{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T16:02:41Z","timestamp":1780588961260,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1145\/3779208.3807487","type":"proceedings-article","created":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T15:21:58Z","timestamp":1780586518000},"page":"1475-1490","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["CCA-Droid: Context-Aware Cryptographic API Misuse Detection in Android Apps"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6423-1700","authenticated-orcid":false,"given":"Minwook","family":"Lee","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5856-5528","authenticated-orcid":false,"given":"Eunsoo","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5047-5683","authenticated-orcid":false,"given":"Sanghak","family":"Oh","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2613-2127","authenticated-orcid":false,"given":"Joonsang","family":"Baek","sequence":"additional","affiliation":[{"name":"School of Computing and Information Technology, University of Wollongong, Wollongong, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1562-5105","authenticated-orcid":false,"given":"Willy","family":"Susilo","sequence":"additional","affiliation":[{"name":"School of Computing and Information Technology, University of Wollongong, Wollongong, Australia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1605-3866","authenticated-orcid":false,"given":"Hyoungshick","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.52"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2019.00017"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3613099"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833582"},{"key":"e_1_3_2_1_5_1","volume-title":"Proceedings of the IEEE International Conference on Computer and Communications (ICCC).","author":"An Chunyan","year":"2022","unstructured":"Chunyan An, Donglei Zhang, Xinjie Gao, and Xueqiong Zhu. 2022. Crypto Detection: A Cryptography Misuse Detection Method Basedon Bi-LSTM. In Proceedings of the IEEE International Conference on Computer and Communications (ICCC)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-70879-4_18"},{"key":"e_1_3_2_1_7_1","first-page":"131A","article-title":"Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths","volume":"800","author":"Barker Elaine","year":"2011","unstructured":"Elaine Barker, Allen Roginsky, et al. 2011. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. NIST Special Publication 800, 131A.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44448-3_41"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT).","author":"Bellare Mihir","year":"1994","unstructured":"Mihir Bellare and Phillip Rogaway. 1994. Optimal Asymmetric Encryption. In Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2006.01.012"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0055716"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Tim Boland and Paul E Black. 2012. Juliet 1.1 C\/C++ and java test suite. Computer.","DOI":"10.1109\/MC.2012.345"},{"key":"e_1_3_2_1_13_1","unstructured":"Spotbugs Community. 2023. Spotbugs Documentation. https:\/\/spotbugs.github.io\/. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_14_1","volume-title":"Cryptographic Misuse of Libraries","author":"Das Somak","unstructured":"Somak Das, Vineet Gopal, Kevin King, and Amruth Venkatraman. 2014. IV= 0 Security: Cryptographic Misuse of Libraries. Massachusetts Institute of Technology."},{"key":"e_1_3_2_1_15_1","first-page":"38A","article-title":"Recommendation for Block Cipher Modes of Operation: Methods and Techniques","volume":"800","author":"Dworkin Morris","year":"2001","unstructured":"Morris Dworkin. 2001. Recommendation for Block Cipher Modes of Operation: Methods and Techniques. NIST Special Publication 800, 38A.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Morris Dworkin. 2004. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality. NIST special publication 800 38C.","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"e_1_3_2_1_17_1","first-page":"38A","article-title":"Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC","volume":"800","author":"Dworkin Morris","year":"2007","unstructured":"Morris Dworkin. 2007. Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC. NIST Special Publication 800, 38A.","journal-title":"NIST Special Publication"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516693"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","unstructured":"Peter Gutmann. 2014. Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). RFC 7366. doi:10.17487\/RFC7366","DOI":"10.17487\/RFC7366"},{"key":"e_1_3_2_1_22_1","first-page":"213","article-title":"Minding Your MAC Algorithms","volume":"9","author":"Handschuh Helena","year":"2004","unstructured":"Helena Handschuh and Bart Preneel. 