{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T13:14:31Z","timestamp":1780060471688,"version":"3.54.0"},"publisher-location":"New York, NY, USA","reference-count":70,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,20]],"date-time":"2026-06-20T00:00:00Z","timestamp":1781913600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Defense Advanced Research Projects Agency and Naval Information Warfare Center Pacific","award":["N66001-22-C-4026"],"award-info":[{"award-number":["N66001-22-C-4026"]}]},{"name":"Advanced Research Projects Agency for Health","award":["SP4701-23-C-0074"],"award-info":[{"award-number":["SP4701-23-C-0074"]}]},{"name":"Department of the Interior","award":["D22AP00145-00"],"award-info":[{"award-number":["D22AP00145-00"]}]},{"name":"National Science Foundation","award":["CNS-2112471"],"award-info":[{"award-number":["CNS-2112471"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,6,21]]},"DOI":"10.1145\/3745756.3809193","type":"proceedings-article","created":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T12:52:21Z","timestamp":1780059141000},"page":"111-126","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Fragile Deliveries: Inconsistencies in Android Parcel and Their Security Consequences"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-1458-5142","authenticated-orcid":false,"given":"Hongkai","family":"Chen","sequence":"first","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3310-4258","authenticated-orcid":false,"given":"Chao","family":"Wang","sequence":"additional","affiliation":[{"name":"The Ohio State University, Columbus, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5149-7913","authenticated-orcid":false,"given":"Yuqing","family":"Yang","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8923-3581","authenticated-orcid":false,"given":"Jennifer","family":"Miller","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6424-0001","authenticated-orcid":false,"given":"Tiffany","family":"Bao","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1524-2566","authenticated-orcid":false,"given":"Ruoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2634-3901","authenticated-orcid":false,"given":"Adam","family":"Doup\u00e9","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6527-5994","authenticated-orcid":false,"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"The Ohio State University, Columbus, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8832-1789","authenticated-orcid":false,"given":"Yan","family":"Shoshitaishvili","sequence":"additional","affiliation":[{"name":"Arizona State University, Tempe, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,20]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"2776","volume-title":"30th USENIX Security Symposium, USENIX Security 2021","author":"Aafer Yousra","year":"2021","unstructured":"Yousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang, and Heng Yin. Android smarttvs vulnerability discovery via log-guided fuzzing. In Michael D. Bailey and Rachel Greenstadt, editors, 30th USENIX Security Symposium, USENIX Security 2021, August 11\u201313, 2021, pages 2759\u20132776. USENIX Association, 2021."},{"key":"e_1_3_2_1_2_1","volume-title":"Mobile Operating System market share statistics (Updated","author":"Android","year":"2025","unstructured":"Android vs iOS: Mobile Operating System market share statistics (Updated 2025). https:\/\/www.appmysite.com\/blog\/android-vs-ios-mobile-operating-system-market-share-statistics-you-must-know\/. Accessed: April 2026."},{"key":"e_1_3_2_1_3_1","volume-title":"https:\/\/github.com\/munjeni\/anyxperia_dumper","year":"2026","unstructured":"anyxperia_dumper. https:\/\/github.com\/munjeni\/anyxperia_dumper. Accessed: April 2026."},{"key":"e_1_3_2_1_4_1","volume-title":"version codes, codenames, and cumulative usage. https:\/\/apilevels.com\/","author":"Android","year":"2026","unstructured":"Android versions, SDK\/API levels, version codes, codenames, and cumulative usage. https:\/\/apilevels.com\/. Accessed: April 2026."