{"id":"https://openalex.org/W7163568304","doi":"https://doi.org/10.1145/3779208.3807487","title":"CCA-Droid: Context-Aware Cryptographic API Misuse Detection in Android Apps","display_name":"CCA-Droid: Context-Aware Cryptographic API Misuse Detection in Android Apps","publication_year":2026,"publication_date":"2026-06-01","ids":{"openalex":"https://openalex.org/W7163568304","doi":"https://doi.org/10.1145/3779208.3807487"},"language":null,"primary_location":{"id":"doi:10.1145/3779208.3807487","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779208.3807487","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3779208.3807487","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5137905537","display_name":"Minwook Lee","orcid":"https://orcid.org/0000-0002-6423-1700"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Minwook Lee","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-6423-1700","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137859183","display_name":"Eunsoo Kim","orcid":"https://orcid.org/0000-0002-5856-5528"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Eunsoo Kim","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-5856-5528","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137890956","display_name":"Sanghak Oh","orcid":"https://orcid.org/0000-0002-5047-5683"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Sanghak Oh","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-5047-5683","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137880194","display_name":"Joonsang Baek","orcid":"https://orcid.org/0000-0003-2613-2127"},"institutions":[{"id":"https://openalex.org/I204824540","display_name":"University of Wollongong","ror":"https://ror.org/00jtmb277","country_code":"AU","type":"education","lineage":["https://openalex.org/I204824540"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Joonsang Baek","raw_affiliation_strings":["School of Computing and Information Technology, University of Wollongong, Wollongong, Australia"],"raw_orcid":"https://orcid.org/0000-0003-2613-2127","affiliations":[{"raw_affiliation_string":"School of Computing and Information Technology, University of Wollongong, Wollongong, Australia","institution_ids":["https://openalex.org/I204824540"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5137836488","display_name":"Willy Susilo","orcid":"https://orcid.org/0000-0002-1562-5105"},"institutions":[{"id":"https://openalex.org/I204824540","display_name":"University of Wollongong","ror":"https://ror.org/00jtmb277","country_code":"AU","type":"education","lineage":["https://openalex.org/I204824540"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Willy Susilo","raw_affiliation_strings":["School of Computing and Information Technology, University of Wollongong, Wollongong, Australia"],"raw_orcid":"https://orcid.org/0000-0002-1562-5105","affiliations":[{"raw_affiliation_string":"School of Computing and Information Technology, University of Wollongong, Wollongong, Australia","institution_ids":["https://openalex.org/I204824540"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5137907751","display_name":"Hyoungshick Kim","orcid":"https://orcid.org/0000-0002-1605-3866"},"institutions":[{"id":"https://openalex.org/I848706","display_name":"Sungkyunkwan University","ror":"https://ror.org/04q78tk20","country_code":"KR","type":"education","lineage":["https://openalex.org/I848706"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Hyoungshick Kim","raw_affiliation_strings":["Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea"],"raw_orcid":"https://orcid.org/0000-0002-1605-3866","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, Sungkyunkwan University, Suwon, Republic of Korea","institution_ids":["https://openalex.org/I848706"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.91564662,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1475","last_page":"1490"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9865999817848206,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9865999817848206,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.005400000140070915,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.0012000000569969416,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6363999843597412},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6118999719619751},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5415999889373779},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.48080000281333923},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.44600000977516174},{"id":"https://openalex.org/keywords/key-exchange","display_name":"Key exchange","score":0.4124000072479248},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.3783000111579895},{"id":"https://openalex.org/keywords/permission","display_name":"Permission","score":0.3682999908924103},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.3456000089645386}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7997000217437744},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6363999843597412},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6118999719619751},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5415999889373779},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.48080000281333923},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4765999913215637},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.44600000977516174},{"id":"https://openalex.org/C99674996","wikidata":"https://www.wikidata.org/wiki/Q1414155","display_name":"Key