{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T17:58:50Z","timestamp":1772906330561,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T00:00:00Z","timestamp":1763769600000},"content-version":"vor","delay-in-days":3,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["1942888,1954521,2120642,2120696,2153388,2154183"],"award-info":[{"award-number":["1942888,1954521,2120642,2120696,2153388,2154183"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-25-1-0179"],"award-info":[{"award-number":["W911NF-25-1-0179"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006785","name":"Google","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006785","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012642","name":"Mozilla Foundation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012642","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100005144","name":"Qualcomm","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100005144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765093","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:42:02Z","timestamp":1763854922000},"page":"3266-3280","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Pixnapping: Bringing Pixel Stealing out of the Stone Age"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4474-3012","authenticated-orcid":false,"given":"Alan","family":"Wang","sequence":"first","affiliation":[{"name":"University of California, Berkeley, Berkeley, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-7214-3536","authenticated-orcid":false,"given":"Pranav","family":"Gopalkrishnan","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, Washington, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-4140-307X","authenticated-orcid":false,"given":"Yingchen","family":"Wang","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9995-5995","authenticated-orcid":false,"given":"Christopher W.","family":"Fletcher","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-0225-8714","authenticated-orcid":false,"given":"Hovav","family":"Shacham","sequence":"additional","affiliation":[{"name":"University of California, San Diego, San Diego, California, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9121-9734","authenticated-orcid":false,"given":"David","family":"Kohlbrenner","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, Washington, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9552-8216","authenticated-orcid":false,"given":"Riccardo","family":"Paccagnella","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, Pennsylvania, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2011. Timing Attacks on CSS Shaders. Online: https:\/\/web.archive.org\/web\/ 20120207083807\/http:\/\/www.schemehostport.com\/2011\/12\/timing-attacks-oncss- shaders.html. Accessed on March 24 2025."},{"key":"e_1_3_2_1_2_1","unstructured":"2022. Feature: Cookies default to SameSite=Lax. Online: https:\/\/chromestatus. com\/feature\/5088147346030592. Accessed on April 10 2025."},{"key":"e_1_3_2_1_3_1","unstructured":"2022. Security: Cross-origin pixel reading via SVG filter data-dependent power use and Hertzbleed. Online: https:\/\/issues.chromium.org\/issues\/40086984."},{"key":"e_1_3_2_1_4_1","unstructured":"2023. Security: Cross-origin pixel reading via SVG filter data-dependent GPU memory bandwidth usage. Online: https:\/\/issues.chromium.org\/issues\/40063650."},{"key":"e_1_3_2_1_5_1","unstructured":"2023. Security: Timing Attack Using SVG Filters on Visited Links to Sniff History (Based on GPU-Zip). Online: https:\/\/issues.chromium.org\/issues\/40943106."},{"key":"e_1_3_2_1_6_1","unstructured":"2024. Cross-origin pixel reading via data-dependent SVG filter power usage and Intel Thread Director. Online: https:\/\/issues.chromium.org\/issues\/381109468."},{"key":"e_1_3_2_1_7_1","unstructured":"2024. Google Maps gets rid of another feature onWeb. Online: https:\/\/tech.yahoo. com\/general\/articles\/google-maps-gets-rid-another-220221240.html. Accessed on March 29 2025."