},{"key":"e_1_3_2_1_5_1","volume-title":"https:\/\/github.com\/JesusFreke\/smali","year":"2026","unstructured":"smali. https:\/\/github.com\/JesusFreke\/smali. Accessed: April 2026."},{"key":"e_1_3_2_1_6_1","volume-title":"https:\/\/www.blackhat.com\/docs\/asia-16\/materials\/asia-16-He-Hey-Your-Parcel-Looks-Bad-Fuzzing-And-Exploiting-Parcelization-Vulnerabilities-In-Android.pdf","author":"Fuzzing Hey","year":"2026","unstructured":"Hey your parcel looks bad - Fuzzing and Exploiting parcelization vulnerabilities in Android. https:\/\/www.blackhat.com\/docs\/asia-16\/materials\/asia-16-He-Hey-Your-Parcel-Looks-Bad-Fuzzing-And-Exploiting-Parcelization-Vulnerabilities-In-Android.pdf. Accessed: April 2026."},{"key":"e_1_3_2_1_7_1","volume-title":"the bad, the good and the better - Introducing Android's Safer Parcel. https:\/\/i.blackhat.com\/EU-22\/Wednesday-Briefings\/EU-22-Ke-Android-Parcels-Introducing-Android-Safer-Parcel.pdf","author":"Android","year":"2026","unstructured":"Android parcels: the bad, the good and the better - Introducing Android's Safer Parcel. https:\/\/i.blackhat.com\/EU-22\/Wednesday-Briefings\/EU-22-Ke-Android-Parcels-Introducing-Android-Safer-Parcel.pdf. Accessed: April 2026."},{"key":"e_1_3_2_1_8_1","volume-title":"https:\/\/developer.android.com\/reference\/android\/os\/Bundle","year":"2026","unstructured":"Bundle. https:\/\/developer.android.com\/reference\/android\/os\/Bundle. Accessed: April 2026."},{"key":"e_1_3_2_1_9_1","first-page":"370","volume-title":"Proceedings of the 31st Annual Computer Security Applications Conference","author":"Cao Chen","year":"2015","unstructured":"Chen Cao, Neng Gao, Peng Liu, and Ji Xiang. Towards analyzing the input validation vulnerabilities associated with android system services. In Proceedings of the 31st Annual Computer Security Applications Conference, Los Angeles, CA, USA, December 7\u201311, 2015, pages 361\u2013370. ACM, 2015."},{"key":"e_1_3_2_1_10_1","first-page":"2698","volume-title":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, CCS 2025","author":"Cao Sheng","year":"2025","unstructured":"Sheng Cao, Hao Zhou, Songzhou Shi, Yanjie Zhao, and Haoyu Wang. Parcel mismatch demystified: Addressing a decade-old security challenge in android. In Chun-Ying Huang, Jyh-Cheng Chen, Shiuh-Pyng Shieh, David Lie, and V\u00e9ronique Cortier, editors, Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, CCS 2025, Taipei, Taiwan, October 13\u201317, 2025, pages 2683\u20132698. ACM, 2025."},{"key":"e_1_3_2_1_11_1","first-page":"3978","volume-title":"IEEE Symposium on Security and Privacy, SP 2024","author":"Chen Bofei","year":"2024","unstructured":"Bofei Chen, Lei Zhang, Xinyou Huang, Yinzhi Cao, Keke Lian, Yuan Zhang, and Min Yang. Efficient detection of java deserialization gadget chains via bottom-up gadget search and dataflow-aided payload construction. In IEEE Symposium on Security and Privacy, SP 2024, San Francisco, CA, USA, May 19\u201323, 2024, pages 3961\u20133978. IEEE, 2024."},{"key":"e_1_3_2_1_12_1","first-page":"192","volume-title":"53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Network, DSN 2023","author":"Chen Xingchen","year":"2023","unstructured":"Xingchen Chen, Baizhu Wang, Ze Jin, Yun Feng, Xianglong Li, Xincheng Feng, and Qixu Liu. Tabby: Automated gadget chain detection for java deserialization vulnerabilities. In 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Network, DSN 2023, Porto, Portugal, June 27\u201330, 2023, pages 179\u2013192. IEEE, 2023."},{"key":"e_1_3_2_1_13_1","first-page":"90","volume-title":"Dryjin: Detecting information leaks in android applications","author":"Choi Minseong","year":"2024","unstructured":"Minseong Choi, Yubin Im, Steven Y. Ko, Yonghwi Kwon, Yuseok Jeon, and Haehyun Cho. Dryjin: Detecting information leaks in android applications. In Nikolaos Pitropakis, Sokratis K. Katsikas, Steven Furnell, and Konstantinos Markantonakis, editors, ICT Systems Security and Privacy Protection - 39th IFIP International Conference, SEC 2024, Edinburgh, UK, June 12\u201314, 2024, Proceedings, IFIP Advances in Information and Communication Technology, pages 76\u201390. Springer, 2024."