{"id":"https://openalex.org/W3106500569","doi":"https://doi.org/10.1145/3368089.3409745","title":"Borrowing your enemy\u2019s arrows: the case of code reuse in Android via direct inter-app code invocation","display_name":"Borrowing your enemy\u2019s arrows: the case of code reuse in Android via direct inter-app code invocation","publication_year":2020,"publication_date":"2020-11-08","ids":{"openalex":"https://openalex.org/W3106500569","doi":"https://doi.org/10.1145/3368089.3409745","mag":"3106500569"},"language":"en","primary_location":{"id":"doi:10.1145/3368089.3409745","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3368089.3409745","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://orbilu.uni.lu/handle/10993/45769","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045960682","display_name":"Jun Gao","orcid":"https://orcid.org/0000-0002-3864-5926"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":true,"raw_author_name":"Jun Gao","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5106407830","display_name":"Li Li","orcid":"https://orcid.org/0000-0003-2990-1614"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Li Li","raw_affiliation_strings":["Monash University, Australia"],"affiliations":[{"raw_affiliation_string":"Monash University, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046243569","display_name":"Pingfan Kong","orcid":"https://orcid.org/0000-0002-4479-0775"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Pingfan Kong","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082835974","display_name":"Tegawend\u00e9 F. Bissyand\u00e9","orcid":"https://orcid.org/0000-0001-7270-9869"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Tegawend\u00e9 F. Bissyand\u00e9","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040326968","display_name":"Jacques Klein","orcid":"https://orcid.org/0000-0003-4052-475X"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Jacques Klein","raw_affiliation_strings":["University of Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5045960682"],"corresponding_institution_ids":["https://openalex.org/I186903577"],"apc_list":null,"apc_paid":null,"fwci":1.5217,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.83713355,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"939","last_page":"951"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9876000285148621,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.8214106559753418},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8078149557113647},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.7431890964508057},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.6681274771690369},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.6166554093360901},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4142371118068695},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4100602865219116},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.34713757038116455},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.3236430883407593},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.18430408835411072},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.15703240036964417}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.8214106559753418},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8078149557113647},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.7431890964508057},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.6681274771690369},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.6166554093360901},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4142371118068695},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4100602865219116},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.34713757038116455},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.3236430883407593},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.18430408835411072},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.15703240036964417},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3368089.3409745","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3368089.3409745","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","raw_type":"proceedings-article"},{"id":"pmh:oai:orbilu.uni.lu:10993/45769","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/45769","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2020-11); The 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, from 06-11-2020 to 16-11-2020","raw_type":"peer reviewed"}],"best_oa_location":{"id":"pmh:oai:orbilu.uni.lu:10993/45769","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/45769","pdf_url":null,"source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ESEC/FSE 2020: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2020-11); The 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, from 06-11-2020 to 16-11-2020","raw_type":"peer reviewed"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1408323592","display_name":null,"funder_award_id":"830892","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G4988649235","display_name":null,"funder_award_id":"830892","funder_id":"https://openalex.org/F4320335254","funder_display_name":"Horizon 2020"},{"id":"https://openalex.org/G6031817756","display_name":"Cost-Efficient Methods and Processes for Safety Relevant Embedded