{"id":"https://openalex.org/W3003683622","doi":"https://doi.org/10.1587/transinf.2019inp0011","title":"Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library","display_name":"Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library","publication_year":2020,"publication_date":"2020-01-31","ids":{"openalex":"https://openalex.org/W3003683622","doi":"https://doi.org/10.1587/transinf.2019inp0011","mag":"3003683622"},"language":"en","primary_location":{"id":"doi:10.1587/transinf.2019inp0011","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2019inp0011","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/2/E103.D_2019INP0011/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/2/E103.D_2019INP0011/_pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100907993","display_name":"Takuya Watanabe","orcid":"https://orcid.org/0000-0002-9166-1749"},"institutions":[{"id":"https://openalex.org/I150744194","display_name":"Waseda University","ror":"https://ror.org/00ntfnx83","country_code":"JP","type":"education","lineage":["https://openalex.org/I150744194"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takuya WATANABE","raw_affiliation_strings":["NTT Secure Platform Laboratories","Waseda University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]},{"raw_affiliation_string":"Waseda University","institution_ids":["https://openalex.org/I150744194"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012291537","display_name":"Mitsuaki Akiyama","orcid":"https://orcid.org/0000-0001-7052-8562"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mitsuaki AKIYAMA","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016083227","display_name":"Fumihiro Kanei","orcid":"https://orcid.org/0000-0002-5212-9274"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fumihiro KANEI","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001132409","display_name":"Eitaro Shioji","orcid":"https://orcid.org/0000-0001-8743-9101"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Eitaro SHIOJI","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024697484","display_name":"Yuta Takata","orcid":"https://orcid.org/0009-0008-2773-0659"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yuta TAKATA","raw_affiliation_strings":["PwC Cyber Services LLC"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"PwC Cyber Services LLC","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112302757","display_name":"Bo Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Bo SUN","raw_affiliation_strings":["National Institute of Information and Communications Technology"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5089096265","display_name":"Yuta Ishii","orcid":null},"institutions":[{"id":"https://openalex.org/I150744194","display_name":"Waseda University","ror":"https://ror.org/00ntfnx83","country_code":"JP","type":"education","lineage":["https://openalex.org/I150744194"]},{"id":"https://openalex.org/I2801547476","display_name":"NTT Medical Center","ror":"https://ror.org/0285prp25","country_code":"JP","type":"healthcare","lineage":["https://openalex.org/I2801547476"]},{"id":"https://openalex.org/I4210132747","display_name":"Cyber Laser (Japan)","ror":"https://ror.org/03vrph192","country_code":"JP","type":"company","lineage":["https://openalex.org/I4210132747"]},{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Yuta ISHII","raw_affiliation_strings":["The authors are with Waseda University, Tokyo, 169-8555 Japan","The author is with PwC Cyber Services LLC, Tokyo, 100-0004 Japan","The author is with National Institute of Information and Com-munications Technology, Koganei-shi, 184-8795 Japan","The author is with NTT Security (Japan) KK, Tokyo, 101-0021, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The authors are with Waseda University, Tokyo, 169-8555 Japan","institution_ids":["https://openalex.org/I150744194"]},{"raw_affiliation_string":"The author is with PwC Cyber Services LLC, Tokyo, 100-0004 Japan","institution_ids":["https://openalex.org/I4210132747"]},{"raw_affiliation_string":"The author is with National Institute of Information and Com-munications Technology, Koganei-shi, 184-8795 Japan","institution_ids":["https://openalex.org/I90023481"]},{"raw_affiliation_string":"The author is with NTT Security (Japan) KK, Tokyo, 101-0021, Japan","institution_ids":["https://openalex.org/I2801547476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027436126","display_name":"Toshiki Shibahara","orcid":"https://orcid.org/0000-0002-2192-4355"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Toshiki SHIBAHARA","raw_affiliation_strings":["NTT Secure Platform Laboratories"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Secure Platform Laboratories","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101666644","display_name":"Takeshi Yagi","orcid":"https://orcid.org/0009-0006-6414-8815"},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takeshi YAGI","raw_affiliation_strings":["NTT Security (Japan) KK"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Security (Japan) KK","institution_ids":["https://openalex.org/I2251713219"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064493291","display_name":"Tatsuya Mori","orcid":"https://orcid.org/0000-0003-1583-4174"},"institutions":[{"id":"https://openalex.org/I150744194","display_name":"Waseda University","ror":"https://ror.org/00ntfnx83","country_code":"JP","type":"education","lineage":["https://openalex.org/I150744194"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tatsuya MORI","raw_affiliation_strings":["Waseda University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Waseda University","institution_ids":["https://openalex.org/I150744194"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":10,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.6083,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.64923037,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"E103.D","issue":"2","first_page":"276","last_page":"291"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9916999936103821,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9868000149726868,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.8257389068603516},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.7591851353645325},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.72899329662323},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.6597803235054016},{"id":"https://openalex.org/keywords/app-store","display_name":"App