{"id":"https://openalex.org/W3085238546","doi":"https://doi.org/10.1007/s10664-020-09879-8","title":"Security analysis of permission re-delegation vulnerabilities in Android apps","display_name":"Security analysis of permission re-delegation vulnerabilities in Android apps","publication_year":2020,"publication_date":"2020-09-15","ids":{"openalex":"https://openalex.org/W3085238546","doi":"https://doi.org/10.1007/s10664-020-09879-8","mag":"3085238546"},"language":"en","primary_location":{"id":"doi:10.1007/s10664-020-09879-8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10664-020-09879-8","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10664-020-09879-8.pdf","source":{"id":"https://openalex.org/S109852484","display_name":"Empirical Software Engineering","issn_l":"1382-3256","issn":["1382-3256","1573-7616"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Empirical Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s10664-020-09879-8.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035418890","display_name":"Biniam Fisseha Demissie","orcid":null},"institutions":[{"id":"https://openalex.org/I2277624104","display_name":"Fondazione Bruno Kessler","ror":"https://ror.org/01j33xk10","country_code":"IT","type":"facility","lineage":["https://openalex.org/I2277624104"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Biniam Fisseha Demissie","raw_affiliation_strings":["Fondazione Bruno Kessler, Trento, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Fondazione Bruno Kessler, Trento, Italy","institution_ids":["https://openalex.org/I2277624104"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019508589","display_name":"Mariano Ceccato","orcid":"https://orcid.org/0000-0001-7325-0316"},"institutions":[{"id":"https://openalex.org/I119439378","display_name":"University of Verona","ror":"https://ror.org/039bp8j42","country_code":"IT","type":"education","lineage":["https://openalex.org/I119439378"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Mariano Ceccato","raw_affiliation_strings":["University of Verona, Verona, Italy"],"raw_orcid":"https://orcid.org/0000-0001-7325-0316","affiliations":[{"raw_affiliation_string":"University of Verona, Verona, Italy","institution_ids":["https://openalex.org/I119439378"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029828965","display_name":"Lwin Khin Shar","orcid":"https://orcid.org/0000-0001-5130-0407"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Lwin Khin Shar","raw_affiliation_strings":["School of Information Systems, Singapore Management University, Singapore, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Information Systems, Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5019508589"],"corresponding_institution_ids":["https://openalex.org/I119439378"],"apc_list":{"value":2290,"currency":"EUR","value_usd":2890},"apc_paid":{"value":2290,"currency":"EUR","value_usd":2890},"fwci":3.7986,"has_fulltext":true,"cited_by_count":34,"citation_normalized_percentile":{"value":0.94297645,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":"25","issue":"6","first_page":"5084","last_page":"5136"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.874356746673584},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7391889691352844},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7159585952758789},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.617302417755127},{"id":"https://openalex.org/keywords/delegation","display_name":"Delegation","score":0.6076545119285583},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.5850487947463989},{"id":"https://openalex.org/keywords/covert","display_name":"Covert","score":0.5772952437400818},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.5157073140144348},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1832731068134308}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.874356746673584},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7391889691352844},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7159585952758789},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.617302417755127},{"id":"https://openalex.org/C86532276","wikidata":"https://www.wikidata.org/wiki/Q1184065","display_name":"Delegation","level":2,"score":0.6076545119285583},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.5850487947463989},{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.5772952437400818},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.5157073140144348},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1832731068134308},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1007/s10664-020-09879-8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10664-020-09879-8","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10664-020-09879-8.pdf","source":{"id":"https://openalex.org/S109852484","display_name":"Empirical Software Engineering","issn_l":"1382-3256","issn":["1382-3256","1573-7616"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Empirical Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-6881","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=6881&context=sis_research","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1007/s10664-020-09879-8","raw_type":"Journal Article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-8136","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/7133","pdf_url":null,"source":{"id":"https://openalex.org/S4377196871","display_name":"Institutional Knowledge (InK) - Institutional Knowledge at Singapore Management University (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1007/s10664-020-09879-8","raw_type":"Journal Article"},{"id":"pmh:oai:figshare.com:article/14236268","is_oa":true,"landing_page_url":"https://figshare.com/articles/journal_contribution/Security_analysis_of_permission_re-delegation_vulnerabilities_in_Android_apps/14236268","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-nc-nd","license_id":"https://openalex.org/licenses/cc-by-nc-nd","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.1007/s10664-020-09879-8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s10664-020-09879-8","pdf_url":"https://link.springer.com/content/pdf/10.1007/s10664-020-09879-8.pdf","source":{"id":"https://openalex.org/S109852484","display_name":"Empirical Software