2004. Minding Your MAC Algorithms. Information Security Bulletin 9, 213\u2013221.","journal-title":"Information Security Bulletin"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/77606.77608"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-44647-8_19"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2104"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","unstructured":"Hugo Krawczyk and Pasi Eronen. 2010. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869. doi:doi:10.17487\/RFC5869","DOI":"10.17487\/RFC5869"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115707"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2948910"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897896"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127005.3127010"},{"key":"e_1_3_2_1_31_1","unstructured":"MITRE. 2006. CWE-321: Use of Hard-coded Cryptographic Key. https:\/\/cwe.mitre.org\/data\/definitions\/321.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_32_1","unstructured":"MITRE. 2006. CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG). https:\/\/cwe.mitre.org\/data\/definitions\/335.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_33_1","unstructured":"MITRE. 2006. CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). https:\/\/cwe.mitre.org\/data\/definitions\/338.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_34_1","unstructured":"MITRE. 2008. CWE-327: Use of a Broken or Risky Cryptographic Algorithm. https:\/\/cwe.mitre.org\/data\/definitions\/327.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_35_1","unstructured":"MITRE. 2009. CWE-760: Use of a One-Way Hash with a Predictable Salt. https:\/\/cwe.mitre.org\/data\/definitions\/760.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_36_1","unstructured":"MITRE. 2013. CWE-916: Use of Password Hash With Insufficient Computational Effort. https:\/\/cwe.mitre.org\/data\/definitions\/916.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_37_1","unstructured":"MITRE. 2021. CWE-1204: Generation of Weak Initialization Vector (IV). https:\/\/cwe.mitre.org\/data\/definitions\/1204.html. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196538"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884790"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT).","author":"Phan Duong Hieu","year":"2004","unstructured":"Duong Hieu Phan and David Pointcheval. 2004. OAEP 3-Round: A Generic and Secure Asymmetric Encryption Padding. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT)."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00010"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-92068-5_4"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345659"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3092368"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA51294.2020.00171"},{"key":"e_1_3_2_1_47_1","unstructured":"ShiftLeft Security. 2020. ShiftLeft Scan. https:\/\/github.com\/ShiftLeftSecurity\/sast-scan. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_48_1","unstructured":"Victor Shoup. 1998. Why Chosen Ciphertext Security Matters."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2023.3301660"},{"key":"e_1_3_2_1_50_1","unstructured":"Tony Trummer. 2015. Introducing QARK: An Open Source Tool to Improve Android Application Security. https:\/\/security.linkedin.com\/content\/security\/global\/en_us\/index\/posts\/2015\/introducing-qark. (Accessed on 1\/1\/2025)."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"crossref","unstructured":"Serge Vaudenay. 2002. Security Flaws Induced by CBC Padding \u2014 Applications to SSL IPSEC WTLS\u2026 In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT).","DOI":"10.1007\/3-540-46035-7_35"},{"key":"e_1_3_2_1_52_1","volume-title":"Research on Cryptographic Misuse Detection for Android Applications Based on Dynamic and Static Combination. In International Conference on Advanced Artificial Intelligence and Applications (AAIA).","author":"Xu Guosheng","year":"2023","unstructured":"Guosheng Xu, Xinyu Wang, Cheng Yu, Haoran Zhao, Yanhui Guo, Jinghong Guo, and Chenyu Wang. 2023. Research on Cryptographic Misuse Detection for Android Applications Based on Dynamic and Static Combination. In International Conference on Advanced Artificial Intelligence and Applications (AAIA)."}],"event":{"name":"ASIA CCS '26: ACM Asia Conference on Computer and Communications Security","location":"Bangalore India","acronym":"ASIA CCS '26","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3779208.3807487","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T15:28:26Z","timestamp":1780586906000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3779208.3807487"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6]]},"references-count":52,"alternative-id":["10.1145\/3779208.3807487","10.1145\/3779208"],"URL":"https:\/\/doi.org\/10.1145\/3779208.3807487","relation":{},"subject":[],"published":{"date-parts":[[2026,6]]},"assertion":[{"value":"2026-06-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}