{"id":"https://openalex.org/W3039204255","doi":"https://doi.org/10.1145/3403947","title":"The Seven Deadly Sins of the HTML5 WebAPI","display_name":"The Seven Deadly Sins of the HTML5 WebAPI","publication_year":2020,"publication_date":"2020-07-06","ids":{"openalex":"https://openalex.org/W3039204255","doi":"https://doi.org/10.1145/3403947","mag":"3039204255"},"language":"en","primary_location":{"id":"doi:10.1145/3403947","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3403947","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3403947","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3403947","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011514684","display_name":"Michalis Diamantaris","orcid":null},"institutions":[{"id":"https://openalex.org/I4210121775","display_name":"FORTH Institute of Computer Science","ror":"https://ror.org/02tf48g55","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210121775","https://openalex.org/I8901234"]}],"countries":["GR"],"is_corresponding":true,"raw_author_name":"Michalis Diamantaris","raw_affiliation_strings":["FORTH, Greece"],"affiliations":[{"raw_affiliation_string":"FORTH, Greece","institution_ids":["https://openalex.org/I4210121775"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016396979","display_name":"Francesco Marcantoni","orcid":null},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Francesco Marcantoni","raw_affiliation_strings":["University of Illinois at Chicago, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Chicago, USA","institution_ids":["https://openalex.org/I39422238"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109897169","display_name":"Sotiris Ioannidis","orcid":"https://orcid.org/0009-0002-0682-0475"},"institutions":[{"id":"https://openalex.org/I4210121775","display_name":"FORTH Institute of Computer Science","ror":"https://ror.org/02tf48g55","country_code":"GR","type":"facility","lineage":["https://openalex.org/I4210121775","https://openalex.org/I8901234"]}],"countries":["GR"],"is_corresponding":false,"raw_author_name":"Sotiris Ioannidis","raw_affiliation_strings":["FORTH, Greece"],"affiliations":[{"raw_affiliation_string":"FORTH, Greece","institution_ids":["https://openalex.org/I4210121775"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5018209439","display_name":"Jason Polakis","orcid":"https://orcid.org/0000-0001-5034-0730"},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Polakis","raw_affiliation_strings":["University of Illinois at Chicago, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Chicago, USA","institution_ids":["https://openalex.org/I39422238"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5011514684"],"corresponding_institution_ids":["https://openalex.org/I4210121775"],"apc_list":null,"apc_paid":null,"fwci":1.3693,"has_fulltext":true,"cited_by_count":13,"citation_normalized_percentile":{"value":0.81320042,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":97},"biblio":{"volume":"23","issue":"4","first_page":"1","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11896","display_name":"Opportunistic and Delay-Tolerant Networks","score":0.9940000176429749,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/html5","display_name":"HTML5","score":0.7852336168289185},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7790200710296631},{"id":"https://openalex.org/keywords/javascript","display_name":"JavaScript","score":0.7679732441902161},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6915595531463623},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5199931263923645},{"id":"https://openalex.org/keywords/installation","display_name":"Installation","score":0.5076810121536255},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5064653158187866},{"id":"https://openalex.org/keywords/framing","display_name":"Framing (construction)","score":0.4936903417110443},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.44687867164611816},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.44504591822624207},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.16485390067100525}],"concepts":[{"id":"https://openalex.org/C84063617","wikidata":"https://www.wikidata.org/wiki/Q2053","display_name":"HTML5","level":2,"score":0.7852336168289185},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7790200710296631},{"id":"https://openalex.org/C544833334","wikidata":"https://www.wikidata.org/wiki/Q2005","display_name":"JavaScript","level":2,"score":0.7679732441902161},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6915595531463623},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5199931263923645},{"id":"https://openalex.org/C146778888","wikidata":"https://www.wikidata.org/wiki/Q836862","display_name":"Installation","level":2,"score":0.5076810121536255},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5064653158187866},{"id":"https://openalex.org/C169087156","wikidata":"https://www.wikidata.org/wiki/Q2131593","display_name":"Framing (construction)","level":2,"score":0.4936903417110443},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.44687867164611816},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.44504591822624207},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.16485390067100525},{"id":"https://openalex.org/C66938386","wikidata":"https://www.wikidata.org/wiki/Q633538","display_name":"Structural engineering","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3403947","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3403947","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3403947","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},{"id":"pmh:oai:zenodo.org:3949577","is_oa":true,"landing_page_url":"https://zenodo.org/record/3949577","pdf_url":null,"source":{"id":"https://openalex.org/S4306400562","display_name":"Zenodo (CERN European Organization for Nuclear Research)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I67311998","host_organization_name":"European Organization for Nuclear Research","host_organization_lineage":["https://openalex.org/I67311998"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on Privacy and Security (TOPS) 23(4)","raw_type":"info:eu-repo/semantics/article"}],"best_oa_location":{"id":"doi:10.1145/3403947","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3403947","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3403947","source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6299999952316284,"display_name":"Industry, innovation and infrastructure"}],"awards":[{"id":"https://openalex.org/G2980348971","display_name":"SaTC: CORE: Small: Black-Box Flaw Discovery in Web Authentication and Authorization Mechanisms","funder_award_id":"1934597","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4170019184","display_name":null,"funder_award_id":"FA8650-18-C-7880","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320338294","display_name":"Air Force Research Laboratory","ror":"https://ror.org/02e2egq70"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3039204255.pdf","grobid_xml":"https://content.openalex.org/works/W3039204255.grobid-xml"},"referenced_works_count":78,"referenced_works":["https://openalex.org/W116465461","https://openalex.org/W776418363","https://openalex.org/W1525967479","https://openalex.org/W1533974647","https://openalex.org/W1536711614","https://openalex.org/W1659880361","https://openalex.org/W1788071698","https://openalex.org/W1824405704","https://openalex.org/W1965243139","https://openalex.org/W1968181699","https://openalex.org/W1973831058","https://openalex.org/W1980481605","https://openalex.org/W1991685971","https://openalex.org/W1997430507","https://openalex.org/W2013735525","https://openalex.org/W2016004370","https://openalex.org/W2017634428","https://openalex.org/W2018157642","https://openalex.org/W2045726900","https://openalex.org/W2048212067","https://openalex.org/W2057907879","https://openalex.org/W2060646286","https://openalex.org/W2067488563","https://openalex.org/W2073445898","https://openalex.org/W2074367177","https://openalex.org/W2090465075","https://openalex.org/W2099468260","https://openalex.org/W2108328714","https://openalex.org/W2108467170","https://openalex.org/W2122837018","https://openalex.org/W2136649349","https://openalex.org/W2147063679","https://openalex.org/W2149359921","https://openalex.org/W2150097065","https://openalex.org/W2150639461","https://openalex.org/W2158705880","https://openalex.org/W2165109377","https://openalex.org/W2167953817","https://openalex.org/W2171679232","https://openalex.org/W2197053955","https://openalex.org/W2293436273","https://openalex.org/W2295760285","https://openalex.org/W2297075900","https://openalex.org/W2401233188","https://openalex.org/W2403389194","https