{"id":"https://openalex.org/W2734542274","doi":"https://doi.org/10.1145/3092703.3092708","title":"Semi-automated discovery of server-based information oversharing vulnerabilities in Android applications","display_name":"Semi-automated discovery of server-based information oversharing vulnerabilities in Android applications","publication_year":2017,"publication_date":"2017-07-10","ids":{"openalex":"https://openalex.org/W2734542274","doi":"https://doi.org/10.1145/3092703.3092708","mag":"2734542274"},"language":"en","primary_location":{"id":"doi:10.1145/3092703.3092708","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3092703.3092708","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081421204","display_name":"William R. Koch","orcid":"https://orcid.org/0000-0002-3982-482X"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"William Koch","raw_affiliation_strings":["Boston University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Boston University, USA","institution_ids":["https://openalex.org/I111088046"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009151165","display_name":"Abdelberi Chaabane","orcid":null},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Abdelberi Chaabane","raw_affiliation_strings":["Northeastern University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044975798","display_name":"Manuel Egele","orcid":"https://orcid.org/0000-0001-5038-2682"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Manuel Egele","raw_affiliation_strings":["Boston University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Boston University, USA","institution_ids":["https://openalex.org/I111088046"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085358980","display_name":"William Robertson","orcid":"https://orcid.org/0000-0002-6968-0273"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"William Robertson","raw_affiliation_strings":["Northeastern University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077875821","display_name":"Engin Kirda","orcid":"https://orcid.org/0000-0001-9988-6873"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Engin Kirda","raw_affiliation_strings":["Northeastern University, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.747,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.71018152,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"147","last_page":"157"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8634108304977417},{"id":"https://openalex.org/keywords/information-leakage","display_name":"Information leakage","score":0.626908540725708},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6162599325180054},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5617368221282959},{"id":"https://openalex.org/keywords/information-sensitivity","display_name":"Information sensitivity","score":0.515496551990509},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48324689269065857},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.46935564279556274},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.41379427909851074},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26875901222229004}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8634108304977417},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.626908540725708},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6162599325180054},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5617368221282959},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.515496551990509},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48324689269065857},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.46935564279556274},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.41379427909851074},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26875901222229004},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3092703.3092708","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3092703.3092708","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.75,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G508048576","display_name":null,"funder_award_id":"FA8750-15-2-0084","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W32581813","https://openalex.org/W190551272","https://openalex.org/W1481895559","https://openalex.org/W1488890761","https://openalex.org/W1545341212","https://openalex.org/W1565125975","https://openalex.org/W1865564993","https://openalex.org/W1916902331","https://openalex.org/W1988036170","https://openalex.org/W2003276999","https://openalex.org/W2008810193","https://openalex.org/W2017025011","https://openalex.org/W2048702750","https://openalex.org/W2053008565","https://openalex.org/W2060692877","https://openalex.org/W2065085008","https://openalex.org/W2068583268","https://openalex.org/W2070386561","https://openalex.org/W2087804676","https://openalex.org/W2104237724","https://openalex.org/W2113115074","https://openalex.org/W2113137917","https://openalex.org/W2114275288","https://openalex.org/W2125011234","https://openalex.org/W2140021378","https://openalex.org/W2140095007","https://openalex.org/W2141554582","https://openalex.org/W2158888459","https://openalex.org/W2164539435","https://openalex.org/W2166510103","https://openalex.org/W2166743230","https://openalex.org/W2227887088","https://openalex.org/W2334842536","https://openalex.org/W2544992706","https://openalex.org/W2577413333","https://openalex.org/W2615082125","https://openalex.org/W2784849271","https://openalex.org/W2914012796","https://openalex.org/W2950387995","https://openalex.org/W3136699861"],"related_works":["https://openalex.org/W2791662519","https://openalex.org/W4389273713","https://openalex.org/W3036603968","https://openalex.org/W2334842536","https://openalex.org/W4288075818","https://openalex.org/W32581813","https://openalex.org/W4281488805","https://openalex.org/W189451467","https://openalex.org/W2771221996","https://openalex.org/W2077568170"],"abstract_inverted_index":{"Modern":[0],"applications":[1,26,169,196],"are":[2],"often":[3],"split":[4],"into":[5],"separate":[6],"client":[7,71,88],"and":[8,97,173],"server":[9,85],"tiers":[10],"that":[11,142],"communicate":[12],"via":[13],"message":[14],"passing":[15],"over":[16,190],"the":[17,28,39,70,74,79,84,87,115,134,154,198,201],"network.":[18],"One":[19],"well-understood":[20],"threat":[21,105],"to":[22,51,86,98,167,176],"privacy":[23,66],"for":[24,121,170],"such":[25],"is":[27,90],"leakage":[29,77,102],"of":[30,45,95,194,200],"sensitive":[31,144],"user":[32,156],"information":[33,58,145],"either":[34],"in":[35,78,114,129,209],"transit":[36],"or":[37,53,56],"at":[38,69,73],"server.":[40],"In":[41,132],"response,":[42],"an":[43,107],"array":[44],"defensive":[46],"techniques":[47],"have":[48],"been":[49],"developed":[50],"identify":[52],"block":[54],"unintended":[55],"malicious":[57],"leakage.":[59],"However,":[60],"prior":[61],"work":[62],"has":[63],"primarily":[64],"considered":[65],"leaks":[67],"originating":[68],"directed":[72],"server,":[75],"while":[76],"reverse":[80],"direction":[81],"--":[82,89],"from":[83,146],"comparatively":[91],"under-studied.":[92],"The":[93,158],"question":[94,113],"whether":[96],"what":[99],"degree":[100],"this":[101,112],"constitutes":[103],"a":[104,119,140,162,184,191],"remains":[106],"open":[108],"question.":[109],"We":[110],"answer":[111],"affirmative":[116],"with":[117,183],"Hush,":[118],"technique":[120,135,159,202],"semi-automatically":[122],"identifying":[123],"Server-based":[124],"InFormation":[125],"OvershariNg":[126],"(SIFON)":[127],"vulnerabilities":[128,138,182,208],"multi-tier":[130],"applications.":[131,211],"particular,":[133],"detects":[136],"SIFON":[137,207],"using":[139],"heuristic":[141],"overshared":[143],"server-side":[147],"APIs":[148],"will":[149],"not":[150],"be":[151],"displayed":[152],"by":[153,203],"application's":[155],"interface.":[157],"first":[160],"performs":[161],"scalable":[163],"static":[164],"program":[165],"analysis":[166],"screen":[168],"potential":[171],"vulnerabilities,":[172],"then":[174],"attempts":[175],"confirm":[177],"these":[178],"candidates":[179],"as":[180],"true":[181],"partially-automated":[185],"dynamic":[186],"analysis.":[187],"Our":[188],"evaluation":[189],"large":[192],"corpus":[193],"Android":[195],"demonstrates":[197],"effectiveness":[199],"discovering":[204],"several":[205],"previously-unknown":[206],"eight":[210]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":5},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}