store","score":0.6310406923294067},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5865306854248047},{"id":"https://openalex.org/keywords/mobile-device","display_name":"Mobile device","score":0.5055432319641113},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5052822232246399},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4991285800933838},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4375953674316406},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.21861106157302856},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13461065292358398},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.11660447716712952}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.8257389068603516},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.7591851353645325},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.72899329662323},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.6597803235054016},{"id":"https://openalex.org/C2779794324","wikidata":"https://www.wikidata.org/wiki/Q3814081","display_name":"App store","level":2,"score":0.6310406923294067},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5865306854248047},{"id":"https://openalex.org/C186967261","wikidata":"https://www.wikidata.org/wiki/Q5082128","display_name":"Mobile device","level":2,"score":0.5055432319641113},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5052822232246399},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4991285800933838},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4375953674316406},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.21861106157302856},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13461065292358398},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.11660447716712952},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1587/transinf.2019inp0011","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2019inp0011","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/2/E103.D_2019INP0011/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1587/transinf.2019inp0011","is_oa":true,"landing_page_url":"https://doi.org/10.1587/transinf.2019inp0011","pdf_url":"https://www.jstage.jst.go.jp/article/transinf/E103.D/2/E103.D_2019INP0011/_pdf","source":{"id":"https://openalex.org/S2486202937","display_name":"IEICE Transactions on Information and Systems","issn_l":"0916-8532","issn":["0916-8532","1745-1361"],"is_oa":true,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4320800604","host_organization_name":"Institute of Electronics, Information and Communication Engineers","host_organization_lineage":["https://openalex.org/P4320800604"],"host_organization_lineage_names":["Institute of Electronics, Information and Communication Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEICE Transactions on Information and Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3003683622.pdf","grobid_xml":"https://content.openalex.org/works/W3003683622.grobid-xml"},"referenced_works_count":33,"referenced_works":["https://openalex.org/W1578479379","https://openalex.org/W1699449651","https://openalex.org/W1912565424","https://openalex.org/W1976596267","https://openalex.org/W2013856010","https://openalex.org/W2014390890","https://openalex.org/W2034612601","https://openalex.org/W2069442545","https://openalex.org/W2086893284","https://openalex.org/W2087804676","https://openalex.org/W2091540464","https://openalex.org/W2103350028","https://openalex.org/W2103370348","https://openalex.org/W2114275288","https://openalex.org/W2141554582","https://openalex.org/W2148009765","https://openalex.org/W2336795619","https://openalex.org/W2400269587","https://openalex.org/W2441135008","https://openalex.org/W2491928626","https://openalex.org/W2506226457","https://openalex.org/W2510008933","https://openalex.org/W2532717356","https://openalex.org/W2559490865","https://openalex.org/W2626709399","https://openalex.org/W2730608559","https://openalex.org/W2765843494","https://openalex.org/W2886368623","https://openalex.org/W2925087824","https://openalex.org/W2999585024","https://openalex.org/W3122064229","https://openalex.org/W3136390528","https://openalex.org/W4237862031"],"related_works":["https://openalex.org/W3142571737","https://openalex.org/W2922039621","https://openalex.org/W2887633424","https://openalex.org/W2605037362","https://openalex.org/W2890710341","https://openalex.org/W3173766926","https://openalex.org/W3120409491","https://openalex.org/W2605404816","https://openalex.org/W785354139","https://openalex.org/W4299123576"],"abstract_inverted_index":{"This":[0,96],"paper":[1],"reports":[2],"a":[3],"large-scale":[4],"study":[5],"that":[6,66,86,101],"aims":[7],"to":[8,92,107,129],"understand":[9,37],"how":[10,38],"mobile":[11,132],"application":[12],"(app)":[13],"vulnerabilities":[14,45,70],"are":[15],"associated":[16,46],"with":[17,47],"software":[18,76],"libraries.":[19,48,81],"We":[20,49],"analyze":[21],"both":[22],"free":[23,52],"and":[24,53,114],"paid":[25,28,54,89,104],"apps.":[26],"Studying":[27],"apps":[29,55,73,90,105],"was":[30],"quite":[31],"meaningful":[32],"because":[33],"it":[34],"helped":[35],"us":[36],"differences":[39],"in":[40],"app":[41,133],"development/maintenance":[42],"affect":[43],"the":[44,58,99,118],"analyzed":[50],"30k":[51],"collected":[56],"from":[57,75,79,98],"official":[59],"Android":[60],"marketplace.":[61],"Our":[62],"extensive":[63],"analyses":[64],"revealed":[65],"approximately":[67],"70%/50%":[68],"of":[69,71,120,131],"free/paid":[72],"stem":[74],"libraries,":[77,115],"particularly":[78],"third-party":[80],"Somewhat":[82],"paradoxically,":[83],"we":[84,126],"found":[85],"more":[87,94,102,109,112],"expensive/popular":[88,103],"tend":[91,106],"have":[93,108],"vulnerabilities.":[95,121],"comes":[97],"fact":[100],"functionality,":[110],"i.e.,":[111],"code":[113],"which":[116],"increases":[117],"probability":[119],"Based":[122],"on":[123],"our":[124],"findings,":[125],"provide":[127],"suggestions":[128],"stakeholders":[130],"distribution":[134],"ecosystems.":[135]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}