},{"key":"e_1_3_2_1_14_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-0664","author":"NVD","year":"2026","unstructured":"NVD - CVE-2017-0664. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-0664. Accessed: April 2026."},{"key":"e_1_3_2_1_15_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-0806","author":"NVD","year":"2026","unstructured":"NVD - CVE-2017-0806. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-0806. Accessed: April 2026."},{"key":"e_1_3_2_1_16_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13286","author":"NVD","year":"2026","unstructured":"NVD - CVE-2017-13286. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13286. Accessed: April 2026."},{"key":"e_1_3_2_1_17_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13287","author":"NVD","year":"2026","unstructured":"NVD - CVE-2017-13287. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13287. Accessed: April 2026."},{"key":"e_1_3_2_1_18_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13288","author":"NVD","year":"2026","unstructured":"NVD - CVE-2017-13288. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13288. Accessed: April 2026."},{"key":"e_1_3_2_1_19_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13289","author":"NVD","year":"2026","unstructured":"NVD - CVE-2017-13289. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-13289. Accessed: April 2026."},{"key":"e_1_3_2_1_20_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-13315","author":"CVE","year":"2026","unstructured":"CVE - CVE-2017-13315. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-13315. Accessed: April 2026."},{"key":"e_1_3_2_1_21_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9431","author":"CVE","year":"2026","unstructured":"CVE - CVE-2018-9431. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9431. Accessed: April 2026."},{"key":"e_1_3_2_1_22_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9471","author":"CVE","year":"2026","unstructured":"CVE - CVE-2018-9471. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9471. Accessed: April 2026."},{"key":"e_1_3_2_1_23_1","volume-title":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9474","author":"CVE","year":"2026","unstructured":"CVE - CVE-2018-9474. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-9474. Accessed: April 2026."},{"key":"e_1_3_2_1_24_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-0928","author":"NVD","year":"2026","unstructured":"NVD - CVE-2021-0928. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-0928. Accessed: April 2026."},{"key":"e_1_3_2_1_25_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-20135","author":"NVD","year":"2026","unstructured":"NVD - CVE-2022-20135. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-20135. Accessed: April 2026."},{"key":"e_1_3_2_1_26_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20963","author":"NVD","year":"2026","unstructured":"NVD - CVE-2023-20963. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-20963. Accessed: April 2026."},{"key":"e_1_3_2_1_27_1","volume-title":"https:\/\/source.android.com\/docs\/security\/bulletin\/2025-02-01","author":"Android Security","year":"2026","unstructured":"Android Security Bulletin-February 2025. https:\/\/source.android.com\/docs\/security\/bulletin\/2025-02-01. Accessed: April 2026."},{"key":"e_1_3_2_1_28_1","volume-title":"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31175","author":"NVD","year":"2026","unstructured":"NVD - CVE-2025-31175. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31175. Accessed: April 2026."},{"key":"e_1_3_2_1_29_1","first-page":"1611","volume-title":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19","author":"El-Rewini Zeinab","year":"2021","unstructured":"Zeinab El-Rewini and Yousra Aafer. Dissecting residual apis in custom android roms. In Yongdae Kim, Jong Kim, Giovanni Vigna, and Elaine Shi, editors, CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, November 15 - 19, 2021, pages 1598\u20131611. ACM, 2021."