{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T01:23:24Z","timestamp":1709774604368},"reference-count":44,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. & Syst."],"published-print":{"date-parts":[[2020,2,1]]},"DOI":"10.1587\/transinf.2019inp0011","type":"journal-article","created":{"date-parts":[[2020,1,31]],"date-time":"2020-01-31T22:10:04Z","timestamp":1580508604000},"page":"276-291","source":"Crossref","is-referenced-by-count":3,"title":["Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library"],"prefix":"10.1587","volume":"E103.D","author":[{"given":"Takuya","family":"WATANABE","sequence":"first","affiliation":[{"name":"NTT Secure Platform Laboratories"},{"name":"Waseda University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mitsuaki","family":"AKIYAMA","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fumihiro","family":"KANEI","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eitaro","family":"SHIOJI","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuta","family":"TAKATA","sequence":"additional","affiliation":[{"name":"PwC Cyber Services LLC"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"SUN","sequence":"additional","affiliation":[{"name":"National Institute of Information and Communications Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuta","family":"ISHII","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Toshiki","family":"SHIBAHARA","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takeshi","family":"YAGI","sequence":"additional","affiliation":[{"name":"NTT Security (Japan) KK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tatsuya","family":"MORI","sequence":"additional","affiliation":[{"name":"Waseda University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"crossref","unstructured":"[1] T. Watanabe, M. Akiyama, F. Kanei, E. Shioji, Y. Takata, B. Sun, Y. Ishi, T. Shibahara, T. Yagi, and T. Mori, \u201cUnderstanding the Origins of Mobile App Vulnerabilities: A Large-scale Measurement Study of Free and Paid App,\u201d Proc. of MSR, 2017. 10.1109\/msr.2017.23","DOI":"10.1109\/MSR.2017.23"},{"key":"2","doi-asserted-by":"crossref","unstructured":"[2] H. Wang, Y. Guo, Z. Ma, and X. Chen, \u201cWuKong: A Scalable and Accurate Two-phase Approach to Android App Clone Detection,\u201d Proc. of ISSTA, pp.71-82, 2015. 10.1145\/2771783.2771795","DOI":"10.1145\/2771783.2771795"},{"key":"3","doi-asserted-by":"crossref","unstructured":"[3] K. Chen, X. Wang, Y. Chen, P. Wang, Y. Lee, X. Wang, B. Ma, A. Wang, Y. Zhang, and W. Zou, \u201cFollowing Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS,\u201d the 37th IEEE S&P, 2016. 10.1109\/sp.2016.29","DOI":"10.1109\/SP.2016.29"},{"key":"4","unstructured":"[4] Statista, \u201cStatistics and facts about mobile app usage.\u201d http:\/\/www.statista.com\/topics\/1002\/mobile-app-usage\/."},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] Z. Ma, H. Wang, Y. Guo, and X. Chen, \u201cLibRadar: fast and accurate detection of third-party libraries in Android apps,\u201d Proc. of ICSE, 2016. 10.1145\/2889160.2889178","DOI":"10.1145\/2889160.2889178"},{"key":"6","unstructured":"[6] LibRadar, \u201cLibRadar.\u201d https:\/\/github.com\/pkumza\/LibRadar."},{"key":"7","unstructured":"[7] AppBrain, \u201cAndroid Ad networks.\u201d http:\/\/www.appbrain.com\/stats\/libraries\/ad."},{"key":"8","unstructured":"[8] A. Desnos, \u201cAndroguard.\u201d https:\/\/github.com\/androguard\/androguard."},{"key":"9","unstructured":"[9] \u201cAndroBugs.\u201d https:\/\/github.com\/AndroBugs\/."},{"key":"10","doi-asserted-by":"publisher","unstructured":"[10] N. Viennot, E. Garcia, and J. Nieh, \u201cA Measurement Study of Google Play,\u201d Proc. of SIGMETRICS, 2014. 10.1145\/2637364.2592003","DOI":"10.1145\/2637364.2592003"},{"key":"11","unstructured":"[11] \u201cMallodroid.\u201d https:\/\/github.com\/sfahl\/mallodroid."},{"key":"12","doi-asserted-by":"crossref","unstructured":"[12] S. Fahl, M. Harbach, T. Muders, L. Baumg\u00e4rtner, B. Freisleben, and M. Smith, \u201cWhy Eve and Mallory Love Android: An Analysis of Android SSL (In)Security,\u201d Proc. of CCS, 2012. 