},{"key":"e_1_3_2_1_8_1","unstructured":"2024. Introducing Total Cookie Protection in Standard Mode. Online: https:\/\/support.mozilla.org\/en-US\/kb\/introducing-total-cookie-protectionstandard- mode. Accessed on April 10 2025."},{"key":"e_1_3_2_1_9_1","unstructured":"2025. Activity | API reference | Android Developers. Online: https:\/\/developer. android.com\/reference\/android\/app\/Activity. Accessed on April 10 2025."},{"key":"e_1_3_2_1_10_1","unstructured":"2025. Android Developers. Online: https: \/\/developer.android.com\/guide\/topics\/manifest\/activity-element. Accessed on April 10 2025."},{"key":"e_1_3_2_1_11_1","unstructured":"2025. Feature: Partitioning :visited links history. Online: https:\/\/chromestatus. com\/feature\/5101991698628608. Accessed on April 3 2025."},{"key":"e_1_3_2_1_12_1","unstructured":"2025. Intents and intent filters | App architecture | Android Developers. Online: https:\/\/developer.android.com\/guide\/components\/intents-filters. Accessed on April 10 2025."},{"key":"e_1_3_2_1_13_1","unstructured":"2025. Introduction to activities | App architecture | Android Developers. Online: https:\/\/developer.android.com\/guide\/components\/activities\/intro-activities. Accessed on April 10 2025."},{"key":"e_1_3_2_1_14_1","volume-title":"Meet Google Play's target API level requirement | Other Play guides | Android Developers. Online: https:\/\/developer.android.com\/google\/play\/ requirements\/target-sdk. Accessed on","year":"2025","unstructured":"2025. Meet Google Play's target API level requirement | Other Play guides | Android Developers. Online: https:\/\/developer.android.com\/google\/play\/ requirements\/target-sdk. Accessed on September 10 2025."},{"key":"e_1_3_2_1_15_1","unstructured":"2025. Package visibility filtering on Android | App architecture | Android Developers. Online: https:\/\/developer.android.com\/training\/package-visibility. Accessed on September 10 2025."},{"key":"e_1_3_2_1_16_1","unstructured":"2025. Restrictions on starting activities from the background | App architecture | Android Developers. Online: https:\/\/developer.android.com\/guide\/components\/ activities\/background-starts. Accessed on April 10 2025."},{"key":"e_1_3_2_1_17_1","unstructured":"2025. SurfaceFlinger and WindowManager | Android Open Source Project. Online: https:\/\/source.android.com\/docs\/core\/graphics\/surfaceflingerwindowmanager. Accessed on April 10 2025."},{"key":"e_1_3_2_1_18_1","unstructured":"2025. SVG and CSS filters can leak cross-origin data via iframes. Online: https:\/\/issues.chromium.org\/issues\/401081629."},{"key":"e_1_3_2_1_19_1","unstructured":"2025. Tasks and the back stack | App architecture | Android Developers. Online: https:\/\/developer.android.com\/guide\/components\/activities\/tasks-and-backstack. Accessed on April 10 2025."},{"key":"e_1_3_2_1_20_1","unstructured":"2025. Use of the broad package (App) visibility (QUERY_ALL_PACKAGES) permission. Online: https:\/\/support.google.com\/googleplay\/android-developer\/answer\/10158779. Accessed on April 10 2025."},{"key":"e_1_3_2_1_21_1","unstructured":"2025. VSYNC | Android Open Source Project. Online: https:\/\/source.android.com\/docs\/core\/graphics\/implement-vsync. Accessed on April 10 2025."},{"key":"e_1_3_2_1_22_1","unstructured":"2025. Window blurs | Android Open Source Project. Online: https:\/\/source.android.com\/docs\/core\/display\/window-blurs. Accessed on April 10 2025."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Marc Andrysco David Kohlbrenner Keaton Mowery Ranjit Jhala Sorin Lerner and Hovav Shacham. 2015. On Subnormal Floating Point and Abnormal Timing. In S&P.","DOI":"10.1109\/SP.2015.44"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Simone Aonzo Alessio Merlo Giulio Tavella and Yanick Fratantonio. 