{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T03:51:22Z","timestamp":1782877882311,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100002635","name":"Inha University","doi-asserted-by":"publisher","award":["No.73799-1"],"award-info":[{"award-number":["No.73799-1"]}],"id":[{"id":"10.13039\/501100002635","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Science Foundation of Korea","award":["RS-2025-00563143, No.2022-0-00411"],"award-info":[{"award-number":["RS-2025-00563143, No.2022-0-00411"]}]},{"name":"Institute of Information & communications Technology Planning & Evaluation (IITP)","award":["No.2022-0-00411, IITP-2025-RS-2021-II211810"],"award-info":[{"award-number":["No.2022-0-00411, IITP-2025-RS-2021-II211810"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765215","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:32:38Z","timestamp":1763854358000},"page":"2997-3011","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Deep Dive into In-app Browsers: Uncovering Hidden Pitfalls in Certificate Validation"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9984-6879","authenticated-orcid":false,"given":"Woonghee","family":"Lee","sequence":"first","affiliation":[{"name":"Computer Science and Engineering, Korea University, Seoul, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4823-4194","authenticated-orcid":false,"given":"Junbeom","family":"Hur","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering, Korea University, Seoul, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6728-0698","authenticated-orcid":false,"given":"Hyunsoo","family":"Kwon","sequence":"additional","affiliation":[{"name":"Computer Engineering, Inha University, Incheon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Android Developers 2025. SslError. Retrieved September 5 2025 from https: \/\/developer.android.com\/reference\/android\/net\/http\/SslError"},{"key":"e_1_3_2_1_2_1","volume-title":"Run apps on the Android Emulator. Retrieved","author":"Android Emulator","year":"2025","unstructured":"Android Emulator 2025. Run apps on the Android Emulator. Retrieved September 5, 2025 from https:\/\/developer.android.com\/studio\/run\/emulator"},{"key":"e_1_3_2_1_3_1","volume-title":"The Apache HTTP Server Project. Retrieved","author":"Apache","year":"2025","unstructured":"Apache 2025. The Apache HTTP Server Project. Retrieved September 5, 2025 from https:\/\/httpd.apache.org\/"},{"key":"e_1_3_2_1_4_1","volume-title":"Apktool - A tool for reverse engineering Android apk files. Retrieved","author":"Apktool","year":"2025","unstructured":"Apktool 2025. Apktool - A tool for reverse engineering Android apk files. Retrieved September 5, 2025 from https:\/\/apktool.org\/"},{"key":"e_1_3_2_1_5_1","volume-title":"Certificate Transparency testing. Retrieved","author":"Apple Developer","year":"2025","unstructured":"Apple Developer Forums 2025. Certificate Transparency testing. Retrieved September 5, 2025 from https:\/\/developer.apple.com\/forums\/thread\/722001?answerId=741738022#741738022"},{"key":"e_1_3_2_1_6_1","volume-title":"Apple's Certificate Transparency log program. Retrieved","author":"Apple Support","year":"2025","unstructured":"Apple Support 2025. Apple's Certificate Transparency log program. Retrieved September 5, 2025 from https:\/\/support.apple.com\/en-us\/103703"},{"key":"e_1_3_2_1_7_1","volume-title":"badssl.com. Retrieved","year":"2025","unstructured":"badssl.com 2025. badssl.com. Retrieved September 5, 2025 from https:\/\/badssl.com\/"},{"key":"e_1_3_2_1_8_1","volume-title":"BlueStacks by now.gg. Retrieved","author":"BlueStacks","year":"2025","unstructured":"BlueStacks 2025. BlueStacks by now.gg. Retrieved September 5, 2025 from https:\/\/www.bluestacks.com\/"},{"key":"e_1_3_2_1_9_1","unstructured":"Sharon Boeyen Stefan Santesson Tim Polk Russ Housley Stephen Farrell and David Cooper. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280. https:\/\/doi.org\/10.17487\/ RFC5280"},{"key":"e_1_3_2_1_10_1","volume-title":"Jacob R Lorch, Bryan Parno, Ashay Rane, Srinath Setty, and Laure Thompson.","author":"Bond Barry","year":"2017","unstructured":"Barry Bond, Chris Hawblitzel, Manos Kapritsos, K Rustan M Leino, Jacob R Lorch, Bryan Parno, Ashay Rane, Srinath Setty, and Laure Thompson. 2017. Vale: Verifying High-Performance Cryptographic Assembly Code. In 26th USENIX security symposium (USENIX security 17). 917--934."