Project. 2025. Code lines in parcel.java related to length handling compromise. Accessed: 2025-04--12. (2025). https:\/\/cs.android.com\/an droid\/platform\/superproject\/main\/\/main:frameworks\/base\/core\/java\/andro id\/os\/Parcel.java;l=4501--4505;drc=4d6b008243a5b1b1fb4e725e37e14651a24a4 a4d."},{"key":"e_1_3_2_1_25_1","volume-title":"Cve-2023--45777: account manager service. check key intent parceledcorrectly update reverts protection against writein- create from parcel. Android Security Bulletin. Accessed: 2025-04--11. (Dec","author":"Source Project Android Open","year":"2023","unstructured":"Android Open Source Project. 2023. Cve-2023--45777: account manager service. check key intent parceledcorrectly update reverts protection against writein- create from parcel. Android Security Bulletin. Accessed: 2025-04--11. (Dec. 2023). https:\/\/source.android.com\/docs\/security\/bulletin\/2023--12-01."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243843"},{"key":"e_1_3_2_1_27_1","volume-title":"29th USENIX Security Symposium (USENIX Security, 307--323","author":"Liu Baozheng","year":"2020","unstructured":"Baozheng Liu, Chao Zhang, Guang Gong, Yishun Zeng, Haifeng Ruan, and Jianwei Zhuge. 2020. {Fans}: fuzzing android native system services via automated interface analysis. In 29th USENIX Security Symposium (USENIX Security, 307--323."},{"key":"e_1_3_2_1_28_1","volume-title":"Zhuoqing Morley Mao, Jason Ott, and Zhiyun Qian.","author":"Shao Yuru","year":"2016","unstructured":"Yuru Shao, Qi Alfred Chen, Zhuoqing Morley Mao, Jason Ott, and Zhiyun Qian. 2016. Kratos: discovering inconsistent security policy enforcement in the android framework. In NDSS."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243842"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2322867"},{"volume-title":"25th USENIX security symposium (USENIX security 16), 1101--1118.","author":"Backes Michael","key":"e_1_3_2_1_32_1","unstructured":"Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber. 2016. On demystifying the android application framework:{re-visiting} android permission specification analysis. In 25th USENIX security symposium (USENIX security 16), 1101--1118."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054795"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549142"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Abdallah Dawoud and Sven Bugiel. 2021. Bringing balance to the force: dynamic analysis of the android application framework. Bringing balance to the force: dynamic analysis of the android application framework.","DOI":"10.14722\/ndss.2021.23106"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678843"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Yousra Aafer Jianjun Huang Yi Sun Xiangyu Zhang Ninghui Li and Chen Tian. 2018. Acedroid: normalizing diverse android access control checks for inconsistency detection. In NDSS.","DOI":"10.14722\/ndss.2018.23121"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3292006.3300023"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.23166"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560710"},{"key":"e_1_3_2_1_41_1","unstructured":"Android Developers. 2025. Android.os.binder#attachinterface. Accessed: 2025- 04--14. (2025). https:\/\/developer.android.com\/reference\/android\/os\/Binder#atta chInterface(android.os.IInterface %20java.lang.String)."},{"key":"e_1_3_2_1_42_1","unstructured":"Android Developers. 2025. Android.os.binder#querylocalinterface. Accessed: 2025-04--14. (2025). https:\/\/developer.android.com\/reference\/android\/os\/Binde r#queryLocalInterface(java.lang.String)."},{"key":"e_1_3_2_1_43_1","unstructured":"Android Developers. 2025. Android.os.ibinder. Accessed: 2025-04--14. (2025). https:\/\/developer.android.com\/reference\/android\/os\/IBinder)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250767"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133926"},{"key":"e_1_3_2_1_46_1","volume-title":"CC 2000 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2000 Berlin, Germany, March 25--April 2","author":"Vall\u00e9e-Rai Raja","year":"2000","unstructured":"Raja Vall\u00e9e-Rai, Etienne Gagnon, Laurie Hendren, Patrick Lam, Patrice Pominville, and Vijay Sundaresan. 