10.1145\/2382196.2382205","DOI":"10.1145\/2382196.2382205"},{"key":"13","unstructured":"[13] LinkedIn, \u201cQARK.\u201d https:\/\/github.com\/linkedin\/qark."},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] S. Poeplau, Y. Fratantonio, A. Bianchi, C. Kruegel, and G. Vigna, \u201cExecute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications,\u201d Proc. of NDSS, 2014. 10.14722\/ndss.2014.23328","DOI":"10.14722\/ndss.2014.23328"},{"key":"15","unstructured":"[15] H. Lockheimer, \u201cAndroid and Security.\u201d http:\/\/googlemobile.blogspot.jp\/2012\/02\/android-and-security.html."},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] A. Machiry, R. Tahiliani, and M. Naik, \u201cDynodroid: An Input Generation System for Android Apps,\u201d Proc. of FSE, 2013. 10.1145\/2491411.2491450","DOI":"10.1145\/2491411.2491450"},{"key":"17","unstructured":"[17] \u201cGoogle Play.\u201d https:\/\/play.google.com\/store."},{"key":"18","doi-asserted-by":"publisher","unstructured":"[18] D.R. Lichtenstein and S. Burton, \u201cThe Relationship between Perceived and Objective Price-Quality,\u201d Journal of Marketing Research, vol.26, no.4, pp.429-443, 1989. 10.2307\/3172763","DOI":"10.2307\/3172763"},{"key":"19","unstructured":"[19] G.W. Snedecor and W.G. Cochran, \u201cStatistical methods, 8th edn,\u201d Ames: Iowa State Univ. Press Iowa, 1989."},{"key":"20","doi-asserted-by":"publisher","unstructured":"[20] H. Akoglu, \u201cUser's guide to correlation coefficients,\u201d Turkish journal of emergency medicine, vol.18, no.3, pp.91-93, 2018. 10.1016\/j.tjem.2018.08.001","DOI":"10.1016\/j.tjem.2018.08.001"},{"key":"21","unstructured":"[21] I.J.M. Ruiz, M. Nagappan, B. Adams, T. Berger, S. Dienst, and A. Hassan, \u201cOn ad library updates in Android apps,\u201d IEEE Softw., 2014."},{"key":"22","doi-asserted-by":"crossref","unstructured":"[22] V. Afonso, P. de Geus, A. Bianchi, Y. Fratantonio, C. Kruegel, G. Vigna, A. Doupe, and M. Polino, \u201cGoing Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy Slides,\u201d Proc. of NDSS, 2016.","DOI":"10.14722\/ndss.2016.23384"},{"key":"23","doi-asserted-by":"crossref","unstructured":"[23] L. Li, T.F. Bissyand\u00e9, J. Klein, and Y.L. Traon, \u201cParameter Values of Android APIs: A Preliminary Study on 100,000 Apps,\u201d 23rd IEEE SANER, 2016. 10.1109\/saner.2016.51","DOI":"10.1109\/SANER.2016.51"},{"key":"24","unstructured":"[24] R. Bhoraskar, S. Han, J. Jeon, T. Azim, S. Chen, J. Jung, S. Nath, R. Wang, and D. Wetherall, \u201cBrahmastra: Driving Apps to Test the Security of Third-Party Components,\u201d Proc. of 23th USENIX Security, 2014."},{"key":"25","doi-asserted-by":"crossref","unstructured":"[25] M.C. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi, \u201cUnsafe Exposure Analysis of Mobile In-App Advertisements,\u201d Proc. of WiSec, 2012. 10.1145\/2185448.2185464","DOI":"10.1145\/2185448.2185464"},{"key":"26","unstructured":"[26] R. Stevens, C. Gibler, J. Crussell, J. Erickson, and H. Chen, \u201cInvestigating User Privacy in Android Ad Libraries,\u201d Proc. of MoST, 2012."},{"key":"27","doi-asserted-by":"crossref","unstructured":"[27] B. Andow, A. Nadkarni, B. Bassett, W. Enck, and T. Xie, \u201cA Study of Grayware on Google Play,\u201d Proc. of MoST, 2016.","DOI":"10.1109\/SPW.2016.40"},{"key":"28","doi-asserted-by":"crossref","unstructured":"[28] S. Demetriou, W. Merrill, W. Yang, A. Zhang, and C.A. Gunter, \u201cFree for All! Assessing User Data Exposure to Advertising Libraries on Android,\u201d Proc. of NDSS, 2016.","DOI":"10.14722\/ndss.2016.23082"},{"key":"29","doi-asserted-by":"crossref","unstructured":"[29] M. Backes, S. Bugiel, and E. Derr, \u201cReliable Third-Party Library Detection in Android and its Security Applications,\u201d Proc. of CCS, 2016. 10.1145\/2976749.2978333","DOI":"10.1145\/2976749.2978333"},{"key":"30","doi-asserted-by":"crossref","unstructured":"[30] T. Yasumatsu, T. Watanabe, F. Kanei, E. Shioji, M. Akiyama, and T. Mori, \u201cUnderstanding the Responsiveness of Mobile App Developers to Software Library Updates,\u201d Proc. of CODASPY, 2019. 