Systems","funder_award_id":"100016","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8318064016","display_name":null,"funder_award_id":"Horizon","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8404260076","display_name":null,"funder_award_id":"PRIDE15/10621687/SPsquared","funder_id":"https://openalex.org/F4320321038","funder_display_name":"Fonds National de la Recherche Luxembourg"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320321038","display_name":"Fonds National de la Recherche Luxembourg","ror":"https://ror.org/039z13y21"},{"id":"https://openalex.org/F4320335254","display_name":"Horizon 2020","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":54,"referenced_works":["https://openalex.org/W769484497","https://openalex.org/W1630356589","https://openalex.org/W1645479483","https://openalex.org/W1912565424","https://openalex.org/W1915915253","https://openalex.org/W1972796262","https://openalex.org/W1988036170","https://openalex.org/W2004209351","https://openalex.org/W2007857904","https://openalex.org/W2010395842","https://openalex.org/W2041276426","https://openalex.org/W2047650489","https://openalex.org/W2059610428","https://openalex.org/W2067364868","https://openalex.org/W2070192880","https://openalex.org/W2077202047","https://openalex.org/W2078197322","https://openalex.org/W2092712591","https://openalex.org/W2096196901","https://openalex.org/W2103260577","https://openalex.org/W2106510916","https://openalex.org/W2117867487","https://openalex.org/W2153542583","https://openalex.org/W2166743230","https://openalex.org/W2170594979","https://openalex.org/W2184320046","https://openalex.org/W2277576447","https://openalex.org/W2296725054","https://openalex.org/W2343325785","https://openalex.org/W2350778671","https://openalex.org/W2396077939","https://openalex.org/W2403259843","https://openalex.org/W2407313496","https://openalex.org/W2463553622","https://openalex.org/W2470899015","https://openalex.org/W2572070369","https://openalex.org/W2600871181","https://openalex.org/W2725004715","https://openalex.org/W2733829216","https://openalex.org/W2740742367","https://openalex.org/W2754152340","https://openalex.org/W2785871300","https://openalex.org/W2794494879","https://openalex.org/W2808617203","https://openalex.org/W2890086692","https://openalex.org/W2897615540","https://openalex.org/W2900890308","https://openalex.org/W2906347220","https://openalex.org/W2960366853","https://openalex.org/W2963213304","https://openalex.org/W2991966316","https://openalex.org/W2995340752","https://openalex.org/W3103123779","https://openalex.org/W4245027182"],"related_works":["https://openalex.org/W3212610863","https://openalex.org/W2493947570","https://openalex.org/W2182697532","https://openalex.org/W142226328","https://openalex.org/W1544062218","https://openalex.org/W185550498","https://openalex.org/W2348203156","https://openalex.org/W2226868092","https://openalex.org/W2164928043","https://openalex.org/W1991166235"],"abstract_inverted_index":{"The":[0],"Android":[1,107],"ecosystem":[2],"offers":[3],"different":[4,66],"facilities":[5],"to":[6,15,88,119,127,131,145],"enable":[7],"communication":[8,35],"among":[9],"app":[10,86],"components":[11],"and":[12,90],"across":[13],"apps":[14,104],"ensure":[16],"that":[17,55,135],"rich":[18],"services":[19],"can":[20,116],"be":[21,117],"composed":[22],"through":[23],"functionality":[24],"reuse.":[25],"At":[26],"the":[27,33,44,49,76,176,189,195],"heart":[28],"of":[29,175,179,197],"this":[30,80,113,129,180,198],"system":[31],"is":[32,51,183],"Inter-component":[34],"(ICC)":[36],"scheme,":[37],"which":[38,62,82],"has":[39,140],"been":[40],"largely":[41],"studied":[42,199],"in":[43,48,102,170],"literature.":[45],"Less":[46],"known":[47],"community":[50],"another":[52],"powerful":[53],"mechanism":[54,115,130,182],"allows":[56],"for":[57,65,79,142,164],"direct":[58,166],"inter-app":[59,167],"code":[60,168],"invocation":[61],"opens":[63],"up":[64],"reuse":[67,114,181,200],"scenarios,":[68],"both":[69],"legitimate":[70],"or":[71,98],"malicious.":[72],"This":[73],"paper":[74],"exposes":[75],"general":[77],"workflow":[78],"mechanism,":[81],"beyond":[83],"ICCs,":[84],"enables":[85],"developers":[87],"access":[89,144],"invoke":[91],"functionalities":[92],"(either":[93],"entire":[94],"Java":[95],"classes,":[96],"methods":[97],"object":[99],"fields)":[100],"implemented":[101],"other":[103],"using":[105],"official":[106],"APIs.":[108],"We":[109,154],"experimentally":[110],"showcase":[111],"how":[112],"leveraged":[118],"\u201cplagiarize\"":[120],"supposedly-protected":[121],"functionalities.":[122],"Typically,":[123],"we":[124,187],"were":[125],"able":[126],"leverage":[128],"bypass":[132],"security":[133],"guards":[134],"a":[136,158],"popular":[137],"video":[138,147],"broadcaster":[139],"placed":[141],"preventing":[143],"its":[146,151],"database":[148],"from":[149],"outside":[150],"provided":[152],"app.":[153],"further":[155],"contribute":[156],"with":[157],"static":[159],"analysis":[160,174],"toolkit,":[161],"named":[162],"DICIDer,":[163],"detecting":[165],"invocations":[169],"apps.":[171],"An":[172],"empirical":[173],"usage":[177,190],"prevalence":[178],"then":[184],"conducted.":[185],"Finally,":[186],"discuss":[188],"contexts":[191],"as":[192,194],"well":[193],"implications":[196],"mechanism.":[201]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}