{"id":"https://openalex.org/W4401326184","doi":"https://doi.org/10.1109/access.2024.3439095","title":"\u201cYou Received $100,000 From Johnny\u201d: A Mixed-Methods Study on Push Notification Security and Privacy in Android Apps","display_name":"\u201cYou Received $100,000 From Johnny\u201d: A Mixed-Methods Study on Push Notification Security and Privacy in Android Apps","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4401326184","doi":"https://doi.org/10.1109/access.2024.3439095"},"language":"en","primary_location":{"id":"doi:10.1109/access.2024.3439095","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3439095","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2024.3439095","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074231343","display_name":"Thomas Neteler","orcid":"https://orcid.org/0009-0006-1304-5496"},"institutions":[{"id":"https://openalex.org/I155417937","display_name":"Hochschule Bonn-Rhein-Sieg","ror":"https://ror.org/04m2anh63","country_code":"DE","type":"education","lineage":["https://openalex.org/I155417937"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Thomas Neteler","raw_affiliation_strings":["Department of Computer Science, H-BRS University of Applied Sciences, Sankt Augustin, Germany"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, H-BRS University of Applied Sciences, Sankt Augustin, Germany","institution_ids":["https://openalex.org/I155417937"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087356408","display_name":"Sascha Fahl","orcid":"https://orcid.org/0000-0002-5644-3316"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Sascha Fahl","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Hannover, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Hannover, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037591969","display_name":"Luigi Lo Iacono","orcid":"https://orcid.org/0000-0002-7863-0622"},"institutions":[{"id":"https://openalex.org/I155417937","display_name":"Hochschule Bonn-Rhein-Sieg","ror":"https://ror.org/04m2anh63","country_code":"DE","type":"education","lineage":["https://openalex.org/I155417937"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Luigi Lo Iacono","raw_affiliation_strings":["Department of Computer Science, H-BRS University of Applied Sciences, Sankt Augustin, Germany"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, H-BRS University of Applied Sciences, Sankt Augustin, Germany","institution_ids":["https://openalex.org/I155417937"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5074231343"],"corresponding_institution_ids":["https://openalex.org/I155417937"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":1.7258,"has_fulltext":true,"cited_by_count":5,"citation_normalized_percentile":{"value":0.84922359,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":"12","issue":null,"first_page":"112499","last_page":"112516"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.8252941370010376},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7251068353652954},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.631115734577179},{"id":"https://openalex.org/keywords/push-technology","display_name":"Push technology","score":0.6068302392959595},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.5870006084442139},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5520298480987549},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.5203180313110352},{"id":"https://openalex.org/keywords/service-provider","display_name":"Service provider","score":0.4718706011772156},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.46263641119003296},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.24651703238487244},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.09704479575157166},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08677065372467041}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.8252941370010376},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7251068353652954},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.631115734577179},{"id":"https://openalex.org/C180652500","wikidata":"https://www.wikidata.org/wiki/Q1351910","display_name":"Push technology","level":2,"score":0.6068302392959595},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5870006084442139},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5520298480987549},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.5203180313110352},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.4718706011772156},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.46263641119003296},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.24651703238487244},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.09704479575157166},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08677065372467041},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/access.2024.3439095","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3439095","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:pub.h-brs.de:8547","is_oa":true,"landing_page_url":"https://nbn-resolving.org/urn:nbn:de:hbz:1044-opus-85473","pdf_url":"https://pub.h-brs.de/files/8547/ACCESS-2024-0429000.pdf","source":{"id":"https://openalex.org/S4306400385","display_name":"Publication Server of Bonn-Rhein-Sieg University of Applied Sciences (Bonn-Rhein-Sieg University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I135140700","host_organization_name":"University of