{"id":"https://openalex.org/W4379033774","doi":"https://doi.org/10.1109/tse.2023.3275655","title":"Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem","display_name":"Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem","publication_year":2023,"publication_date":"2023-06-01","ids":{"openalex":"https://openalex.org/W4379033774","doi":"https://doi.org/10.1109/tse.2023.3275655"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2023.3275655","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3275655","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032372397","display_name":"Qinsheng Hou","orcid":"https://orcid.org/0000-0002-1119-4766"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]},{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Qinsheng Hou","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","QI-ANXIN Technology Research Institute, Beijing, China","Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I80143920"]},{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]},{"raw_affiliation_string":"Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080378687","display_name":"Wenrui Diao","orcid":"https://orcid.org/0000-0003-0916-8806"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]},{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Diao","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I80143920"]},{"raw_affiliation_string":"Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101846444","display_name":"Yanhao Wang","orcid":"https://orcid.org/0000-0002-6990-2972"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yanhao Wang","raw_affiliation_strings":["QI-ANXIN Technology Research Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109610544","display_name":"Chenglin Mao","orcid":"https://orcid.org/0009-0002-1938-9506"},"institutions":[{"id":"https://openalex.org/I59028903","display_name":"Ocean University of China","ror":"https://ror.org/04rdtx186","country_code":"CN","type":"education","lineage":["https://openalex.org/I59028903"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chenglin Mao","raw_affiliation_strings":["Ocean University of China, Qingdao, Shandong, China","QI-ANXIN Technology Research Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Ocean University of China, Qingdao, Shandong, China","institution_ids":["https://openalex.org/I59028903"]},{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100414046","display_name":"Lingyun Ying","orcid":"https://orcid.org/0000-0001-7445-9103"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lingyun Ying","raw_affiliation_strings":["QI-ANXIN Technology Research Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100339617","display_name":"Song Liu","orcid":"https://orcid.org/0009-0004-0571-0893"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Song Liu","raw_affiliation_strings":["Penn State University, State College, PA, USA","QI-ANXIN Technology Research Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Penn State University, State College, PA, USA","institution_ids":["https://openalex.org/I130769515"]},{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100359306","display_name":"Xiaofeng Liu","orcid":"https://orcid.org/0009-0007-6147-7119"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]},{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaofeng Liu","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I80143920"]},{"raw_affiliation_string":"Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101879892","display_name":"Yuanzhi Li","orcid":"https://orcid.org/0009-0004-4418-9308"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuanzhi Li","raw_affiliation_strings":["QI-ANXIN Technology Research Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084460856","display_name":"Shanqing Guo","orcid":"https://orcid.org/0000-0003-3367-0951"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]},{"id":"https://openalex.org/I80143920","display_name":"Shandong University of Science and Technology","ror":"https://ror.org/04gtjhw98","country_code":"CN","type":"education","lineage":["https://openalex.org/I80143920"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanqing Guo","raw_affiliation_strings":["School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I80143920"]},{"raw_affiliation_string":"Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102760462","display_name":"Meining Nie","orcid":"https://orcid.org/0009-0008-1014-4776"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Meining Nie","raw_affiliation_strings":["QI-ANXIN Technology Research Institute, Beijing, China"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute, Beijing, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":11,"corresponding_author_ids":["https://openalex.org/A5032372397"],"corresponding_institution_ids":["https://openalex.org/I154099455","https://openalex.org/I80143920"],"apc_list":null,"apc_paid":null,"fwci":1.5848,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.8383757,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":98},"biblio":{"volume":"49","issue":"7","first_page":"3901","last_page":"3921"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.991100013256073,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9444742202758789},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7711589336395264},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7481715679168701},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4671826660633087},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4139145612716675},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.40935224294662476},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3611733019351959}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9444742202758789},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7711589336395264},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7481715679168701},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4671826660633087},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4139145612716675},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40935224294662476},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3611733019351959}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2023.3275655","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3275655","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1738542756","display_name":null,"funder_award_id":"ZR2021LZH007","funder_id":"https://openalex.org/F4320324174","funder_display_name":"Natural