{"id":"https://openalex.org/W4284677821","doi":"https://doi.org/10.1145/3510003.3510072","title":"Large-scale security measurements on the android firmware ecosystem","display_name":"Large-scale security measurements on the android firmware ecosystem","publication_year":2022,"publication_date":"2022-05-21","ids":{"openalex":"https://openalex.org/W4284677821","doi":"https://doi.org/10.1145/3510003.3510072"},"language":"en","primary_location":{"id":"doi:10.1145/3510003.3510072","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3510003.3510072","pdf_url":null,"source":{"id":"https://openalex.org/S4363608872","display_name":"Proceedings of the 44th International Conference on Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 44th International Conference on Software Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5032372397","display_name":"Qinsheng Hou","orcid":"https://orcid.org/0000-0002-1119-4766"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]},{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Qinsheng Hou","raw_affiliation_strings":["Shandong University and Tsinghua University"],"affiliations":[{"raw_affiliation_string":"Shandong University and Tsinghua University","institution_ids":["https://openalex.org/I99065089","https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080378687","display_name":"Wenrui Diao","orcid":"https://orcid.org/0000-0003-0916-8806"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenrui Diao","raw_affiliation_strings":["Shandong University"],"affiliations":[{"raw_affiliation_string":"Shandong University","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101846444","display_name":"Yanhao Wang","orcid":"https://orcid.org/0000-0002-6990-2972"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yanhao Wang","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100359306","display_name":"Xiaofeng Liu","orcid":"https://orcid.org/0009-0007-6147-7119"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaofeng Liu","raw_affiliation_strings":["Shandong University"],"affiliations":[{"raw_affiliation_string":"Shandong University","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100339617","display_name":"Song Liu","orcid":"https://orcid.org/0009-0004-0571-0893"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Song Liu","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100414046","display_name":"Lingyun Ying","orcid":"https://orcid.org/0000-0001-7445-9103"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lingyun Ying","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084460856","display_name":"Shanqing Guo","orcid":"https://orcid.org/0000-0003-3367-0951"},"institutions":[{"id":"https://openalex.org/I154099455","display_name":"Shandong University","ror":"https://ror.org/0207yh398","country_code":"CN","type":"education","lineage":["https://openalex.org/I154099455"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanqing Guo","raw_affiliation_strings":["Shandong University and Quancheng Laboratory, Jinan, China"],"affiliations":[{"raw_affiliation_string":"Shandong University and Quancheng Laboratory, Jinan, China","institution_ids":["https://openalex.org/I154099455"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101879892","display_name":"Yuanzhi Li","orcid":"https://orcid.org/0009-0004-4418-9308"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuanzhi Li","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102760462","display_name":"Meining Nie","orcid":"https://orcid.org/0009-0008-1014-4776"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Meining Nie","raw_affiliation_strings":["QI-ANXIN Technology Research Institute"],"affiliations":[{"raw_affiliation_string":"QI-ANXIN Technology Research Institute","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085728746","display_name":"Haixin Duan","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University"],"affiliations":[{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5032372397"],"corresponding_institution_ids":["https://openalex.org/I154099455","https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":2.0864,"has_fulltext":false,"cited_by_count":18,"citation_normalized_percentile":{"value":0.89763033,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1257","last_page":"1268"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9914000034332275,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9878000020980835,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.9033548831939697},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7698307037353516},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.745578408241272},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46459293365478516},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4254893660545349},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.41966187953948975},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.41289031505584717},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.35510456562042236}],"concepts":[{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.9033548831939697},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7698307037353516},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.745578408241272},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46459293365478516},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4254893660545349},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.41966187953948975},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.41289031505584717},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.35510456562042236}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3510003.3510072","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3510003.3510072","pdf_url":null,"source":{"id":"https://openalex.org/S4363608872","display_name":"Proceedings