},{"key":"e_1_3_2_1_11_1","volume-title":"Overview of BoringSSL. Retrieved","author":"SSL","year":"2025","unstructured":"BoringSSL 2025. Overview of BoringSSL. Retrieved September 5, 2025 from https:\/\/boringssl.googlesource.com\/boringssl\/"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_1_13_1","volume-title":"Baseline Requirements for TLS Server Certificates. Retrieved","author":"Browser Forum","year":"2025","unstructured":"CA\/Browser Forum 2025. Baseline Requirements for TLS Server Certificates. Retrieved September 5, 2025 from https:\/\/cabforum.org\/working-groups\/server\/baseline-requirements\/documents\/"},{"key":"e_1_3_2_1_14_1","volume-title":"Chrome Certificate Transparency Policy. Retrieved","author":"Certificate Transparency","year":"2025","unstructured":"Certificate Transparency in Chrome 2025. Chrome Certificate Transparency Policy. Retrieved September 5, 2025 from https:\/\/googlechrome.github.io\/CertificateTransparency\/ct_policy.html"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.40"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598110"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_9"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645708"},{"key":"e_1_3_2_1_19_1","volume-title":"Chromium Code Search. Retrieved","author":"Chromium Code","year":"2025","unstructured":"Chromium Code Search 2025. Chromium Code Search. Retrieved September 5, 2025 from https:\/\/source.chromium.org\/chromium"},{"key":"e_1_3_2_1_20_1","volume-title":"How does the certificate transparency check in Chrome work? Retrieved","author":"Chromium Fourm","year":"2025","unstructured":"Chromium Fourm 2025. How does the certificate transparency check in Chrome work? Retrieved September 5, 2025 from https:\/\/groups.google.com\/a\/ chromium.org\/g\/ct-policy\/c\/FddjjCNIrLo"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the Internet Measurement Conference","author":"Chung Taejoong","year":"2024","unstructured":"Taejoong Chung, Jay Lok, Balakrishnan Chandrasekaran, David Choffnes, Dave Levin, Bruce M Maggs, Alan Mislove, John Rula, Nick Sullivan, and Christo Wilson. 2024. Is the web ready for OCSP must-staple?. In Proceedings of the Internet Measurement Conference 2018. 105--118."},{"key":"e_1_3_2_1_22_1","volume-title":"Conscrypt - A Java Security Provider. Retrieved","author":"Conscrypt","year":"2025","unstructured":"Conscrypt 2025. Conscrypt - A Java Security Provider. Retrieved September 5, 2025 from https:\/\/android.googlesource.com\/platform\/external\/conscrypt\/\/ c26e60713035b52e123bdcc2fe5d69eb94a374f7\/README.md"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00220"},{"key":"e_1_3_2_1_24_1","unstructured":"Dnsmasq 2025. Dnsmasq. Retrieved September 5 2025 from https:\/\/thekelleys.org.uk\/dnsmasq\/doc.html"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504755"},{"key":"e_1_3_2_1_26_1","volume-title":"Top 35 Social Media Platforms","author":"Exploding Topics","year":"2025","unstructured":"Exploding Topics 2025. Top 35 Social Media Platforms (2025). Retrieved September 5, 2025 from https:\/\/explodingtopics.com\/blog\/top-social-media-platforms"},{"key":"e_1_3_2_1_27_1","volume-title":"26th USENIX security symposium (USENIX security 17). 1323--1338.","author":"Felt Adrienne Porter","unstructured":"Adrienne Porter Felt, Richard Barnes, April King, Chris Palmer, Chris Bentzel, and Parisa Tabriz. 2017. Measuring HTTPS adoption on the web. In 26th USENIX security symposium (USENIX security 17). 1323--1338."},{"key":"e_1_3_2_1_28_1","volume-title":"Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Retrieved","author":"Frida","year":"2025","unstructured":"Frida 2025. Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Retrieved September 5, 2025 from https:\/\/frida.re\/"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3629148"},{"key":"e_1_3_2_1_30_1","volume-title":"Overview of Gecko. Retrieved","author":"Gecko","year":"2025","unstructured":"Gecko 2025. Overview of Gecko. Retrieved September 5, 2025 from https:\/\/firefoxsource- docs.mozilla.org\/overview\/gecko.html"},{"key":"e_1_3_2_1_31_1","volume-title":"How to address WebView SSL Error Handler alerts in your apps. Retrieved","author":"Google Help","year":"2025","unstructured":"Google Help 2025. How to address WebView SSL Error Handler alerts in your apps. Retrieved September 5, 2025 from https:\/\/support.google.com\/faqs\/answer\/ 7071387?hl=en&sjid=9974713419631745864-AP"},{"key":"e_1_3_2_1_32_1","volume-title":"Mobile Browsers and Cloud Gaming Market Investigation WP4: In-app browsing within the iOS and Android mobile ecosystems. https: \/\/assets","author":"Government UK","year":"2025","unstructured":"UK Government. 