{"id":"https://openalex.org/W2012921353","doi":"https://doi.org/10.1145/2660267.2660323","title":"OAuth Demystified for Mobile Application Developers","display_name":"OAuth Demystified for Mobile Application Developers","publication_year":2014,"publication_date":"2014-11-03","ids":{"openalex":"https://openalex.org/W2012921353","doi":"https://doi.org/10.1145/2660267.2660323","mag":"2012921353"},"language":"en","primary_location":{"id":"doi:10.1145/2660267.2660323","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2660267.2660323","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100731451","display_name":"Eric Chen","orcid":"https://orcid.org/0000-0002-5247-3593"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Eric Y. Chen","raw_affiliation_strings":["Carnegie Mellon University, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Mountain View, CA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063801278","display_name":"Yutong Pei","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yutong Pei","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA","Carnegie-Mellon University, Pittsburgh, Pa., USA#TAB#"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie-Mellon University, Pittsburgh, Pa., USA#TAB#","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115861810","display_name":"Shuo Chen","orcid":"https://orcid.org/0009-0007-7103-6077"},"institutions":[{"id":"https://openalex.org/I1290206253","display_name":"Microsoft (United States)","ror":"https://ror.org/00d0nc645","country_code":"US","type":"company","lineage":["https://openalex.org/I1290206253"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shuo Chen","raw_affiliation_strings":["Microsoft Research, Redmond, WA, USA"],"affiliations":[{"raw_affiliation_string":"Microsoft Research, Redmond, WA, USA","institution_ids":["https://openalex.org/I1290206253"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100716458","display_name":"Yuan Tian","orcid":"https://orcid.org/0000-0002-6435-564X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yuan Tian","raw_affiliation_strings":["Carnegie Mellon University, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Mountain View, CA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018717236","display_name":"Robert Kotcher","orcid":null},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Robert Kotcher","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA","Carnegie-Mellon University, Pittsburgh, Pa., USA#TAB#"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]},{"raw_affiliation_string":"Carnegie-Mellon University, Pittsburgh, Pa., USA#TAB#","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033964933","display_name":"Patrick Tague","orcid":"https://orcid.org/0000-0002-7561-6112"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Patrick Tague","raw_affiliation_strings":["Carnegie Mellon University, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Mountain View, CA, USA","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100731451"],"corresponding_institution_ids":["https://openalex.org/I74973139"],"apc_list":null,"apc_paid":null,"fwci":11.482,"has_fulltext":false,"cited_by_count":126,"citation_normalized_percentile":{"value":0.98979301,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"892","last_page":"903"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.696408748626709},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.6258289813995361},{"id":"https://openalex.org/keywords/documentation","display_name":"Documentation","score":0.572303831577301},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5506795644760132},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5446429252624512},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.49730685353279114},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.451199471950531},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.425005704164505},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.41908854246139526},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.41240280866622925},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.2967272996902466},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09795862436294556}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.696408748626709},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.6258289813995361},{"id":"https://openalex.org/C56666940","wikidata":"https://www.wikidata.org/wiki/Q788790","display_name":"Documentation","level":2,"score":0.572303831577301},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5506795644760132},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5446429252624512},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.49730685353279114},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.451199471950531},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.425005704164505},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.41908854246139526},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.41240280866622925},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.2967272996902466},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09795862436294556},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/2660267.2660323","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2660267.2660323","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.667.1537","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.667.1537","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://wnss.sv.cmu.edu/papers/ccs-14.