{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:12:47Z","timestamp":1769875967978,"version":"3.49.0"},"reference-count":19,"publisher":"Wiley","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Mobile Information Systems"],"published-print":{"date-parts":[[2018]]},"abstract":"<jats:p>Mobile devices are widely spread all over the world, and Android is the most popular operative system in use. According to Kaspersky Lab\u2019s threat statistic (June 2017), many users are tempted to root their mobile devices to get an unrestricted access to the file system, to install different versions of the operating system, to improve performance, and so on. The result is that unintended data leakage flaws may exist. In this paper, we (i) analyze the security issues of several applications considered relevant in terms of handling user sensitive information, for example, financial, social, and communication applications, showing that 51.6% of the tested applications suffer at least of an issue and (ii) show how an attacker might retrieve a user access token stored inside the device thus exposing users to a possible identity violation. Notice that such a token, and a number of other sensitive information, can be stolen by malicious users through a man-in-the-middle (MITM) attack.<\/jats:p>","DOI":"10.1155\/2018\/6020461","type":"journal-article","created":{"date-parts":[[2018,2,1]],"date-time":"2018-02-01T18:38:21Z","timestamp":1517510301000},"page":"1-9","source":"Crossref","is-referenced-by-count":10,"title":["The Dangers of Rooting: Data Leakage Detection in Android Applications"],"prefix":"10.1155","volume":"2018","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8469-9434","authenticated-orcid":true,"given":"Luca","family":"Casati","sequence":"first","affiliation":[{"name":"Department of Computer Science, Universit\u00e0 degli Studi di Milano, Via Comelico 39\/41, 20135 Milano, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5689-8575","authenticated-orcid":true,"given":"Andrea","family":"Visconti","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Universit\u00e0 degli Studi di Milano, Via Comelico 39\/41, 20135 Milano, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/983901"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/7397812"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/6804379"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/623436"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1145\/2637364.2592003"},{"key":"13","first-page":"311","volume-title":"A practical analysis of smartphone security","year":"2011"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/2057260"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/369489"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2014.2386139"},{"key":"21","first-page":"421","volume-title":"Limits of static analysis for malware detection","year":"December 2007"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.48"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1155\/2016\/8034967"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1145\/2544173.2509549"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2017.2656460"},{"issue":"4","key":"36","first-page":"86","volume":"6","year":"2015","journal-title":"Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications"},{"key":"39","doi-asserted-by":"publisher","DOI":"10.1109\/msp.2009.144"},{"key":"45","year":"2012"},{"key":"47","year":"2017"}],"container-title":["Mobile Information Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2018\/6020461.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2018\/6020461.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/misy\/2018\/6020461.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,2,1]],"date-time":"2018-02-01T18:38:22Z","timestamp":1517510302000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/misy\/2018\/6020461\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":19,"alternative-id":["6020461","6020461"],"URL":"https:\/\/doi.org\/10.1155\/2018\/6020461","relation":{},"ISSN":["1574-017X","1875-905X"],"issn-type":[{"value":"1574-017X","type":"print"},{"value":"1875-905X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}