},{"key":"e_1_3_2_1_30_1","first-page":"2396","volume-title":"29th USENIX Security Symposium, USENIX Security 2020","author":"Elsabagh Mohamed","year":"2020","unstructured":"Mohamed Elsabagh, Ryan Johnson, Angelos Stavrou, Chaoshun Zuo, Qingchuan Zhao, and Zhiqiang Lin. FIRMSCOPE: automatic uncovering of privilege-escalation vulnerabilities in pre-installed apps in android firmware. In Srdjan Capkun and Franziska Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12\u201314, 2020, pages 2379\u20132396. USENIX Association, 2020."},{"key":"e_1_3_2_1_31_1","volume-title":"https:\/\/github.com\/cyxx\/extract_android_ota_payload","year":"2026","unstructured":"extract_android_ota_payload. https:\/\/github.com\/cyxx\/extract_android_ota_payload. Accessed: April 2026."},{"key":"e_1_3_2_1_32_1","first-page":"409","volume-title":"Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016","author":"Feng Huan","year":"2016","unstructured":"Huan Feng and Kang G. Shin. Understanding and defending the binder attack surface in android. In Stephen Schwab, William K. Robertson, and Davide Balzarotti, editors, Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, December 5\u20139, 2016, pages 398\u2013409. ACM, 2016."},{"key":"e_1_3_2_1_33_1","volume-title":"https:\/\/firmwarefile.com\/","author":"Flash Firmware File","year":"2026","unstructured":"Firmware File - Database of Stock ROM (Flash File). https:\/\/firmwarefile.com\/. Accessed: April 2026."},{"key":"e_1_3_2_1_34_1","unstructured":"AccountManagerService.java - Android Code Search. https:\/\/cs.android.com\/android\/platform\/superproject\/+\/master:frameworks\/base\/services\/core\/java\/com\/android\/server\/accounts\/AccountManagerService.java;l=4942?q=AccountManagerService&ss=android%2Fplatform%2Fsuperproject. Accessed: April 2026."},{"key":"e_1_3_2_1_35_1","volume-title":"https:\/\/developers.google.com\/","author":"Mobile Google","year":"2026","unstructured":"Google for Developers - from AI and Cloud to Mobile and Web. https:\/\/developers.google.com\/. Accessed: April 2026."},{"key":"e_1_3_2_1_36_1","volume-title":"https:\/\/www.statista.com\/statistics\/266210\/number-of-available-applications-in-the-google-play-store\/","author":"Google Play","year":"2026","unstructured":"Google Play Store number of apps 2026. https:\/\/www.statista.com\/statistics\/266210\/number-of-available-applications-in-the-google-play-store\/. Accessed: April 2026."},{"key":"e_1_3_2_1_37_1","first-page":"1606","volume-title":"SAC '21: The 36th ACM\/SIGAPP Symposium on Applied Computing, Virtual Event, Republic of Korea, March 22\u201326","author":"Graux Pierre","year":"2021","unstructured":"Pierre Graux, Jean-Fran\u00e7ois Lalande, Val\u00e9rie Viet Triem Tong, and Pierre Wilke. Preventing serialization vulnerabilities through transient field detection. In Chih-Cheng Hung, Jiman Hong, Alessio Bechini, and Eunjee Song, editors, SAC '21: The 36th ACM\/SIGAPP Symposium on Applied Computing, Virtual Event, Republic of Korea, March 22\u201326, 2021, pages 1598\u20131606. ACM, 2021."},{"key":"e_1_3_2_1_38_1","volume-title":"https:\/\/gizchina.net\/en\/2024\/01\/19\/harmonyos-next-predstavleno-bez-zhodnoho-ryadka-kodu-android\/","author":"HARMONYOS NEXT COMES WITHOUT A SINGLE LINE OF ANDROID","year":"2026","unstructured":"HARMONYOS NEXT COMES WITHOUT A SINGLE LINE OF ANDROID CODE. https:\/\/gizchina.net\/en\/2024\/01\/19\/harmonyos-next-predstavleno-bez-zhodnoho-ryadka-kodu-android\/. Accessed: April 2026."},{"key":"e_1_3_2_1_39_1","first-page":"639","volume-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017","author":"Hassanshahi Behnaz","year":"2017","unstructured":"Behnaz Hassanshahi and Roland H. C. Yap. Android database attacks revisited. In Ramesh Karri, Ozgur Sinanoglu, Ahmad-Reza Sadeghi, and Xun Yi, editors, Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2\u20136, 2017, pages 625\u2013639. ACM, 2017."