://openalex.org/W2409587536","https://openalex.org/W2426435886","https://openalex.org/W2498667172","https://openalex.org/W2509042760","https://openalex.org/W2535603283","https://openalex.org/W2552406441","https://openalex.org/W2553915786","https://openalex.org/W2572078890","https://openalex.org/W2574536453","https://openalex.org/W2619786436","https://openalex.org/W2624032679","https://openalex.org/W2733005124","https://openalex.org/W2744999500","https://openalex.org/W2765408901","https://openalex.org/W2766315610","https://openalex.org/W2776595268","https://openalex.org/W2782918258","https://openalex.org/W2783061095","https://openalex.org/W2788461260","https://openalex.org/W2805638371","https://openalex.org/W2806944993","https://openalex.org/W2809093529","https://openalex.org/W2810490099","https://openalex.org/W2890010784","https://openalex.org/W2891928976","https://openalex.org/W2923317037","https://openalex.org/W2955618369","https://openalex.org/W2964203713","https://openalex.org/W2969001244","https://openalex.org/W2980748551","https://openalex.org/W3100137403","https://openalex.org/W4234623118","https://openalex.org/W4295023194"],"related_works":["https://openalex.org/W4390142841","https://openalex.org/W2484907013","https://openalex.org/W2606134820","https://openalex.org/W562146691","https://openalex.org/W2984839098","https://openalex.org/W2137830470","https://openalex.org/W2342903424","https://openalex.org/W2750121105","https://openalex.org/W602441967","https://openalex.org/W2015824145"],"abstract_inverted_index":{"Modern":[0],"smartphone":[1],"sensors":[2],"can":[3,19,218,248],"be":[4,20],"leveraged":[5],"for":[6,164,229,239],"providing":[7],"novel":[8,105],"functionality":[9],"and":[10,133,199,225,236],"greatly":[11],"improving":[12],"the":[13,59,73,98,141,147,154,162,183,227,237],"user":[14],"experience.":[15],"However,":[16],"sensor":[17,37,166,244],"data":[18,38,135,208,245],"misused":[21],"by":[22,83,204],"privacy-invasive":[23],"or":[24],"malicious":[25,51],"entities.":[26],"Additionally,":[27],"a":[28,69,85,104,115,179,191,230],"wide":[29],"range":[30],"of":[31,61,72,88,97,109,114,170,182,185,193,216],"other":[32],"attacks":[33,44,195],"that":[34,56,76,210,214],"use":[35],"mobile":[36,77],"have":[39,45,54],"been":[40],"demonstrated;":[41],"while":[42],"those":[43],"typically":[46],"relied":[47],"on":[48,112],"users":[49,82,240],"installing":[50],"apps,":[52],"browsers":[53,235],"eliminated":[55],"constraint":[57],"with":[58,168],"deployment":[60],"HTML5":[62,90],"WebAPI.":[63],"In":[64,128],"this":[65,186],"article,":[66],"we":[67,189],"conduct":[68,124],"comprehensive":[70,180],"evaluation":[71],"multifaceted":[74],"threat":[75],"web":[78],"browsing":[79],"poses":[80],"to":[81,123,146,156,241],"conducting":[84],"large-scale":[86],"study":[87,152],"mobile-specific":[89],"WebAPI":[91,142,163],"calls":[92,144],"across":[93,233],"more":[94],"than":[95],"183K":[96],"most":[99],"popular":[100],"websites.":[101],"We":[102,212],"build":[103],"testing":[106],"infrastructure":[107],"consisting":[108],"actual":[110],"smartphones":[111],"top":[113],"dynamic":[116],"Android":[117,148],"app":[118],"analysis":[119,203],"framework,":[120],"allowing":[121],"us":[122],"an":[125,201],"end-to-end":[126],"exploration.":[127],"detail,":[129],"our":[130,206],"system":[131,149],"intercepts":[132],"tracks":[134],"access":[136],"in":[137],"real":[138],"time,":[139],"from":[140,196],"JavaScript":[143],"down":[145],"calls.":[150],"Our":[151],"reveals":[153],"extent":[155],"which":[157],"websites":[158,171,217],"are":[159],"actively":[160],"leveraging":[161],"collecting":[165],"data,":[167],"2.89%":[169],"accessing":[172],"at":[173,221],"least":[174,222],"one":[175,223],"sensor.":[176],"To":[177],"provide":[178],"assessment":[181],"risks":[184],"emerging":[187],"practice,":[188],"create":[190],"taxonomy":[192],"sensor-based":[194],"prior":[197],"studies":[198],"present":[200],"in-depth":[202],"framing":[205],"collected":[207],"within":[209],"taxonomy.":[211],"find":[213],"1.63%":[215],"carry":[219],"out":[220],"attack":[224],"emphasize":[226],"need":[228],"standardized":[231],"policy":[232],"all":[234],"ability":[238],"control":[242],"what":[243],"each":[246],"website":[247],"access.":[249]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":3}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}