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W174528657","https://openalex.org/W187285683","https://openalex.org/W1680232729","https://openalex.org/W1912565424","https://openalex.org/W1988036170","https://openalex.org/W1994588724","https://openalex.org/W2058664481","https://openalex.org/W2087804676","https://openalex.org/W2089775132","https://openalex.org/W2092919558","https://openalex.org/W2115962125","https://openalex.org/W2119249378","https://openalex.org/W2121845793","https://openalex.org/W2123437505","https://openalex.org/W2126123233","https://openalex.org/W2133723082","https://openalex.org/W2139321017","https://openalex.org/W2145994642","https://openalex.org/W2153497135","https://openalex.org/W2167661907","https://openalex.org/W2339038263","https://openalex.org/W2339808346","https://openalex.org/W2398484989","https://openalex.org/W2399231848","https://openalex.org/W2913502225"],"related_works":["https://openalex.org/W2618286804","https://openalex.org/W2329643025","https://openalex.org/W2002770077","https://openalex.org/W3131163342","https://openalex.org/W2092256833","https://openalex.org/W2142369114","https://openalex.org/W2120447654","https://openalex.org/W2977179488","https://openalex.org/W2361728394","https://openalex.org/W10199086"],"abstract_inverted_index":{"OAuth":[0,63,71,99,116,186,256],"has":[1,42],"become":[2],"a":[3,133],"highly":[4],"influential":[5],"protocol":[6,22,41,117,187],"due":[7],"to":[8,72,78,92,97,121,208,223,248],"its":[9],"swift":[10],"and":[11,46,59,90,149,173,235],"wide":[12],"adoption":[13],"in":[14,76,152,184,258],"the":[15,21,27,37,40,49,73,79,115,147,160,177,181,226,233,245],"industry.":[16],"The":[17,154],"initial":[18],"objective":[19],"of":[20,107,114,135,167,225],"was":[23],"specific:":[24],"it":[25,87],"serves":[26],"authorization":[28,150],"needs":[29],"for":[30,64,100,129,198,255],"websites.":[31],"What":[32],"motivates":[33],"our":[34],"work":[35,105],"is":[36,88,156],"realization":[38],"that":[39,86,119,141,163,189],"been":[43,221],"significantly":[44],"re-purposed":[45,62],"re-targeted":[47,70],"over":[48,136],"years:":[50],"(1)":[51,110],"all":[52],"major":[53],"identity":[54],"providers,":[55],"e.g.,":[56],"Facebook,":[57],"Google":[58],"Microsoft,":[60],"have":[61,69,220,237],"user":[65],"authentication;":[66],"(2)":[67,132],"developers":[68,145],"mobile":[74,101,130,139,199,259],"platforms,":[75],"addition":[77],"traditional":[80],"web":[81],"platform.":[82],"Therefore,":[83],"we":[84,179],"believe":[85],"necessary":[89],"timely":[91],"conduct":[93],"an":[94,111],"in-depth":[95],"study":[96,113],"demystify":[98],"application":[102,200],"developers.":[103,201],"Our":[104,218],"consists":[106],"two":[108],"pillars:":[109],"in-house":[112],"documentation":[118],"aims":[120],"identify":[122],"what":[123],"might":[124],"be":[125],"ambiguous":[126],"or":[127,196],"unspecified":[128,197],"developers;":[131],"field-study":[134],"600":[137],"popular":[138],"applications":[140,162],"highlights":[142],"how":[143,211],"well":[144],"fulfill":[146],"authentication":[148],"goals":[151],"practice.":[153],"result":[155],"really":[157],"worrisome:":[158],"among":[159],"149":[161],"use":[164],"OAuth,":[165],"89":[166],"them":[168],"(59.7%)":[169],"were":[170],"incorrectly":[171],"implemented":[172],"thus":[174],"vulnerable.":[175],"In":[176],"paper,":[178],"pinpoint":[180],"key":[182],"portions":[183],"each":[185],"flow":[188],"are":[190,194],"security":[191],"critical,":[192],"but":[193],"confusing":[195],"We":[202,240],"then":[203],"show":[204],"several":[205],"representative":[206],"cases":[207],"concretely":[209],"explain":[210],"real":[212],"implementations":[213],"fell":[214],"into":[215],"these":[216],"pitfalls.":[217],"findings":[219],"communicated":[222],"vendors":[224,230],"vulnerable":[227],"applications.":[228,260],"Most":[229],"positively":[231],"confirmed":[232],"issues,":[234],"some":[236],"applied":[238],"fixes.":[239],"summarize":[241],"lessons":[242],"learned":[243],"from":[244],"study,":[246],"hoping":[247],"provoke":[249],"further":[250],"thoughts":[251],"about":[252],"clear":[253],"guidelines":[254],"usage":[257]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":10},{"year":2022,"cited_by_count":11},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":12},{"year":2019,"cited_by_count":18},{"year":2018,"cited_by_count":18},{"year":2017,"cited_by_count":13},{"year":2016,"cited_by_count":20},{"year":2015,"cited_by_count":6}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}