},{"key":"e_1_3_2_1_40_1","volume-title":"11th USENIX Workshop on Offensive Technologies, WOOT 2017","author":"Hay Roee","year":"2017","unstructured":"Roee Hay. fastboot oem vuln: Android bootloader vulnerabilities in vendor customizations. In William Enck and Collin Mulliner, editors, 11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14\u201315, 2017. USENIX Association, 2017."},{"key":"e_1_3_2_1_41_1","first-page":"128","volume-title":"Proceedings of the 2015 International Symposium on Software Testing and Analysis, ISSTA 2015","author":"Hay Roee","year":"2015","unstructured":"Roee Hay, Omer Tripp, and Marco Pistoia. Dynamic detection of inter-application communication vulnerabilities in android. In Michal Young and Tao Xie, editors, Proceedings of the 2015 International Symposium on Software Testing and Analysis, ISSTA 2015, Baltimore, MD, USA, July 12\u201317, 2015, pages 118\u2013128. ACM, 2015."},{"key":"e_1_3_2_1_42_1","first-page":"1247","volume-title":"Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security","author":"Huang Heqing","year":"2015","unstructured":"Heqing Huang, Sencun Zhu, Kai Chen, and Peng Liu. From system services freezing to system server shutdown in android: All you need is a loop in an app. In Indrajit Ray, Ninghui Li, and Christopher Kruegel, editors, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12\u201316, 2015, pages 1236\u20131247. ACM, 2015."},{"key":"e_1_3_2_1_43_1","volume-title":"https:\/\/developer.android.com\/guide\/components\/intents-filters","author":"Intents","year":"2026","unstructured":"Intents and intent filters. https:\/\/developer.android.com\/guide\/components\/intents-filters. Accessed: April 2026."},{"key":"e_1_3_2_1_44_1","volume-title":"https:\/\/github.com\/skylot\/jadx","year":"2026","unstructured":"jadx. https:\/\/github.com\/skylot\/jadx. Accessed: April 2026."},{"key":"e_1_3_2_1_45_1","volume-title":"https:\/\/www.w3schools.com\/java\/java_data_types.asp","author":"Types Java Data","year":"2026","unstructured":"Java Data Types. https:\/\/www.w3schools.com\/java\/java_data_types.asp. Accessed: April 2026."},{"key":"e_1_3_2_1_46_1","volume-title":"https:\/\/github.com\/javapathfinder","author":"Pathfinder Java","year":"2026","unstructured":"Java Pathfinder. https:\/\/github.com\/javapathfinder. Accessed: April 2026."},{"key":"e_1_3_2_1_47_1","first-page":"746","volume-title":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016","author":"Jing Yiming","year":"2016","unstructured":"Yiming Jing, Gail-Joon Ahn, Adam Doup\u00e9, and Jeong Hyun Yi. Checking intent-based communication in android with intent space analysis. In Xiaofeng Chen, XiaoFeng Wang, and Xinyi Huang, editors, Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi'an, China, May 30 - June 3, 2016, pages 735\u2013746. ACM, 2016."},{"key":"e_1_3_2_1_48_1","first-page":"323","volume-title":"29th USENIX Security Symposium, USENIX Security 2020","author":"Liu Baozheng","year":"2020","unstructured":"Baozheng Liu, Chao Zhang, Guang Gong, Yishun Zeng, Haifeng Ruan, and Jianwei Zhuge. FANS: fuzzing android native system services via automated interface analysis. In Srdjan Capkun and Franziska Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12\u201314, 2020, pages 307\u2013323. USENIX Association, 2020."},{"key":"e_1_3_2_1_49_1","volume-title":"https:\/\/github.com\/unix3dgforce\/lpunpack","year":"2026","unstructured":"lpunpack. https:\/\/github.com\/unix3dgforce\/lpunpack. Accessed: April 2026."},{"key":"e_1_3_2_1_50_1","volume-title":"https:\/\/github.com\/testwhat\/SmaliEx","year":"2026","unstructured":"SmaliEx. https:\/\/github.com\/testwhat\/SmaliEx. Accessed: April 2026."},{"key":"e_1_3_2_1_51_1","first-page":"558","volume-title":"Proceedings of the 22th USENIX Security Symposium","author":"Octeau Damien","year":"2013","unstructured":"Damien Octeau, Patrick D. McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. Effective inter-component communication mapping in android: An essential step towards holistic security analysis. In Samuel T. King, editor, Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14\u201316, 2013, pages 543\u2013558. USENIX Association, 2013."