Engineering","issn_l":"1382-3256","issn":["1382-3256","1573-7616"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Empirical Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Reduced inequalities","score":0.4699999988079071,"id":"https://metadata.un.org/sdg/10"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320322724","display_name":"Ministry of Education, India","ror":"https://ror.org/048xjjh50"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3085238546.pdf","grobid_xml":"https://content.openalex.org/works/W3085238546.grobid-xml"},"referenced_works_count":66,"referenced_works":["https://openalex.org/W81879861","https://openalex.org/W179367048","https://openalex.org/W1570448133","https://openalex.org/W1630356589","https://openalex.org/W1659842140","https://openalex.org/W1880262756","https://openalex.org/W1912565424","https://openalex.org/W1971650562","https://openalex.org/W1972796262","https://openalex.org/W1984792096","https://openalex.org/W1986480799","https://openalex.org/W1988036170","https://openalex.org/W1994588724","https://openalex.org/W2004921952","https://openalex.org/W2014011458","https://openalex.org/W2017025011","https://openalex.org/W2018017297","https://openalex.org/W2018956134","https://openalex.org/W2027538101","https://openalex.org/W2041470132","https://openalex.org/W2047650489","https://openalex.org/W2049633694","https://openalex.org/W2053120737","https://openalex.org/W2055703785","https://openalex.org/W2059610428","https://openalex.org/W2061227290","https://openalex.org/W2071536101","https://openalex.org/W2077202047","https://openalex.org/W2080573945","https://openalex.org/W2083755826","https://openalex.org/W2088749975","https://openalex.org/W2113115074","https://openalex.org/W2113867182","https://openalex.org/W2120952569","https://openalex.org/W2133990480","https://openalex.org/W2137130182","https://openalex.org/W2140095007","https://openalex.org/W2158963586","https://openalex.org/W2166743230","https://openalex.org/W2168649891","https://openalex.org/W2398484989","https://openalex.org/W2399034518","https://openalex.org/W2400269587","https://openalex.org/W2463553622","https://openalex.org/W2466388701","https://openalex.org/W2480338763","https://openalex.org/W2522291077","https://openalex.org/W2532717356","https://openalex.org/W2558898614","https://openalex.org/W2600871181","https://openalex.org/W2604850004","https://openalex.org/W2607336868","https://openalex.org/W2618025997","https://openalex.org/W2618126787","https://openalex.org/W2619760961","https://openalex.org/W2750660666","https://openalex.org/W2787694176","https://openalex.org/W2883454930","https://openalex.org/W2945945312","https://openalex.org/W3102559360","https://openalex.org/W3105911370","https://openalex.org/W3140570045","https://openalex.org/W4239799938","https://openalex.org/W4245027182","https://openalex.org/W4248080234","https://openalex.org/W4251541794"],"related_works":["https://openalex.org/W2056388267","https://openalex.org/W2249350383","https://openalex.org/W3003485427","https://openalex.org/W2755037920","https://openalex.org/W2362476748","https://openalex.org/W4210309948","https://openalex.org/W2072937473","https://openalex.org/W3211901564","https://openalex.org/W2786416059","https://openalex.org/W609672658"],"abstract_inverted_index":{"Abstract":[0],"The":[1],"Android":[2,95],"platform":[3],"facilitates":[4],"reuse":[5],"of":[6,28,34,63,73,90,104,118,136,161,186,237],"app":[7,12,19,144,257],"functionalities":[8],"by":[9,249],"allowing":[10],"an":[11,15,143],"to":[13,42,54,176,254],"request":[14],"action":[16],"from":[17,158],"another":[18],"through":[20],"inter-process":[21],"communication":[22],"mechanism.":[23],"This":[24],"feature":[25,53],"is":[26,169],"one":[27,236],"the":[29,32,43,70,137,140,159,162,170,178,182,255],"reasons":[30],"for":[31,87,127],"popularity":[33],"Android,":[35],"but":[36],"it":[37,151,164,172],"also":[38,207],"poses":[39],"security":[40],"risks":[41],"end":[44],"users":[45],"because":[46],"malicious,":[47],"unprivileged":[48],"apps":[49,57,108,138,193,232],"could":[50],"exploit":[51],"this":[52,66],"make":[55],"privileged":[56,59],"perform":[58],"actions":[60],"on":[61,113,190,222],"behalf":[62],"them.":[64],"In":[65],"paper,":[67],"we":[68],"investigate":[69],"hybrid":[71],"use":[72],"program":[74],"analysis,":[75],"genetic":[76],"algorithm":[77],"based":[78,112,189,221],"test":[79,174],"generation,":[80],"natural":[81],"language":[82],"processing,":[83],"machine":[84],"learning":[85],"techniques":[86],"precise":[88],"detection":[89,184],"permission":[91,124,133,153],"re-delegation":[92,125,134,154],"vulnerabilities":[93],"in":[94,116,139],"apps.":[96,197,226],"Our":[97,198,227],"approach":[98,148,188,199,210,228,251],"first":[99],"groups":[100],"a":[101],"large":[102],"set":[103],"benign":[105],"and":[106,194,203,218,239],"non-vulnerable":[107],"into":[109],"different":[110],"clusters,":[111],"their":[114],"similarities":[115],"terms":[117],"functional":[119],"descriptions.":[120],"It":[121],"then":[122],"generates":[123,173],"model":[126,160],"each":[128],"cluster,":[129],"which":[130],"characterizes":[131],"common":[132],"behaviors":[135,155],"cluster.":[141],"Given":[142],"under":[145],"test,":[146],"our":[147,187,209,250],"checks":[149],"whether":[150],"has":[152],"that":[156,168],"deviate":[157],"cluster":[163],"belongs":[165],"to.":[166],"If":[167],"case,":[171],"cases":[175],"detect":[177,243],"vulnerabilities.":[179],"We":[180,206],"evaluated":[181],"vulnerability":[183],"capability":[185],"1,258":[191],"official":[192],"20":[195],"mutated":[196],"achieved":[200],"81.8%":[201],"recall":[202],"100%":[204],"precision.":[205],"compared":[208],"with":[211],"two":[212],"static":[213],"analysis-based":[214],"approaches":[215],"\u2014":[216,220],"Covert":[217,234],"IccTA":[219,240],"595":[223],"open":[224],"source":[225],"detected":[229,235],"30":[230],"vulnerable":[231],"whereas":[233],"them":[238],"did":[241],"not":[242],"any.":[244],"Executable":[245],"proof-of-concept":[246],"attacks":[247],"generated":[248],"were":[252],"reported":[253],"corresponding":[256],"developers.":[258]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":9},{"year":2022,"cited_by_count":10},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}