{"id":"https://openalex.org/W4404515024","doi":"https://doi.org/10.1145/3689941.3695776","title":"Resurfacing Vulnerabilities: An Empirical Study on the Reemergence of Previously Patched Security Issues in App-in-App Ecosystems","display_name":"Resurfacing Vulnerabilities: An Empirical Study on the Reemergence of Previously Patched Security Issues in App-in-App Ecosystems","publication_year":2023,"publication_date":"2023-11-19","ids":{"openalex":"https://openalex.org/W4404515024","doi":"https://doi.org/10.1145/3689941.3695776"},"language":"en","primary_location":{"id":"doi:10.1145/3689941.3695776","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3689941.3695776","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Workshop on Secure and Trustworthy Superapps","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Yifan Zhang","orcid":"https://orcid.org/0009-0000-3365-8050"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yifan Zhang","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, IN, USA"],"raw_orcid":"https://orcid.org/0009-0000-3365-8050","affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, IN, USA","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101428527","display_name":"Yuhui Hong","orcid":"https://orcid.org/0000-0002-5647-9714"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yuhui Hong","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, IN, USA"],"raw_orcid":"https://orcid.org/0000-0002-5647-9714","affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, IN, USA","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036446600","display_name":"Luyi Xing","orcid":"https://orcid.org/0000-0002-1036-1163"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Luyi Xing","raw_affiliation_strings":["Indiana University Bloomington, Bloomington, IN, USA"],"raw_orcid":"https://orcid.org/0000-0002-1036-1163","affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, Bloomington, IN, USA","institution_ids":["https://openalex.org/I4210119109"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.24879287,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"23","last_page":"26"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5715977549552917},{"id":"https://openalex.org/keywords/patched","display_name":"Patched","score":0.53749018907547},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.5289485454559326},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4503338932991028},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4500834345817566},{"id":"https://openalex.org/keywords/ecosystem","display_name":"Ecosystem","score":0.4333408772945404},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.22380435466766357},{"id":"https://openalex.org/keywords/ecology","display_name":"Ecology","score":0.07553955912590027},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.0715608298778534}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5715977549552917},{"id":"https://openalex.org/C2777994357","wikidata":"https://www.wikidata.org/wiki/Q24781250","display_name":"Patched","level":4,"score":0.53749018907547},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.5289485454559326},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4503338932991028},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4500834345817566},{"id":"https://openalex.org/C110872660","wikidata":"https://www.wikidata.org/wiki/Q37813","display_name":"Ecosystem","level":2,"score":0.4333408772945404},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.22380435466766357},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.07553955912590027},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0715608298778534},{"id":"https://openalex.org/C62478195","wikidata":"https://www.wikidata.org/wiki/Q828130","display_name":"Signal transduction","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C88498014","wikidata":"https://www.wikidata.org/wiki/Q14859918","display_name":"Hedgehog signaling pathway","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3689941.3695776","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3689941.3695776","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Workshop on Secure and Trustworthy Superapps","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W1995703446","https://openalex.org/W2011459220","https://openalex.org/W2039052699","https://openalex.org/W2075099535","https://openalex.org/W2148143831","https://openalex.org/W2148615889","https://openalex.org/W2397750901","https://openalex.org/W2793871003","https://openalex.org/W3097802856","https://openalex.org/W3163348056","https://openalex.org/W4224436806"],"related_works":["https://openalex.org/W2038576114","https://openalex.org/W2135391373","https://openalex.org/W4250169555","https://openalex.org/W2610240957","https://openalex.org/W2048922778","https://openalex.org/W2092928019","https://openalex.org/W2331702421","https://openalex.org/W2124176030","https://openalex.org/W989433362","https://openalex.org/W2808363712"],"abstract_inverted_index":{"In":[0],"the":[1,34,48,84,103,131,140,158,175,181,200,218,223,251,258],"rapidly":[2],"evolving":[3,112,231],"landscape":[4],"of":[5,36,50,87,107,133,142,148,160,183,202,225,253,261],"mobile":[6,54,63,79,187,232],"application":[7],"ecosystems,":[8,55],"security":[9,39,74,108,144,161,184,219,228,262],"vulnerabilities":[10,150,208,255],"pose":[11],"significant":[12,94],"risks":[13],"to":[14,23,130,214,242,246],"user":[15],"privacy":[16],"and":[17,25,71,105,151,154,205,238,256],"system":[18],"integrity.":[19],"Despite":[20],"considerable":[21],"efforts":[22,245],"identify":[24],"patch":[26],"these":[27],"vulnerabilities,":[28],"an":[29,44],"alarming":[30],"trend":[31],"has":[32],"emerged:":[33],"reappearance":[35],"previously":[37,89],"resolved":[38,207],"issues.":[40],"This":[41,97,211],"paper":[42,212],"presents":[43],"empirical":[45],"study":[46],"on":[47,60],"phenomenon":[49],"\"vulnerability":[51],"resurfacing\"":[52],"in":[53,76,110,139,186,229],"with":[56],"a":[57,61,77,88,93,169,193],"specific":[58],"focus":[59],"prominent":[62],"platform.":[64],"Building":[65],"upon":[66],"prior":[67],"research":[68,179,220],"that":[69],"identified":[70],"reported":[72],"critical":[73,143,194],"flaws":[75],"major":[78],"app-in-app":[80],"ecosystem,":[81],"we":[82,164,240],"observed":[83],"unexpected":[85],"resurgence":[86],"patched":[90],"vulnerability":[91],"after":[92],"time":[95],"interval.":[96],"finding":[98],"raises":[99],"important":[100],"questions":[101],"about":[102,222],"longevity":[104],"efficacy":[106],"patches":[109,185],"complex,":[111,230],"software":[113],"systems.":[114],"Our":[115],"initial":[116],"findings":[117],"suggest":[118],"several":[119],"potential":[120],"causes":[121],"for":[122,177,196,249],"this":[123,191],"phenomenon,":[124],"including":[125],"code":[126],"management":[127],"issues":[128],"leading":[129],"reintroduction":[132],"vulnerable":[134],"code,":[135],"developer":[136],"turnover":[137],"resulting":[138],"loss":[141],"knowledge,":[145],"inadequate":[146],"documentation":[147],"past":[149],"their":[152],"fixes,":[153],"organizational":[155],"changes":[156],"affecting":[157],"continuity":[159],"practices.":[162],"Although":[163],"have":[165],"not":[166],"yet":[167],"conducted":[168],"comprehensive":[170],"investigation,":[171],"our":[172,236],"observations":[173,237],"highlight":[174],"need":[176],"further":[178],"into":[180],"lifecycle":[182],"ecosystems.":[188],"We":[189],"propose":[190],"as":[192],"area":[195],"future":[197],"work,":[198],"emphasizing":[199],"importance":[201],"understanding":[203],"how":[204],"why":[206],"may":[209],"resurface.":[210],"aims":[213],"spark":[215],"discussion":[216],"within":[217],"community":[221],"challenges":[224],"maintaining":[226],"long-term":[227],"platforms.":[233],"By":[234],"sharing":[235],"hypotheses,":[239],"hope":[241],"encourage":[243],"collaborative":[244],"develop":[247],"strategies":[248],"preventing":[250],"recurrence":[252],"known":[254],"ensuring":[257],"lasting":[259],"effectiveness":[260],"patches.":[263]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}