{"id":"https://openalex.org/W4396758678","doi":"https://doi.org/10.1145/3589334.3645721","title":"Don't Bite Off More than You Can Chew: Investigating Excessive Permission Requests in Trigger-Action Integrations","display_name":"Don't Bite Off More than You Can Chew: Investigating Excessive Permission Requests in Trigger-Action Integrations","publication_year":2024,"publication_date":"2024-05-08","ids":{"openalex":"https://openalex.org/W4396758678","doi":"https://doi.org/10.1145/3589334.3645721"},"language":"en","primary_location":{"id":"doi:10.1145/3589334.3645721","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3589334.3645721","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://hdl.handle.net/10072/431424","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5054006278","display_name":"Liuhuo Wan","orcid":"https://orcid.org/0009-0004-7090-1493"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Liuhuo Wan","raw_affiliation_strings":["University of Queensland, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0009-0004-7090-1493","affiliations":[{"raw_affiliation_string":"University of Queensland, Brisbane, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000432413","display_name":"Kailong Wang","orcid":"https://orcid.org/0000-0002-3977-6573"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kailong Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0002-3977-6573","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002467231","display_name":"Kulani Mahadewa","orcid":"https://orcid.org/0000-0002-2388-1790"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Kulani Mahadewa","raw_affiliation_strings":["National University of Singapore, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-2388-1790","affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115695530","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-1100-8633","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015858067","display_name":"Guangdong Bai","orcid":"https://orcid.org/0000-0002-6390-9890"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Guangdong Bai","raw_affiliation_strings":["University of Queensland, Brisbane, Australia"],"raw_orcid":"https://orcid.org/0000-0002-6390-9890","affiliations":[{"raw_affiliation_string":"University of Queensland, Brisbane, Australia","institution_ids":["https://openalex.org/I165143802"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5054006278"],"corresponding_institution_ids":["https://openalex.org/I165143802"],"apc_list":null,"apc_paid":null,"fwci":0.6623,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.72800023,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"3106","last_page":"3116"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10126","display_name":"Logic, programming, and type systems","score":0.9803000092506409,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10126","display_name":"Logic, programming, and type systems","score":0.9803000092506409,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.963100016117096,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9563000202178955,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.9157462120056152},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.6533238887786865},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5039083361625671},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3504602611064911},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.1163298487663269},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.10586842894554138},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.09733638167381287}],"concepts":[{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.9157462120056152},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.6533238887786865},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5039083361625671},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3504602611064911},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.1163298487663269},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.10586842894554138},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.09733638167381287},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3589334.3645721","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3589334.3645721","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},{"id":"pmh:oai:research-repository.griffith.edu.au:10072/431424","is_oa":true,"landing_page_url":"https://hdl.handle.net/10072/431424","pdf_url":null,"source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"}],"best_oa_location":{"id":"pmh:oai:research-repository.griffith.edu.au:10072/431424","is_oa":true,"landing_page_url":"https://hdl.handle.net/10072/431424","pdf_url":null,"source":null,"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W2007999111","https://openalex.org/W2095881341","https://openalex.org/W2107643854","https://openalex.org/W2485241514","https://openalex.org/W2605367183","https://openalex.org/W2734941459","https://openalex.org/W2791710451","https://openalex.org/W2792078641","https://openalex.org/W2794864670","https://openalex.org/W2889851986","https://openalex.org/W2911962130","https://openalex.org/W2953940064","https://openalex.org/W2983277367","https://openalex.org/W3008435186","https://openalex.org/W3113878582","https://openalex.org/W3122241445","https://openalex.org/W3153562009","https://openalex.org/W3159021879","https://openalex.org/W3182238712","https://openalex.org/W4210764005","https://openalex.org/W4288057764","https://openalex.org/W4313563723","https://openalex.org/W4324007144","https://openalex.org/W4384154477"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2374086689","https://openalex.org/W3176279093","https://openalex.org/W2373945265","https://openalex.org/W2370203001","https://openalex.org/W1912565424","https://openalex.org/W4246410201","https://openalex.org/W2385081216"],"abstract_inverted_index":{"Web-based":[0],"trigger-action":[1,17],"platforms":[2],"(TAP)":[3],"allow":[4],"users":[5],"to":[6,60,74,115],"integrate":[7],"Internet":[8],"of":[9,65,104,121,124],"Things":[10],"(IoT)":[11],"systems":[12],"and":[13,36,43,49,68,93,126],"online":[14],"services":[15],"into":[16],"integrations":[18],"(TAIs),":[19],"facilitating":[20],"rich":[21],"automation":[22],"tasks":[23],"known":[24],"as":[25,47],"applets.":[26],"Despite":[27],"their":[28],"benefits,":[29],"these":[30,66],"integrations~(typically":[31],"involving":[32],"the":[33,62,110,122],"TAP,":[34],"trigger,":[35],"action":[37],"service":[38,113],"providers)":[39],"pose":[40],"significant":[41],"security":[42,67,125],"privacy":[44,69,127],"challenges,":[45],"such":[46],"mis-triggering":[48],"data":[50],"leakage.":[51],"This":[52],"work":[53],"investigates":[54],"cross-entity":[55],"permission":[56,78,98],"management":[57],"within":[58],"TAIs":[59],"address":[61],"underlying":[63],"causes":[64],"issues,":[70],"emphasizing":[71],"permission-functionality":[72,117],"consistency":[73],"ensure":[75],"fairness":[76],"in":[77,100,128],"requests.":[79],"We":[80],"introduce":[81],"PFCon,":[82],"a":[83,101],"system":[84],"that":[85],"leverages":[86],"GPT-based":[87],"language":[88],"models":[89],"for":[90,112],"analyzing":[91],"required":[92],"requested":[94],"permissions,":[95],"revealing":[96],"excessive":[97],"requests":[99],"large-scale":[102],"study":[103],"IFTTT":[105],"TAP.":[106],"Our":[107],"findings":[108],"highlight":[109],"need":[111],"providers":[114],"enforce":[116],"consistency,":[118],"raising":[119],"awareness":[120],"importance":[123],"TAI.":[129]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1}],"updated_date":"2025-12-21T01:58:51.020947","created_date":"2025-10-10T00:00:00"}