Science Foundation of Shandong Province"},{"id":"https://openalex.org/G2109022667","display_name":null,"funder_award_id":"92064008","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2824800931","display_name":null,"funder_award_id":"ZR2020MF055","funder_id":"https://openalex.org/F4320324174","funder_display_name":"Natural Science Foundation of Shandong Province"},{"id":"https://openalex.org/G4335080537","display_name":null,"funder_award_id":"ZR2020QF045","funder_id":"https://openalex.org/F4320324174","funder_display_name":"Natural Science Foundation of Shandong Province"},{"id":"https://openalex.org/G4601513581","display_name":null,"funder_award_id":"62002203","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7158616036","display_name":null,"funder_award_id":"ZR2020LZH002","funder_id":"https://openalex.org/F4320324174","funder_display_name":"Natural Science Foundation of Shandong Province"},{"id":"https://openalex.org/G7408156761","display_name":null,"funder_award_id":"61902148","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320324174","display_name":"Natural Science Foundation of Shandong Province","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W2008345765","https://openalex.org/W2008810193","https://openalex.org/W2010395842","https://openalex.org/W2012813306","https://openalex.org/W2127671294","https://openalex.org/W2398484989","https://openalex.org/W2487596118","https://openalex.org/W2728439475","https://openalex.org/W2797009188","https://openalex.org/W2889143459","https://openalex.org/W2946530307","https://openalex.org/W2985320478","https://openalex.org/W3018180091","https://openalex.org/W3153221864","https://openalex.org/W3154462492","https://openalex.org/W4229059453","https://openalex.org/W4283398224","https://openalex.org/W4284677821","https://openalex.org/W6712745783","https://openalex.org/W6722671745","https://openalex.org/W6754222335","https://openalex.org/W6762898672","https://openalex.org/W6776510913","https://openalex.org/W6794314717"],"related_works":["https://openalex.org/W2582981600","https://openalex.org/W4389238932","https://openalex.org/W4387467152","https://openalex.org/W3010413952","https://openalex.org/W4253989935","https://openalex.org/W4379115910","https://openalex.org/W4287635472","https://openalex.org/W2354251310","https://openalex.org/W3082045140","https://openalex.org/W1565885216"],"abstract_inverted_index":{"Android":[0,24,44,68,96,120,143,216,304],"is":[1,14,126,140],"the":[2,23,36,39,53,64,73,87,101,119,141,171,207,240,255,267,303],"most":[3,71],"popular":[4],"smartphone":[5],"platform":[6],"with":[7,31,307],"over":[8],"85%":[9],"market":[10],"share.":[11],"Its":[12],"success":[13],"built":[15],"on":[16,77,105,128],"openness,":[17],"and":[18,41,100,135,166,190,197,210,221,238,264],"phone":[19],"vendors":[20,134],"can":[21,271],"utilize":[22],"source":[25],"code":[26],"to":[27,62,182,249],"make":[28],"customized":[29,67],"products":[30],"unique":[32],"software/hardware":[33],"features.":[34],"On":[35],"other":[37],"hand,":[38],"fragmentation":[40],"customization":[42],"of":[43,55,66,72,86,95,118,158,223,230,289,302,311],"also":[45,253],"bring":[46],"many":[47],"security":[48,65,99,149,164,259,269,314],"risks":[49],"that":[50,266],"have":[51,243,291],"attracted":[52],"attention":[54],"researchers.":[56],"Many":[57],"efforts":[58],"were":[59],"put":[60],"in":[61,215],"investigate":[63],"firmware.":[69,88],"However,":[70],"previous":[74],"works":[75],"focus":[76],"designing":[78],"efficient":[79],"analysis":[80,172,196],"tools":[81],"or":[82],"analyzing":[83],"particular":[84],"aspects":[85],"There":[89,277],"still":[90,233],"lacks":[91],"a":[92,114,156,176,308],"panoramic":[93],"view":[94],"firmware":[97,107,121,130,144,184,186,217,305],"ecosystem":[98,122,306],"corresponding":[102,241],"understandings":[103],"based":[104,127],"large-scale":[106,115],"datasets.":[108],"In":[109,151,247],"this":[110],"work,":[111],"we":[112,174,252],"made":[113],"comprehensive":[116],"measurement":[117],"security.":[123],"Our":[124],"study":[125,154,297],"8,325":[129],"images":[131,229],"from":[132],"153":[133],"813":[136],"Android-related":[137],"CVEs,":[138],"which":[139,290],"largest":[142],"dataset":[145],"ever":[146],"used":[147],"for":[148],"measurements.":[150],"particular,":[152],"our":[153],"followed":[155],"series":[157],"research":[159],"questions,":[160],"covering":[161],"vulnerabilities,":[162],"patches,":[163],"updates,":[165],"pre-installed":[167,236],"apps.":[168],"To":[169],"automate":[170],"process,":[173],"designed":[175],"framework,":[177],"<sc":[178,284],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[179,285],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">AndScanner+</small>":[180,286],",":[181,287],"complete":[183],"crawling,":[185],"parsing,":[187],"patch":[188,208],"analysis,":[189],"app":[191],"analysis.":[192],"Through":[193],"massive":[194],"data":[195,250],"case":[198,262],"explorations,":[199],"several":[200,231],"interesting":[201],"findings":[202],"are":[203,213,278],"obtained.":[204],"For":[205],"example,":[206],"delay":[209],"missing":[211],"issues":[212],"widespread":[214],"images,":[218,225],"say":[219],"31.4%":[220],"5.6%":[222],"all":[224],"respectively.":[226],"The":[227],"latest":[228],"phones":[232],"contain":[234],"vulnerable":[235],"apps,":[237],"even":[239],"vulnerabilities":[242,281],"been":[244,292],"publicly":[245],"disclosed.":[246],"addition":[248],"measurements,":[251],"explore":[254],"causes":[256],"behind":[257],"these":[258],"threats":[260,270],"through":[261],"studies":[263],"demonstrate":[265],"discovered":[268],"be":[272],"converted":[273],"into":[274],"exploitable":[275],"vulnerabilities.":[276],"46":[279],"new":[280,300],"found":[282],"by":[283],"36":[288],"assigned":[293],"CVE/CNVD":[294],"IDs.":[295],"This":[296],"provides":[298],"much":[299],"knowledge":[301],"deep":[309],"understanding":[310],"software":[312],"engineering":[313],"practices.":[315]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}