2018. Phishing Attacks on Modern Android. In CCS.","DOI":"10.1145\/3243734.3243778"},{"key":"e_1_3_2_1_25_1","unstructured":"Philipp Beer Marco Squarcina Sebastian Roth and Martina Lindorfer. 2025. TapTrap: Animation-Driven Tapjacking on Android. In USENIX Security."},{"key":"e_1_3_2_1_26_1","volume-title":"Tabbed Out: Subverting the Android Custom Tab Security Model. In S&P.","author":"Beer Philipp","year":"2024","unstructured":"Philipp Beer, Marco Squarcina, Lorenzo Veronese, and Martina Lindorfer. 2024. Tabbed Out: Subverting the Android Custom Tab Security Model. In S&P."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Antonio Bianchi Jacopo Corbetta Luca Invernizzi Yanick Fratantonio Christopher Kruegel and Giovanni Vigna. 2015. What the App is That? Deception and Countermeasures in the Android User Interface. In S&P.","DOI":"10.1109\/SP.2015.62"},{"key":"e_1_3_2_1_28_1","volume-title":"Adrienne Porter Felt","author":"Chin Erika","year":"2011","unstructured":"Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner. 2011. Analyzing inter-application communication in Android. In MobiSys."},{"key":"e_1_3_2_1_29_1","volume-title":"Scheduled Disclosure: Turning Power Into Timing Without Frequency Scaling. In S&P.","author":"Chun Inwhan","year":"2025","unstructured":"Inwhan Chun, Isabella Siu, and Riccardo Paccagnella. 2025. Scheduled Disclosure: Turning Power Into Timing Without Frequency Scaling. In S&P."},{"key":"e_1_3_2_1_30_1","unstructured":"Adrienne Porter Felt and DavidWagner. 2011. Phishing on mobile devices. (2011)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Yanick Fratantonio Chenxiong Qian Simon P Chung and Wenke Lee. 2017. Cloak and dagger: from two permissions to complete control of the UI feedback loop. In S&P.","DOI":"10.1109\/SP.2017.39"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Nethanel Gelernter and Amir Herzberg. 2015. Cross-site search attacks. In CCS.","DOI":"10.1145\/2810103.2813688"},{"key":"e_1_3_2_1_33_1","unstructured":"David Kohlbrenner and Hovav Shacham. 2017. On the effectiveness of mitigations against floating-point timing channels. In USENIX Security."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Robert Kotcher Yutong Pei Pranjal Jumde and Collin Jackson. 2013. Cross-origin pixel stealing: Timing attacks using CSS filters. In CCS.","DOI":"10.1145\/2508859.2516712"},{"key":"e_1_3_2_1_35_1","volume":"201","author":"M'Raihi D.","unstructured":"D. M'Raihi, S. Machani, M. Pei, and J. Rydell. 2011. TOTP: Time-Based One-Time Password Algorithm. RFC 6238.","journal-title":"J. Rydell."},{"key":"e_1_3_2_1_36_1","volume-title":"Ui redressing attacks on android devices. Black Hat Abu Dhabi","author":"Niemietz Marcus","year":"2012","unstructured":"Marcus Niemietz and J\u00f6rg Schwenk. 2012. Ui redressing attacks on android devices. Black Hat Abu Dhabi (2012)."},{"key":"e_1_3_2_1_37_1","unstructured":"Jorn Nystad Oskar Flordal and Jeremy Davies. 2013. Methods of and apparatus for using tree representations for representing arrays of data elements for encoding and decoding data in data processing systems. US patent US8542939B2."},{"key":"e_1_3_2_1_38_1","unstructured":"Jorn Nystad Oskar Flordal Jeremy Davies and Ola Hugosson. 2015. Methods of and apparatus for encoding and decoding data in data processing systems. US patent US9014496B2."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Mathias Oberhuber Martin Unterguggenberger Lukas Maar Andreas Kogler and Stefan Mangard. 2025. Power-Related Side-Channel Attacks using the Android Sensor Framework. In NDSS.","DOI":"10.14722\/ndss.2025.240092"},{"key":"e_1_3_2_1_40_1","volume-title":"Ron Magen, Daniel Genkin, Yossi Oren, Hovav Shacham, and Yuval Yarom.","author":"O'Connell Sioli","year":"2024","unstructured":"Sioli O'Connell, Lishay Aben Sour, Ron Magen, Daniel Genkin, Yossi Oren, Hovav Shacham, and Yuval Yarom. 2024. Pixel Thief: Exploiting SVG Filter Leakage in Firefox and Chrome. In USENIX Security."