2024. Mobile Browsers and Cloud Gaming Market Investigation WP4: In-app browsing within the iOS and Android mobile ecosystems. https: \/\/assets.publishing.service.gov.uk\/media\/668807ac7541f54efe51ba6c\/WP4_- _In-app_browsing_within_the_iOS_and_Android_mobile_ecosystems.pdf Accessed: 2025-09-05."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","unstructured":"Phillip Hallam-Baker. 2015. X.509v3 Transport Layer Security (TLS) Feature Extension. RFC 7633. https:\/\/doi.org\/10.17487\/RFC7633","DOI":"10.17487\/RFC7633"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Russ Housley Tomofumi Okubo and Joseph Mandel. 2024. No Revocation Available for X.509 Public Key Certificates. RFC 9608. https:\/\/doi.org\/10.17487\/ RFC9608","DOI":"10.17487\/RFC9608"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453100"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00015"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560594"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","unstructured":"Ben Laurie Adam Langley and Emilia Kasper. 2013. Certificate Transparency. RFC 6962. https:\/\/doi.org\/10.17487\/RFC6962","DOI":"10.17487\/RFC6962"},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the Web Conference","author":"Lee Hyunwoo","year":"2021","unstructured":"Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon. 2021. TLS 1.3 in practice: How TLS 1.3 contributes to the internet. In Proceedings of the Web Conference 2021. 70--79."},{"key":"e_1_3_2_1_40_1","volume-title":"Logcat command-line tool. Retrieved","author":"Logcat","year":"2025","unstructured":"Logcat 2025. Logcat command-line tool. Retrieved September 5, 2025 from https:\/\/developer.android.com\/tools\/logcat"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3255869"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"e_1_3_2_1_43_1","volume-title":"Magisk Github Repository - The Magic Mask for Android. Retrieved","author":"Magisk","year":"2025","unstructured":"Magisk 2025. Magisk Github Repository - The Magic Mask for Android. Retrieved September 5, 2025 from https:\/\/github.com\/topjohnwu\/Magisk"},{"key":"e_1_3_2_1_44_1","volume-title":"Network | Apple Developer Documentation. Retrieved","author":"Network","year":"2025","unstructured":"Network in Apple 2025. Network | Apple Developer Documentation. Retrieved September 5, 2025 from https:\/\/developer.apple.com\/documentation\/network"},{"key":"e_1_3_2_1_45_1","unstructured":"Nimbus 2025. Cloudflare Nimbus. Retrieved September 5 2025 from https: \/\/blog.cloudflare.com\/introducing-certificate-transparency-and-nimbus\/"},{"key":"e_1_3_2_1_46_1","volume-title":"Network Security Services (NSS)\u00b6. Retrieved","author":"NSS","year":"2025","unstructured":"NSS 2025. Network Security Services (NSS)\u00b6. Retrieved September 5, 2025 from https:\/\/firefox-source-docs.mozilla.org\/security\/nss\/index.html"},{"key":"e_1_3_2_1_47_1","volume-title":"Let's Encrypt Oak. Retrieved","author":"Oak","year":"2025","unstructured":"Oak 2025. Let's Encrypt Oak. Retrieved September 5, 2025 from https: \/\/letsencrypt.org\/2019\/05\/15\/introducing-oak-ct-log"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.27"},{"key":"e_1_3_2_1_49_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Pourali Sajjad","year":"2024","unstructured":"Sajjad Pourali, Xiufen Yu, Lianying Zhao, Mohammad Mannan, and Amr Youssef. 2024. Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy. In 33rd USENIX Security Symposium (USENIX Security 24). 683--700."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00114"},{"key":"e_1_3_2_1_51_1","volume-title":"pyasn1 library. Retrieved","year":"2025","unstructured":"pyasn1 2025. pyasn1 library. Retrieved September 5, 2025 from https:\/\/pypi.org\/ project\/pyasn1\/"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416552"},{"key":"e_1_3_2_1_53_1","volume-title":"rootavd - GitHub Repository. Retrieved","year":"2025","unstructured":"rootavd 2025. rootavd - GitHub Repository. Retrieved September 5, 2025 from https:\/\/github.com\/newbit1\/rootAVD"},{"key":"e_1_3_2_1_54_1","volume-title":"Similarweb Digital Intelligence: Unlock Your Digital Growth. Retrieved","year":"2025","unstructured":"similarweb 2025. Similarweb Digital Intelligence: Unlock Your Digital Growth. Retrieved September 5, 2025 from https:\/\/www.similarweb.com\/"},{"key":"e_1_3_2_1_55_1","volume-title":"Top Browsers Market Share. Retrieved","year":"2025","unstructured":"similarweb 2025. Top Browsers Market Share. Retrieved September 5, 2025 from https:\/\/www.similarweb.com\/browsers\/\/"},{"key":"e_1_3_2_1_56_1","volume-title":"Mobile messenger and communication apps - statistics & facts. Retrieved","author":"Statista","year":"2025","unstructured":"Statista 2025. Mobile messenger and communication apps - statistics & facts. Retrieved September 5, 2025 from https:\/\/www.statista.com\/topics\/1523\/mobilemessenger- apps\/"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/3184558.3188742"},{"key":"e_1_3_2_1_58_1","volume-title":"proceedings of the 2020 ACM SIGSAC conference on computer and communications security. 