exchange","level":4,"score":0.4124000072479248},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.3783000111579895},{"id":"https://openalex.org/C2779089604","wikidata":"https://www.wikidata.org/wiki/Q7169333","display_name":"Permission","level":2,"score":0.3682999908924103},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.34599998593330383},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.3456000089645386},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.3441999852657318},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.329800009727478},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3280999958515167},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.3271999955177307},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3215000033378601},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.32019999623298645},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.31459999084472656},{"id":"https://openalex.org/C2776190703","wikidata":"https://www.wikidata.org/wiki/Q488148","display_name":"Slicing","level":2,"score":0.30480000376701355},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.2948000133037567},{"id":"https://openalex.org/C28420585","wikidata":"https://www.wikidata.org/wiki/Q2665075","display_name":"Timing attack","level":4,"score":0.29440000653266907},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.2671999931335449},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.2549000084400177}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3779208.3807487","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779208.3807487","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3779208.3807487","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3779208.3807487","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Asia Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5875800848007202,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W1551910192","https://openalex.org/W1656028867","https://openalex.org/W1656678770","https://openalex.org/W1809974132","https://openalex.org/W2008810193","https://openalex.org/W2025411198","https://openalex.org/W2092483417","https://openalex.org/W2100420477","https://openalex.org/W2145994642","https://openalex.org/W2159840470","https://openalex.org/W2270246438","https://openalex.org/W2270478131","https://openalex.org/W2357927175","https://openalex.org/W2400329213","https://openalex.org/W2625365318","https://openalex.org/W2698406033","https://openalex.org/W2742429299","https://openalex.org/W2742827529","https://openalex.org/W2767943400","https://openalex.org/W2807181794","https://openalex.org/W2915352631","https://openalex.org/W2964144088","https://openalex.org/W2973035781","https://openalex.org/W2984297109","https://openalex.org/W2985320478","https://openalex.org/W3039516369","https://openalex.org/W3130630582","https://openalex.org/W3182110757","https://openalex.org/W3202783877","https://openalex.org/W4385644434","https://openalex.org/W4386025619","https://openalex.org/W4402217606"],"related_works":[],"abstract_inverted_index":{"We":[0],"present":[1],"CCA-Droid,":[2],"a":[3],"static":[4],"analysis":[5,31],"tool":[6],"designed":[7],"to":[8,13,29,37],"detect":[9],"cryptographic":[10,109],"misuse":[11],"related":[12],"chosen-ciphertext":[14],"attacks":[15,19],"(CCA)":[16],"and":[17,45,66,85,104,120],"chosen-plaintext":[18],"(CPA).":[20],"CCA-Droid":[21,57,93],"utilizes":[22],"three":[23],"key":[24],"techniques:":[25],"domain-specific":[26],"slicing":[27],"optimization":[28],"reduce":[30],"noise,":[32],"crypto-state-aware":[33],"call":[34],"graph":[35],"construction":[36],"capture":[38],"indirect":[39],"data":[40],"flows":[41],"via":[42],"member":[43],"variables,":[44],"conditional":[46],"constant":[47],"propagation":[48],"for":[49],"improved":[50],"path":[51],"sensitivity.":[52],"Our":[53],"evaluation":[54],"demonstrates":[55],"that":[56],"achieves":[58],"100%":[59,83],"accuracy":[60,69],"on":[61,70,74],"CryptoAPI-Bench,":[62],"surpassing":[63],"CryptoGuard":[64,102],"(72.3%),":[65],"maintains":[67],"94.8%":[68],"mutated":[71],"code.":[72],"Evaluations":[73],"the":[75,125],"Ghera":[76],"benchmark":[77],"further":[78],"confirm":[79],"CCA-Droid's":[80],"effectiveness,":[81],"achieving":[82],"recall":[84],"81.8%":[86],"accuracy.":[87],"On":[88],"16,284":[89],"real-world":[90],"Android":[91],"apps,":[92],"analyzed":[94],"96.4%,":[95],"significantly":[96],"outperforming":[97],"existing":[98],"tools":[99],"such":[100],"as":[101],"(80.4%)":[103],"QARK":[105],"(40.0%).":[106],"It":[107],"identified":[108],"vulnerabilities":[110],"in":[111],"12,678":[112],"apps":[113],"(77.9%),":[114],"with":[115],"IV":[116],"reuse,":[117],"hardcoded":[118],"keys,":[119],"missing":[121],"authenticated":[122],"encryption":[123],"being":[124],"most":[126],"prevalent":[127],"issues.":[128]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-06-05T00:00:00"}