{"id":"https://openalex.org/W4411523105","doi":"https://doi.org/10.1145/3728898","title":"Walls Have Ears: Demystifying Notification Listener Usage in Android Apps","display_name":"Walls Have Ears: Demystifying Notification Listener Usage in Android Apps","publication_year":2025,"publication_date":"2025-06-22","ids":{"openalex":"https://openalex.org/W4411523105","doi":"https://doi.org/10.1145/3728898"},"language":"en","primary_location":{"id":"doi:10.1145/3728898","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3728898","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3728898","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108214335","display_name":"Jiapeng Deng","orcid":null},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiapeng Deng","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0005-1876-9285","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100647155","display_name":"Tianming Liu","orcid":"https://orcid.org/0000-0002-5216-933X"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Tianming Liu","raw_affiliation_strings":["Monash University, Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0002-5216-933X","affiliations":[{"raw_affiliation_string":"Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023970004","display_name":"Yanjie Zhao","orcid":"https://orcid.org/0000-0001-8793-5367"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanjie Zhao","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0001-8793-5367","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108112983","display_name":"Chao Wang","orcid":"https://orcid.org/0009-0006-8117-0352"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0009-0006-8117-0352","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101191179","display_name":"Lin Zhang","orcid":"https://orcid.org/0009-0004-6642-2238"},"institutions":[{"id":"https://openalex.org/I4210087772","display_name":"National Computer Network Emergency Response Technical Team/Coordination Center of Chinar","ror":"https://ror.org/00247dh76","country_code":"CN","type":"nonprofit","lineage":["https://openalex.org/I4210087772"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lin Zhang","raw_affiliation_strings":["The National Computer Emergency Response Team/Coordination Center of China (CNCERT/CC), Beijing, China"],"raw_orcid":"https://orcid.org/0009-0004-6642-2238","affiliations":[{"raw_affiliation_string":"The National Computer Emergency Response Team/Coordination Center of China (CNCERT/CC), Beijing, China","institution_ids":["https://openalex.org/I4210087772"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5115695530","display_name":"Haoyu Wang","orcid":"https://orcid.org/0000-0003-1100-8633"},"institutions":[{"id":"https://openalex.org/I47720641","display_name":"Huazhong University of Science and Technology","ror":"https://ror.org/00p991c53","country_code":"CN","type":"education","lineage":["https://openalex.org/I47720641"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haoyu Wang","raw_affiliation_strings":["Huazhong University of Science and Technology, Wuhan, China"],"raw_orcid":"https://orcid.org/0000-0003-1100-8633","affiliations":[{"raw_affiliation_string":"Huazhong University of Science and Technology, Wuhan, China","institution_ids":["https://openalex.org/I47720641"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5108214335"],"corresponding_institution_ids":["https://openalex.org/I47720641"],"apc_list":null,"apc_paid":null,"fwci":1.2595,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.79538462,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"2","issue":"ISSTA","first_page":"434","last_page":"456"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7639272212982178},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.6834405064582825},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.605589747428894},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5893429517745972},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5705447196960449},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.5488049983978271},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.5119699239730835},{"id":"https://openalex.org/keywords/vetting","display_name":"Vetting","score":0.4890638291835785},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.48628222942352295},{"id":"https://openalex.org/keywords/nls","display_name":"NLS","score":0.47393447160720825},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.46539485454559326},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.4447748363018036},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2559361755847931},{"id":"https://openalex.org/keywords/nuclear-localization-sequence","display_name":"Nuclear localization sequence","score":0.14452317357063293},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.10000687837600708},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.093991219997406}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7639272212982178},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.6834405064582825},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.605589747428894},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5893429517745972},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5705447196960449},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.5488049983978271},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.5119699239730835},{"id":"https://openalex.org/C2777230681","wikidata":"https://www.wikidata.org/wiki/Q7923820","display_name":"Vetting","level":2,"score":0.4890638291835785},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.48628222942352295},{"id":"https://openalex.org/C186435350","wikidata":"https://www.wikidata.org/wiki/Q1050365","display_name":"NLS","level":4,"score":0.47393447160720825},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.46539485454559326},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4447748363018036},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2559361755847931},{"id":"https://openalex.org/C49805395","wikidata":"https://www.wikidata.org/wiki/Q910966","display_name":"Nuclear