10.1145\/3292006.3300020","DOI":"10.1145\/3292006.3300020"},{"key":"31","doi-asserted-by":"crossref","unstructured":"[31] E. Derr, S. Bugiel, S. Fahl, Y. Acar, and M. Backes, \u201cKeep me updated: An empirical study of third-party library updatability on Android,\u201d Proc. of CCS, 2017. 10.1145\/3133956.3134059","DOI":"10.1145\/3133956.3134059"},{"key":"32","unstructured":"[32] C.V. Bockhaven, \u201cWeak key cracking of Android applications.\u201d https:\/\/os3.nl\/_media\/2013-2014\/courses\/ot\/cedric_sharon.pdf."},{"key":"33","doi-asserted-by":"crossref","unstructured":"[33] A.P. Felt, H.J. Wang, and A. Moshchuk, \u201cPermission Re-Delegation: Attacks and Defenses,\u201d Proc. of USENIX Security, 2011.","DOI":"10.1145\/3251574"},{"key":"34","doi-asserted-by":"crossref","unstructured":"[34] X. Jin, X. Hu, K. Ying, W. Du, H. Yin, and G.N. Peri, \u201cCode Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation,\u201d Proc. of CCS, 2014. 10.1145\/2660267.2660275","DOI":"10.1145\/2660267.2660275"},{"key":"35","unstructured":"[35] P. Mutchler, A.D.J. Mitchell, C. Kruegel, and G. Vigna, \u201cA Large-Scale Study of Mobile Web App Security,\u201d Proc. of MoST, 2015."},{"key":"36","unstructured":"[36] W. Martin, F. Sarro, Y. Jia, Y. Zhang, and M. Harman, \u201cA survey of app store analysis for software engineering,\u201d tech. rep., University College London, 2016."},{"key":"37","doi-asserted-by":"crossref","unstructured":"[37] S. Chakradeo, B. Reaves, P. Traynor, and W. Enck, \u201cMAST: Triage for Market-scale Mobile Malware Analysis,\u201d Proc. of WiSec, 2013. 10.1145\/2462096.2462100","DOI":"10.1145\/2462096.2462100"},{"key":"38","unstructured":"[38] AppBrain, \u201cFree vs. paid Android apps.\u201d http:\/\/www.appbrain.com\/stats\/free-and-paid-android-applications."},{"key":"39","doi-asserted-by":"crossref","unstructured":"[39] A.P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, \u201cAndroid Permissions Demystified,\u201d Proc. of CCS, 2011. 10.1145\/2046707.2046779","DOI":"10.1145\/2046707.2046779"},{"key":"40","doi-asserted-by":"crossref","unstructured":"[40] S. Hanna, L. Huang, E. Wu, S. Li, C. Chen, and D. Song,\u201cJuxtapp: A Scalable System for Detecting Code Reuse among Android Applications,\u201d Proc. of DIMVA, 2012. 10.1007\/978-3-642-37300-8_4","DOI":"10.1007\/978-3-642-37300-8_4"},{"key":"41","doi-asserted-by":"crossref","unstructured":"[41] B. Fu, J. Lin, L. Li, C. Faloutsos, J. Hong, and N. Sadeh, \u201cWhy People Hate Your App: Making Sense of User Feedback in a Mobile App Store,\u201d Proc. of KDD, 2013. 10.1145\/2487575.2488202","DOI":"10.1145\/2487575.2488202"},{"key":"42","doi-asserted-by":"crossref","unstructured":"[42] R. Garg and R. Telang, \u201cInferring App Demand from Publicly Available Data,\u201d MIS Quarterly, vol.37, no.4, pp.1253-1264, Dec. 2013. 10.25300\/misq\/2013\/37.4.12","DOI":"10.25300\/MISQ\/2013\/37.4.12"},{"key":"43","doi-asserted-by":"crossref","unstructured":"[43] D. Eri\u0107, R. Ba\u010d\u00edk, and I. Fedorko, \u201cRating Decision Analysis Based on iOS App Store Data,\u201d Quality Innovation Prosperity, vol.18, no.2, 2014. 10.12776\/qip.v18i2.337","DOI":"10.12776\/qip.v18i2.337"},{"key":"44","doi-asserted-by":"crossref","unstructured":"[44] S. Seneviratne, H. Kolamunna, and A. Seneviratne, \u201cShort: A Measurement Study of Tracking in Paid Mobile Applications,\u201d Proc. of WiSec, 2015. 10.1145\/2766498.2766523","DOI":"10.1145\/2766498.2766523"}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/2\/E103.D_2019INP0011\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,26]],"date-time":"2023-09-26T00:11:51Z","timestamp":1695687111000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E103.D\/2\/E103.D_2019INP0011\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,1]]},"references-count":44,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2019inp0011","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,1]]}}}