{"id":"https://openalex.org/W4416549504","doi":"https://doi.org/10.1145/3719027.3765034","title":"Parcel Mismatch Demystified: Addressing a Decade-Old Security Challenge in Android","display_name":"Parcel Mismatch Demystified: Addressing a Decade-Old Security Challenge in Android","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549504","doi":"https://doi.org/10.1145/3719027.3765034"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765034","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765034","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765034","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765034","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013450861","display_name":"Sheng Lun Cao","orcid":"https://orcid.org/0009-0009-1532-1636"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Sheng Cao","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100396821","display_name":"Hao Zhou","orcid":"https://orcid.org/0000-0001-8890-9208"},"institutions":[{"id":"https://openalex.org/I14243506","display_name":"Hong Kong Polytechnic University","ror":"https://ror.org/0030zas98","country_code":"HK","type":"education","lineage":["https://openalex.org/I14243506"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Hao Zhou","raw_affiliation_strings":["The Hong Kong Polytechnic University, Hong Kong, China"],"affiliations":[{"raw_affiliation_string":"The Hong Kong Polytechnic University, Hong Kong, China","institution_ids":["https://openalex.org/I14243506"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021517526","display_name":"Songzhou Shi","orcid":"https://orcid.org/0009-0001-8764-0582"},"institutions":[{"id":"https://openalex.org/I4210164009","display_name":"Guangdong Baiyun University","ror":"https://ror.org/04wmrj902","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210164009"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Songzhou Shi","raw_affiliation_strings":["Guangdong Baiyun University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Guangdong Baiyun University, Guangzhou, China","institution_ids":["https://openalex.org/I4210164009"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023970004","display_name":"Yanjie Zhao","orcid":"https://orcid.org/0000-0001-8793-5367"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanjie Zhao","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5115695530","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5013450861"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.45069618,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"2683","last_page":"2698"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.6919000148773193,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.6919000148773193,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.25519999861717224,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.0071000000461936,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6341000199317932},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.47099998593330383},{"id":"https://openalex.org/keywords/bundle","display_name":"Bundle","score":0.454800009727478},{"id":"https://openalex.org/keywords/rootkit","display_name":"Rootkit","score":0.444599986076355},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.43130001425743103},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.40779998898506165},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.38690000772476196},{"id":"https://openalex.org/keywords/border-security","display_name":"Border Security","score":0.3474999964237213},{"id":"https://openalex.org/keywords/security-testing","display_name":"Security testing","score":0.3154999911785126}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7786999940872192},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.682200014591217},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6341000199317932},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.47099998593330383},{"id":"https://openalex.org/C2778134712","wikidata":"https://www.wikidata.org/wiki/Q1047307","display_name":"Bundle","level":2,"score":0.454800009727478},{"id":"https://openalex.org/C10144332","wikidata":"https://www.wikidata.org/wiki/Q14645","display_name":"Rootkit","level":3,"score":0.444599986076355},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.43130001425743103},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.40779998898506165},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.38690000772476196},{"id":"https://openalex.org/C2780934415","wikidata":"https://www.wikidata.org/wiki/Q20997131","display_name":"Border Security","level":2,"score":0.3474999964237213},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.3154999911785126},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.3093000054359436},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.3075000047683716},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2985000014305115},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.296099990606308},{"id":"https://openalex.org/C131275738","wikidata":"https://www.wikidata.org/wiki/Q7445023","display_name":"Security bug","level":5,"score":0.29420000314712524},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.2888000011444092},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.2863999903202057},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.2854999899864197},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.26919999718666077},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.25940001010894775},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2590000033378601},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.25619998574256897},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.25600001215934753},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.2549999952316284},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.2535000145435333}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765034","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765034","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765034","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765034","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765034","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765034","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1121271761","display_name":null,"funder_award_id":"Program","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G391238517","display_name":null,"funder_award_id":", and","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416549504.pdf","grobid_xml":"https://content.openalex.org/works/W4416549504.grobid-xml"},"referenced_works_count":16,"referenced_works":["https://openalex.org/W2102197271","https://openalex.org/W2140095007","https://openalex.org/W2153578567","https://openalex.org/W2763994238","https://openalex.org/W2789555918","https://openalex.org/W2890471546","https://openalex.org/W2891458271","https://openalex.org/W2963894653","https://openalex.org/W3014477729","https://openalex.org/W3120074996","https://openalex.org/W4210309948","https://openalex.org/W4225581256","https://openalex.org/W4308632258","https://openalex.org/W4308641639","https://openalex.org/W4400680901","https://openalex.org/W4411337526"],"related_works":[],"abstract_inverted_index":{"Parcel":[0,66,138],"Mismatch":[1,67,139],"vulnerabilities":[2,49],"in":[3,33,38,56,126,201],"Android's":[4,191],"Inter-Process":[5],"Communication":[6],"(IPC)":[7],"mechanism":[8,37],"have":[9,110,132],"been":[10,43,111,133],"a":[11,17,71,141],"persistent":[12],"security":[13,143,170,193,204],"challenge":[14],"for":[15,76,84,146,153,189],"over":[16],"decade,":[18],"leading":[19],"to":[20,118,150,172],"numerous":[21],"privilege":[22],"escalation":[23],"exploits.":[24],"While":[25],"Google":[26,166],"has":[27,42,167],"implemented":[28],"various":[29],"mitigation":[30],"strategies,":[31],"culminating":[32],"the":[34,54,61,93,196],"Lazy":[35],"Bundle":[36,88],"Android":[39,147],"13,":[40],"there":[41],"no":[44],"systematic":[45,199],"analysis":[46,74,200],"of":[47,65,95,108,130,198],"these":[48,78],"and":[50,87,106,122,152,194],"mitigations.":[51,183],"To":[52],"fill":[53],"gap,":[55],"this":[57],"paper,":[58],"we":[59],"conduct":[60],"first":[62],"comprehensive":[63],"study":[64,185],"vulnerabilities,":[68,105],"proposing":[69],"ParcelTaint,":[70],"new":[72,96,116,123],"static":[73],"approach":[75],"detecting":[77],"issues.":[79],"We":[80,99,135],"develop":[81],"precise":[82],"models":[83],"tracking":[85],"Intent":[86],"transformations":[89],"across":[90],"processes,":[91],"enabling":[92],"discovery":[94],"attack":[97,124],"vectors.":[98],"reveal":[100],"10":[101],"previously":[102],"unknown":[103],"high-severity":[104],"5":[107],"them":[109,131],"assigned":[112],"with":[113],"CVEs,":[114],"including":[115],"ways":[117],"bypass":[119],"existing":[120],"mitigations":[121],"chains":[125],"system":[127,160],"services.":[128],"All":[129],"confirmed.":[134],"find":[136],"that":[137],"remains":[140],"significant":[142],"concern,":[144],"particularly":[145],"versions":[148],"prior":[149],"13":[151],"Original":[154],"Equipment":[155],"Manufacturers":[156],"(OEMs)":[157],"implementing":[158],"custom":[159],"components.":[161],"Based":[162],"on":[163,181],"our":[164],"findings,":[165],"revised":[168],"its":[169],"strategy":[171],"address":[173],"core":[174],"vulnerability":[175],"patterns":[176],"rather":[177],"than":[178],"relying":[179],"solely":[180],"system-level":[182],"The":[184],"provides":[186],"crucial":[187],"insights":[188],"improving":[190],"IPC":[192],"highlights":[195],"importance":[197],"addressing":[202],"long-standing":[203],"challenges.":[205]},"counts_by_year":[],"updated_date":"2026-03-22T08:09:32.410652","created_date":"2025-11-23T00:00:00"}