localization sequence","level":3,"score":0.14452317357063293},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.10000687837600708},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.093991219997406},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C190062978","wikidata":"https://www.wikidata.org/wiki/Q79899","display_name":"Cytoplasm","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3728898","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3728898","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3728898","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3728898","pdf_url":null,"source":{"id":"https://openalex.org/S4404663975","display_name":"Proceedings of the ACM on software engineering.","issn_l":"2994-970X","issn":["2994-970X"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM on Software Engineering","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5699999928474426,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":33,"referenced_works":["https://openalex.org/W1414275305","https://openalex.org/W2041494023","https://openalex.org/W2078197322","https://openalex.org/W2080696000","https://openalex.org/W2136954161","https://openalex.org/W2148519244","https://openalex.org/W2329612710","https://openalex.org/W2365033090","https://openalex.org/W2407313496","https://openalex.org/W2511641045","https://openalex.org/W2513201734","https://openalex.org/W2534646665","https://openalex.org/W2857214792","https://openalex.org/W2896918769","https://openalex.org/W2910063638","https://openalex.org/W3000627442","https://openalex.org/W3008212203","https://openalex.org/W3034942609","https://openalex.org/W3161202781","https://openalex.org/W4244726870","https://openalex.org/W4245027182","https://openalex.org/W4281638412","https://openalex.org/W4308632289","https://openalex.org/W4313040705","https://openalex.org/W4385688668","https://openalex.org/W4391558601","https://openalex.org/W4394745423","https://openalex.org/W4396821716","https://openalex.org/W4400583632","https://openalex.org/W4400685978","https://openalex.org/W4401326184","https://openalex.org/W4402385799","https://openalex.org/W4402665833"],"related_works":["https://openalex.org/W3137893487","https://openalex.org/W2588786532","https://openalex.org/W2169930420","https://openalex.org/W2108865840","https://openalex.org/W2802914690","https://openalex.org/W4248793399","https://openalex.org/W3120410482","https://openalex.org/W2980021769","https://openalex.org/W2769878339","https://openalex.org/W3129671051"],"abstract_inverted_index":{"The":[0],"Notification":[1],"Listener":[2],"Service":[3],"(NLS)":[4],"in":[5,76,146,155],"Android":[6,77],"allows":[7],"third-party":[8],"apps":[9,115],"to":[10,31,72,82,94,99,133],"monitor":[11],"and":[12,23,54,70,91,98,130,152,170],"process":[13],"device":[14],"notifications,":[15],"enabling":[16],"powerful":[17],"features":[18],"but":[19],"also":[20,142],"introducing":[21],"security":[22,56],"privacy":[24,156],"risks.":[25],"Despite":[26],"the":[27,161],"special":[28],"permission":[29],"required":[30],"access":[32],"NLS,":[33],"it":[34],"has":[35],"been":[36],"recurrently":[37],"exploited":[38],"by":[39],"malicious":[40,139],"actors.":[41],"However,":[42],"there":[43],"is":[44,107],"a":[45,64,83],"lack":[46],"of":[47,86,167],"systematic":[48],"investigation":[49],"into":[50],"NLS":[51,74,96,106,122,132,147,168,176],"usage":[52,75,97,148,169],"patterns":[53],"their":[55],"implications.":[57],"In":[58],"this":[59],"paper,":[60],"we":[61],"propose":[62],"NLRadar,":[63],"hybrid":[65],"approach":[66],"combining":[67],"static":[68],"analysis":[69,103],"LLM":[71],"examine":[73],"apps.":[78],"We":[79,141],"apply":[80],"NLRadar":[81],"large":[84],"scale":[85],"apps,":[87,93],"including":[88],"both":[89],"malware":[90],"regular":[92],"demystify":[95],"uncover":[100],"abuses.":[101],"Our":[102,158],"reveals":[104],"that":[105],"heavily":[108],"abused,":[109],"with":[110],"interesting":[111],"discoveries":[112],"such":[113],"as":[114],"insecurely":[116],"storing":[117],"social":[118],"media":[119],"messages,":[120],"exploiting":[121],"for":[123,163],"destructive":[124],"competition":[125],"or":[126,137],"SMS":[127],"credential":[128],"stealing,":[129],"leveraging":[131],"spread":[134],"promotional":[135],"messages":[136],"even":[138],"links.":[140],"find":[143],"undisclosed":[144],"changes":[145],"through":[149],"app":[150],"updates":[151],"inadequate":[153],"disclosure":[154],"policies.":[157],"findings":[159],"emphasize":[160],"need":[162],"more":[164],"rigorous":[165],"vetting":[166],"better":[171],"developer":[172],"education":[173],"on":[174],"responsible":[175],"practices.":[177]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-29T09:16:38.111599","created_date":"2025-10-10T00:00:00"}