},{"key":"e_1_3_2_1_52_1","volume-title":"https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide","author":"System Market Share Worldwide Mobile Operating","year":"2026","unstructured":"Mobile Operating System Market Share Worldwide. https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide. Accessed: April 2026."},{"key":"e_1_3_2_1_53_1","volume-title":"https:\/\/github.com\/divinebird\/pacextractor","year":"2026","unstructured":"pacextractor. https:\/\/github.com\/divinebird\/pacextractor. Accessed: April 2026."},{"key":"e_1_3_2_1_54_1","volume-title":"https:\/\/developer.android.com\/reference\/android\/os\/Parcelable","year":"2026","unstructured":"Parcelable. https:\/\/developer.android.com\/reference\/android\/os\/Parcelable. Accessed: April 2026."},{"key":"e_1_3_2_1_55_1","volume-title":"https:\/\/developer.android.com\/reference\/android\/os\/Parcel","year":"2026","unstructured":"Parcel. https:\/\/developer.android.com\/reference\/android\/os\/Parcel. Accessed: April 2026."},{"key":"e_1_3_2_1_56_1","volume-title":"9th USENIX Workshop on Offensive Technologies, WOOT '15","author":"Peles Or","year":"2015","unstructured":"Or Peles and Roee Hay. One class to rule them all: 0-day deserialization vulnerabilities in android. In Aur\u00e9lien Francillon and Thomas Ptacek, editors, 9th USENIX Workshop on Offensive Technologies, WOOT '15, Washington, DC, USA, August 10\u201311, 2015. USENIX Association, 2015."},{"key":"e_1_3_2_1_57_1","first-page":"102","volume-title":"42nd IEEE Symposium on Security and Privacy, SP 2021","author":"Possemato Andrea","year":"2021","unstructured":"Andrea Possemato, Simone Aonzo, Davide Balzarotti, and Yanick Fratantonio. Trust, but verify: A longitudinal analysis of android OEM compliance and customization. In 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24\u201327 May 2021, pages 87\u2013102. IEEE, 2021."},{"key":"e_1_3_2_1_58_1","volume-title":"https:\/\/sensorstechforum.com\/cve-2023-20963-android-pinduoduo-app\/","author":"App Pinduoduo Exploited","year":"2026","unstructured":"CVE-2023-20963 Exploited by Chinese E-commerce App Pinduoduo. https:\/\/sensorstechforum.com\/cve-2023-20963-android-pinduoduo-app\/. Accessed: April 2026."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3554732"},{"key":"e_1_3_2_1_60_1","volume-title":"https:\/\/github.com\/xpirt\/sdat2img","year":"2026","unstructured":"sdat2img. https:\/\/github.com\/xpirt\/sdat2img. Accessed: April 2026."},{"key":"e_1_3_2_1_61_1","volume-title":"https:\/\/github.com\/anestisb\/android-simg2img","year":"2026","unstructured":"android-simg2img. https:\/\/github.com\/anestisb\/android-simg2img. Accessed: April 2026."},{"key":"e_1_3_2_1_62_1","first-page":"1597","volume-title":"Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2023","author":"Srivastava Prashast","year":"2023","unstructured":"Prashast Srivastava, Flavio Toffalini, Kostyantyn Vorobyov, Fran\u00e7ois Gauthier, Antonio Bianchi, and Mathias Payer. Crystallizer: A hybrid path analysis framework to aid in uncovering deserialization vulnerabilities. In Satish Chandra, Kelly Blincoe, and Paolo Tonella, editors, Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC\/FSE 2023, San Francisco, CA, USA, December 3\u20139, 2023, pages 1586\u20131597. ACM, 2023."},{"key":"e_1_3_2_1_63_1","volume-title":"Vivo announced BlueOS its own mobile operating system. https:\/\/www.huaweicentral.com\/after-huawei-and-xiaomi-vivo-announced-blueos-its-own-mobile-operating-system\/","author":"Huawei After","year":"2026","unstructured":"After Huawei and Xiaomi, Vivo announced BlueOS its own mobile operating system. https:\/\/www.huaweicentral.com\/after-huawei-and-xiaomi-vivo-announced-blueos-its-own-mobile-operating-system\/. Accessed: April 2026."},{"key":"e_1_3_2_1_64_1","first-page":"306","volume-title":"Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019","author":"Wu Daoyuan","year":"2019","unstructured":"Daoyuan Wu, Debin Gao, Eric K. T. Cheng, Yichen Cao, Jintao Jiang, and Robert H. Deng. Towards understanding android system vulnerabilities: Techniques and insights. In Steven D. Galbraith, Giovanni Russello, Willy Susilo, Dieter Gollmann, Engin Kirda, and Zhenkai Liang, editors, Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, Auckland, New Zealand, July 09\u201312, 2019, pages 295\u2013306. ACM, 2019."