Bonn","host_organization_lineage":["https://openalex.org/I135140700"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, vol. 12, pp. 112499-112516, 2024","raw_type":"publishedVersion"},{"id":"pmh:oai:doaj.org/article:d228582c3f624639a797e5f13b86d71e","is_oa":true,"landing_page_url":"https://doaj.org/article/d228582c3f624639a797e5f13b86d71e","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 12, Pp 112499-112516 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2024.3439095","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2024.3439095","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320310700","display_name":"Universit\u00e9 du Luxembourg","ror":"https://ror.org/036x5ad56"},{"id":"https://openalex.org/F4320318280","display_name":"University of the Sciences","ror":"https://ror.org/048gmay44"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W1574447377","https://openalex.org/W2041494023","https://openalex.org/W2103370348","https://openalex.org/W2136954161","https://openalex.org/W2407313496","https://openalex.org/W2486902262","https://openalex.org/W2613084287","https://openalex.org/W2624872182","https://openalex.org/W2754498903","https://openalex.org/W2789721772","https://openalex.org/W2790810446","https://openalex.org/W2885040848","https://openalex.org/W2919545980","https://openalex.org/W2941123418","https://openalex.org/W2962909855","https://openalex.org/W2985320478","https://openalex.org/W3175154504","https://openalex.org/W3200228457","https://openalex.org/W4388857107","https://openalex.org/W4389279168","https://openalex.org/W6600258330","https://openalex.org/W6685813549","https://openalex.org/W6718503590","https://openalex.org/W6725102075","https://openalex.org/W6740860825","https://openalex.org/W6742505940","https://openalex.org/W6754143661","https://openalex.org/W6761397198","https://openalex.org/W6764197484","https://openalex.org/W6765719986","https://openalex.org/W6766617105","https://openalex.org/W6773232087","https://openalex.org/W6775903401","https://openalex.org/W6780537732","https://openalex.org/W6803024684","https://openalex.org/W6803352657","https://openalex.org/W6809490188","https://openalex.org/W6840962640","https://openalex.org/W6854990427"],"related_works":["https://openalex.org/W4244478748","https://openalex.org/W3150465815","https://openalex.org/W4223488648","https://openalex.org/W2134969820","https://openalex.org/W2251605416","https://openalex.org/W1997222214","https://openalex.org/W2560439919","https://openalex.org/W2534646665","https://openalex.org/W4206288040","https://openalex.org/W4390923428"],"abstract_inverted_index":{"Push":[0],"notifications":[1,228],"are":[2],"widely":[3],"used":[4],"in":[5,99,126,204,229,234],"Android":[6,37,100,113],"apps":[7,114,163,175],"to":[8,36,52,70,77,118,150,184],"show":[9],"users":[10],"timely":[11],"and":[12,86,97,111,145,191,193,240,245],"potentially":[13],"sensitive":[14,185],"information":[15],"outside":[16],"the":[17,28,59,79,127,142,152,161,171,195,221],"apps\u2019":[18],"regular":[19],"user":[20],"interface.":[21],"Google\u2019s":[22],"Firebase":[23],"Cloud":[24],"Messaging":[25],"(FCM)":[26],"is":[27],"default":[29],"service":[30,62],"for":[31],"sending":[32],"push":[33,60,93,123,165,180,227],"notification":[34,61,94,124],"messages":[35],"devices.":[38],"While":[39],"it":[40,46],"does":[41,47],"provide":[42],"transport":[43],"layer":[44],"security,":[45],"not":[48,177],"offer":[49],"message":[50,74,95],"protection":[51,75,198,225],"prevent":[53],"access":[54,183],"or":[55,64,211],"detect":[56],"modifications":[57],"by":[58],"provider":[63],"other":[65],"entities-in-the-middle.":[66],"App":[67],"developers":[68,148],"need":[69],"implement":[71],"their":[72,179],"own":[73],"schemes":[76],"protect":[78,151,178],"content":[80,144],"from":[81,115],"such":[82],"threats.":[83],"We":[84,102,154],"present":[85],"discuss":[87],"an":[88,120,130],"in-depth":[89,131,172],"mixed-methods":[90],"study":[91],"of":[92,108,122,134,160,170,197,223,226],"security":[96,190,236],"privacy":[98,192],"apps.":[101],"statically":[103],"analyze":[104],"a":[105,200],"representative":[106],"set":[107],"100,000":[109],"up-to-date":[110],"popular":[112],"Google":[116],"Play":[117],"get":[119],"overview":[121],"usage":[125],"wild.":[128],"In":[129],"follow-up":[132],"analysis":[133],"60":[135],"apps,":[136],"we":[137],"gain":[138],"detailed":[139],"insights":[140,219],"into":[141,220],"leaked":[143],"what":[146],"some":[147],"do":[149,176],"messages.":[153],"find":[155],"that":[156,187,243],"(a)":[157],"about":[158,168],"half":[159,169],"analyzed":[162,173],"use":[164,222],"notifications,":[166,181],"(b)":[167],"messaging":[174],"allowing":[182],"data":[186],"jeopardizes":[188],"users\u2019":[189],"(c)":[194],"means":[196],"lack":[199],"standardized":[201],"approach,":[202],"manifesting":[203],"various":[205],"developer-defined":[206],"encryption":[207],"schemes,":[208],"custom":[209],"protocols,":[210],"out-of-band":[212],"communication":[213],"methods.":[214],"Our":[215],"research":[216],"provides":[217],"initial":[218],"end-to-end":[224],"practice.":[230],"It":[231],"highlights":[232],"gaps":[233],"developer-centric":[235],"regarding":[237],"appropriate":[238],"technologies":[239],"supporting":[241],"measures":[242],"researchers":[244],"platform":[246],"providers":[247],"should":[248],"address.":[249]},"counts_by_year":[{"year":2025,"cited_by_count":5}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}