2000. Optimizing java bytecode using the soot framework: is it feasible? In Compiler Construction: 9th International Conference, CC 2000 Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2000 Berlin, Germany, March 25--April 2, 2000 Proceedings 9. Springer, 18--34."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1925805.1925818"},{"key":"e_1_3_2_1_48_1","unstructured":"ByteDance. 2025. Appshark: a static taint analysis platform to scan vulnerabilities in an android app. Accessed: 2025-04--13. (2025). https:\/\/github.com\/bytedance\/appshark\/."},{"key":"e_1_3_2_1_49_1","volume-title":"Damien Octeau, and Patrick McDaniel.","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM sigplan notices, 49, 6, 259--269."},{"key":"e_1_3_2_1_50_1","unstructured":"Google. 2025. Android open source vulnerability database. Accessed: 2025-04- 11. (2025). https:\/\/osv.dev\/list?q=&ecosystem=Android."},{"key":"e_1_3_2_1_51_1","unstructured":"Android Open Source Project. 2022. Cve-2020-0338: improper intentigrateextrastreamtoclipdata() leads for granting permissions to granturi marked providers without approval to thirdparty. Android Security Bulletin. Accessed: 2025-04--11. (Jan. 2022). https:\/\/source.android.com\/docs\/security\/bulletin\/2022-01-01."},{"key":"e_1_3_2_1_52_1","volume-title":"Cve-2022--20223: unsafe package check leading to launch anywhere in apprestrictions fragmenty. Android Security Bulletin. Accessed: 2025-04--11. (July","author":"Source Project Android Open","year":"2022","unstructured":"Android Open Source Project. 2022. Cve-2022--20223: unsafe package check leading to launch anywhere in apprestrictions fragmenty. Android Security Bulletin. Accessed: 2025-04--11. (July 2022). https:\/\/source.android.com\/docs\/security\/bulletin\/2022-07-01."},{"key":"e_1_3_2_1_53_1","volume-title":"Cve-2021--39707: bypass call_privileged permission in settings apprestrictions fragment. Android Security Bulletin. Accessed: 2025-04--11. (Mar","author":"Source Project Android Open","year":"2022","unstructured":"Android Open Source Project. 2022. Cve-2021--39707: bypass call_privileged permission in settings apprestrictions fragment. Android Security Bulletin. Accessed: 2025-04--11. (Mar. 2022). https:\/\/source.android.com\/docs\/security\/bulletin\/2022-03-01."},{"key":"e_1_3_2_1_54_1","unstructured":"Android Developers. [n.d.] Intent redirection. Android Developers Documentation. Accessed: 2025-04--11. (). https:\/\/developer.android.com\/privacy-and-security\/risks\/intent-redirection."},{"key":"e_1_3_2_1_55_1","unstructured":"Android Developers. 2024. Android.os.process. Accessed: 2025-04--13. (2024). https:\/\/developer.android.com\/reference\/android\/os\/Process#SYSTEM_UID."},{"key":"e_1_3_2_1_56_1","unstructured":"cxxsheng. 2023. Collectosv vulnerability report. Accessed: 2025-04--11. (2023). h ttps:\/\/github.com\/cxxsheng\/CollectOSV\/blob\/main\/vulnerability_report.md."},{"key":"e_1_3_2_1_57_1","unstructured":"Android Open Source Project. 2014. The first patch for parcel mismatch in parceledlistslice.java. Accessed: 2025-04--11. (2014). https:\/\/android.googlesource.com\/platform\/frameworks\/base\/\/f741c37."},{"key":"e_1_3_2_1_58_1","unstructured":"Android Open Source Project. 2022. Cve-2022--20474: bundle mismatch via lazyvalue with negative length. Android Security Bulletin. Accessed: 2025-04--11. (2022). https:\/\/source.android.com\/docs\/security\/bulletin\/2022--12-01."},{"key":"e_1_3_2_1_59_1","unstructured":"Android Open Source Project. 2023. Cve-2023--20944: starting activity as system with specified activityoptions by injecting them through intent subclass. Android Security Bulletin. Accessed: 2025-04--11. (2023). https:\/\/source.android.com\/docs\/security\/bulletin\/2023-02-01."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765034","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:29:24Z","timestamp":1766442564000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765034"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":59,"alternative-id":["10.1145\/3719027.3765034","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765034","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}