},{"key":"e_1_3_2_1_65_1","first-page":"292","volume-title":"39th IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice Track, ICSE-SEIP 2017","author":"Wu JingZheng","year":"2017","unstructured":"JingZheng Wu, Shen Liu, Shouling Ji, Mutian Yang, Tianyue Luo, Yanjun Wu, and Yongji Wang. Exception beyond exception: Crashing android system by trapping in \"uncaught exception\". In 39th IEEE\/ACM International Conference on Software Engineering: Software Engineering in Practice Track, ICSE-SEIP 2017, Buenos Aires, Argentina, May 20\u201328, 2017, pages 283\u2013292. IEEE Computer Society, 2017."},{"key":"e_1_3_2_1_66_1","volume-title":"Aims to Compete with Huawei's HarmonyOS and Eventually Google. https:\/\/www.gizmochina.com\/2023\/08\/23\/xiaomi-developing-smartphone-operating-system\/","author":"Own Operating System Xiaomi Developing","year":"2026","unstructured":"Xiaomi Developing Own Operating System Compatible with Android, Aims to Compete with Huawei's HarmonyOS and Eventually Google. https:\/\/www.gizmochina.com\/2023\/08\/23\/xiaomi-developing-smartphone-operating-system\/. Accessed: April 2026."},{"key":"e_1_3_2_1_67_1","first-page":"536","volume-title":"9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '14","author":"Yang Kun","year":"2014","unstructured":"Kun Yang, Jianwei Zhuge, Yongke Wang, Lujue Zhou, and Hai-Xin Duan. Intentfuzzer: detecting capability leaks of android applications. In Shiho Moriai, Trent Jaeger, and Kouichi Sakurai, editors, 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '14, Kyoto, Japan - June 03 - 06, 2014, pages 531\u2013536. ACM, 2014."},{"key":"e_1_3_2_1_68_1","first-page":"3077","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022","author":"Yang Yuqing","year":"2022","unstructured":"Yuqing Yang, Mohamed Elsabagh, Chaoshun Zuo, Ryan Johnson, Angelos Stavrou, and Zhiqiang Lin. Detecting and measuring misconfigured manifests in android apps. In Heng Yin, Angelos Stavrou, Cas Cremers, and Elaine Shi, editors, Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7\u201311, 2022, pages 3063\u20133077. ACM, 2022."},{"key":"e_1_3_2_1_69_1","first-page":"254","volume-title":"IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024","author":"Zhan Yunfan","year":"2024","unstructured":"Yunfan Zhan, Qidan He, Yijun Wang, and Xiuzhen Chen. PMDET: automated detection tool of android parcel mismatch. In IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024, Rovaniemi, Finland, March 12\u201315, 2024, pages 250\u2013254. IEEE, 2024."},{"key":"e_1_3_2_1_70_1","first-page":"2247","volume-title":"43rd IEEE Symposium on Security and Privacy, SP 2022","author":"Zhang Lei","year":"2022","unstructured":"Lei Zhang, Keke Lian, Haoyu Xiao, Zhibo Zhang, Peng Liu, Yuan Zhang, Min Yang, and Haixin Duan. Exploit the last straw that breaks android systems. In 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, May 22\u201326, 2022, pages 2230\u20132247. IEEE, 2022."}],"event":{"name":"MobiSys '26: 24th Annual International Conference on Mobile Systems, Applications and Services","location":"University of Cambridge Cambridge United Kingdom","acronym":"MobiSys '26","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 24th Annual International Conference on Mobile Systems, Applications and Services"],"original-title":[],"deposited":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T12:55:48Z","timestamp":1780059348000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3745756.3809193"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6,20]]},"references-count":70,"alternative-id":["10.1145\/3745756.3809193","10.1145\/3745756"],"URL":"https:\/\/doi.org\/10.1145\/3745756.3809193","relation":{},"subject":[],"published":{"date-parts":[[2026,6,20]]},"assertion":[{"value":"2026-06-20","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}