of the 44th International Conference on Software Engineering","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 44th International Conference on Software Engineering","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","display_name":"Responsible consumption and production","score":0.4000000059604645}],"awards":[{"id":"https://openalex.org/G5064622249","display_name":null,"funder_award_id":"62002203, 92064008, 61902148","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W2008345765","https://openalex.org/W2008810193","https://openalex.org/W2010395842","https://openalex.org/W2127671294","https://openalex.org/W2728439475","https://openalex.org/W2797009188","https://openalex.org/W2985320478","https://openalex.org/W3153221864"],"related_works":["https://openalex.org/W2582981600","https://openalex.org/W4389238932","https://openalex.org/W4387467152","https://openalex.org/W3010413952","https://openalex.org/W4212885212","https://openalex.org/W4379115910","https://openalex.org/W2717179875","https://openalex.org/W2354251310","https://openalex.org/W4249118297","https://openalex.org/W1565885216"],"abstract_inverted_index":{"Android":[0,24,43,67,95,119,142,212,295],"is":[1,14,125,139],"the":[2,23,35,38,52,63,72,86,100,118,140,170,203,235,250,262,294],"most":[3,70],"popular":[4],"smartphone":[5],"platform":[6],"with":[7,30,298],"over":[8],"85%":[9],"market":[10],"share.":[11],"Its":[12],"success":[13],"built":[15],"on":[16,76,104,127],"openness,":[17],"and":[18,40,99,134,165,186,193,206,216,233,259],"phone":[19],"vendors":[20,133],"can":[21,266],"utilize":[22],"source":[25],"code":[26],"to":[27,61,178,244],"make":[28],"products":[29],"unique":[31],"software/hardware":[32],"features.":[33],"On":[34],"other":[36],"hand,":[37],"fragmentation":[39],"customization":[41],"of":[42,54,65,71,85,94,117,157,218,225,280,293,301],"also":[44,248],"bring":[45],"many":[46],"security":[47,64,98,148,163,254,264,304],"risks":[48],"that":[49,261],"have":[50,238,282],"attracted":[51],"attention":[53],"researchers.":[55],"Many":[56],"efforts":[57],"were":[58],"put":[59],"in":[60,211],"investigate":[62],"customized":[66],"firmware.":[68,87],"However,":[69],"previous":[73],"work":[74],"focuses":[75],"designing":[77],"efficient":[78],"analysis":[79,171,192],"tools":[80],"or":[81],"analyzing":[82],"particular":[83],"aspects":[84],"There":[88],"still":[89,228],"lacks":[90],"a":[91,113,155,175],"panoramic":[92],"view":[93],"firmware":[96,106,120,129,143,296],"ecosystem":[97,121,297],"corresponding":[101,236],"understandings":[102],"based":[103,126],"large-scale":[105,114],"datasets.":[107],"In":[108,150,242],"this":[109],"work,":[110],"we":[111,173,247],"made":[112],"comprehensive":[115],"measurement":[116],"security.":[122],"Our":[123],"study":[124,153,288],"6,261":[128],"images":[130,224],"from":[131],"153":[132],"602":[135],"Android-related":[136],"CVEs,":[137],"which":[138,281],"largest":[141],"dataset":[144],"ever":[145],"used":[146],"for":[147],"measurements.":[149],"particular,":[151],"our":[152,277],"followed":[154],"series":[156],"research":[158],"questions,":[159],"covering":[160],"vulnerabilities,":[161],"patches,":[162],"updates,":[164],"pre-installed":[166,231],"apps.":[167],"To":[168],"automate":[169],"process,":[172],"designed":[174],"framework,":[176,278],"AndScanner,":[177],"complete":[179],"ROM":[180,182],"crawling,":[181],"parsing,":[183],"patch":[184,204],"analysis,":[185],"app":[187],"analysis.":[188],"Through":[189],"massive":[190],"data":[191,245],"case":[194,257],"explorations,":[195],"several":[196,226],"interesting":[197],"findings":[198],"are":[199,209],"obtained.":[200],"For":[201],"example,":[202],"delay":[205],"missing":[207],"issues":[208],"widespread":[210],"images,":[213,220],"say":[214],"24.2%":[215],"6.1%":[217],"all":[219],"respectively.":[221],"The":[222],"latest":[223],"phones":[227],"contain":[229],"vulnerable":[230],"apps,":[232],"even":[234],"vulnerabilities":[237,271,275],"been":[239,283],"publicly":[240],"disclosed.":[241],"addition":[243],"measurements,":[246],"explore":[249],"causes":[251],"behind":[252],"these":[253],"threats":[255,265],"through":[256],"studies":[258],"demonstrate":[260],"discovered":[263],"be":[267],"converted":[268],"into":[269],"exploitable":[270],"via":[272],"38":[273],"newfound":[274],"by":[276],"32":[279],"assigned":[284],"CVE/CNVD":[285],"numbers.":[286],"This":[287],"provides":[289],"much":[290],"new":[291],"knowledge":[292],"deep":[299],"understanding":[300],"software":[302],"engineering":[303],"practices.":[305]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":4}],"updated_date":"2026-02-25T08:12:03.925757","created_date":"2025-10-10T00:00:00"}