49--66","author":"Raman Ram Sundara","year":"2020","unstructured":"Ram Sundara Raman, Prerana Shenoy, Katharina Kohls, and Roya Ensafi. 2020. Censored planet: An internet-wide, longitudinal censorship observatory. In proceedings of the 2020 ACM SIGSAC conference on computer and communications security. 49--66."},{"key":"e_1_3_2_1_59_1","volume-title":"Supplementary Report. Retrieved","author":"Supplementary Report","year":"2025","unstructured":"Supplementary Report 2025. Supplementary Report. Retrieved September 5, 2025 from https:\/\/github.com\/user-attachments\/files\/22132943\/ SupplementaryReport.pdf"},{"key":"e_1_3_2_1_60_1","volume-title":"Overview of Android Custom Tabs. Retrieved","author":"Tabs Android Custom","year":"2025","unstructured":"Android Custom Tabs. 2025. Overview of Android Custom Tabs. Retrieved September 5, 2025 from https:\/\/developer.chrome.com\/docs\/android\/custom-tabs"},{"key":"e_1_3_2_1_61_1","volume-title":"Sui Ling Angela Mak, and Sze Yiu Chau.","author":"Tang Ka Fun","year":"2025","unstructured":"Ka Fun Tang, Che Wei Tu, Sui Ling Angela Mak, and Sze Yiu Chau. 2025. A Multifaceted Study on the Use of TLS and Auto-detect in Email Ecosystems. In Network and Distributed System Security 2025 (NDSS)."},{"key":"e_1_3_2_1_62_1","volume-title":"Overview of Chrome. Retrieved","author":"The Chromium","year":"2025","unstructured":"The Chromium Projects 2025. Overview of Chrome. Retrieved September 5, 2025 from https:\/\/www.chromium.org\/Home\/"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355048"},{"key":"e_1_3_2_1_64_1","volume-title":"Trusted Web Activity. Retrieved","author":"Trusted Web","year":"2025","unstructured":"Trusted Web Activity 2025. Trusted Web Activity. Retrieved September 5, 2025 from https:\/\/developer.chrome.com\/docs\/android\/trusted-web-activity"},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 2016 Internet Measurement Conference. 543--549","author":"Sloot Benjamin Vander","year":"2016","unstructured":"Benjamin Vander Sloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2016. Towards a complete view of the certificate ecosystem. In Proceedings of the 2016 Internet Measurement Conference. 543--549."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2017.240"},{"key":"e_1_3_2_1_67_1","volume-title":"WebKit - A fast, open source web browser engine. Retrieved","author":"WebKit","year":"2025","unstructured":"WebKit 2025. WebKit - A fast, open source web browser engine. Retrieved September 5, 2025 from https:\/\/webkit.org\/"},{"key":"e_1_3_2_1_68_1","volume-title":"Iframes\/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities. In 28th USENIX Security Symposium (USENIX Security 19)","author":"Yang Guangliang","year":"2019","unstructured":"Guangliang Yang, Jeff Huang, and Guofei Gu. 2019. Iframes\/Popups Are Dangerous in Mobile WebView: Studying and Mitigating Differential Context Vulnerabilities. In 28th USENIX Security Symposium (USENIX Security 19). 977--994."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484768"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471625"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134043"},{"key":"e_1_3_2_1_72_1","volume-title":"About the Zygote processes. Retrieved","author":"Zygote Processes","year":"2025","unstructured":"Zygote Processes 2025. About the Zygote processes. Retrieved September 5, 2025 from https:\/\/source.android.com\/docs\/core\/runtime\/zygote"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765215","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:15:20Z","timestamp":1766441720000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765215"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":72,"alternative-id":["10.1145\/3719027.3765215","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765215","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}