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Gerald Palfinger Bernd Pr\u00fcnster and Dominik Julian Ziegler. 2020. AndroTIME: Identifying Timing Side Channels in the Android API. In TrustCom.","DOI":"10.1109\/TrustCom50675.2020.00253"},{"key":"e_1_3_2_1_42_1","volume-title":"Wenke Lee, and Yanick Fratantonio.","author":"Possemato Andrea","year":"2018","unstructured":"Andrea Possemato, Andrea Lanzi, Simon Pak Ho Chung, Wenke Lee, and Yanick Fratantonio. 2018. Clickshield: Are you hiding something? towards eradicating clickjacking on android. In CCS."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Kimberly Ruth Deepak Kumar Brandon Wang Luke Valenta and Zakir Durumeric. 2022. Toppling top lists: evaluating the accuracy of popular website lists. In IMC.","DOI":"10.1145\/3517745.3561444"},{"key":"e_1_3_2_1_44_1","unstructured":"Paul Stone. 2013. Pixel Perfect Timing Attacks with HTML5. White Paper. Context Information Security. Online: https:\/\/web.archive.org\/web\/20130821233359\/ http:\/\/contextis.co.uk\/files\/Browser_Timing_Attacks.pdf."},{"key":"e_1_3_2_1_45_1","volume-title":"Stephan van Schaik, Daniel Genkin, and Yuval Yarom.","author":"Taneja Hritvik","year":"2023","unstructured":"Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, and Yuval Yarom. 2023. Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and ARM SoCs. In USENIX Security."},{"key":"e_1_3_2_1_46_1","volume-title":"Gunter","author":"Tuncay G\u00fcliz Seray","year":"2020","unstructured":"G\u00fcliz Seray Tuncay, Jingyu Qian, and Carl A. Gunter. 2020. See No Evil: Phishing for Permissions with False Transparency. In USENIX Security."},{"key":"e_1_3_2_1_47_1","volume-title":"Fletcher","author":"Wang Yingchen","year":"2024","unstructured":"Yingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham, and Christopher W. Fletcher. 2024. GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression. In S&P."},{"key":"e_1_3_2_1_48_1","volume-title":"Hertzbleed: Turning Power Side-Channel Attacks Into Timing Attacks on x86. In USENIX Security.","author":"Wang Yingchen","year":"2022","unstructured":"Yingchen Wang, Riccardo Paccagnella, Elizabeth He, Hovav Shacham, Christopher W. Fletcher, and David Kohlbrenner. 2022. Hertzbleed: Turning Power Side-Channel Attacks Into Timing Attacks on x86. In USENIX Security."},{"key":"e_1_3_2_1_49_1","volume-title":"Christopher W. Fletcher, David Kohlbrenner, and Hovav Shacham.","author":"Wang Yingchen","year":"2023","unstructured":"Yingchen Wang, Riccardo Paccagnella, Alan Wandke, Zhao Gang, Grant Garrett- Grossman, Christopher W. Fletcher, David Kohlbrenner, and Hovav Shacham. 2023. DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data. In S&P."},{"key":"e_1_3_2_1_50_1","unstructured":"John Wilander. 2020. Full Third-Party Cookie Blocking and More. Online: https:\/\/webkit.org\/blog\/10218\/full-third-party-cookie-blocking-and-more\/. Accessed on April 14 2025."},{"key":"e_1_3_2_1_51_1","unstructured":"Longfei Wu Benjamin Brandt Xiaojiang Du and Bo Ji. 2016. Analysis of clickjacking attacks and an effective defense scheme for android devices. In CNS."},{"key":"e_1_3_2_1_52_1","volume-title":"Han Wang, Howard Wu, and YuSaki Kanade.","author":"Yu Jincheng","year":"2025","unstructured":"Jincheng Yu, vvb2060, Han Wang, Howard Wu, and YuSaki Kanade. 2025. Android Hidden Api Bypass. Online: https:\/\/github.com\/LSPosed\/AndroidHiddenApiBypass. Accessed on April 10 2025."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765093","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765093","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:29:59Z","timestamp":1766442599000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765093"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":52,"alternative-id":["10.1145\/3719027.3765093","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765093","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}