{"id":"https://openalex.org/W2991471769","doi":"https://doi.org/10.3390/e21121136","title":"A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices","display_name":"A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices","publication_year":2019,"publication_date":"2019-11-21","ids":{"openalex":"https://openalex.org/W2991471769","doi":"https://doi.org/10.3390/e21121136","mag":"2991471769"},"language":"en","primary_location":{"id":"doi:10.3390/e21121136","is_oa":true,"landing_page_url":"https://doi.org/10.3390/e21121136","pdf_url":"https://www.mdpi.com/1099-4300/21/12/1136/pdf?version=1575366450","source":{"id":"https://openalex.org/S195231649","display_name":"Entropy","issn_l":"1099-4300","issn":["1099-4300"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/1099-4300/21/12/1136/pdf?version=1575366450","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009762072","display_name":"Francisco Jos\u00e9 Ram\u00edrez-L\u00f3pez","orcid":null},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Francisco Jos\u00e9 Ram\u00edrez-L\u00f3pez","raw_affiliation_strings":["Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain"],"affiliations":[{"raw_affiliation_string":"Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain","institution_ids":["https://openalex.org/I79238269"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5009713122","display_name":"\u00c1ngel Jes\u00fas Varela\u2010Vaca","orcid":"https://orcid.org/0000-0001-9953-6005"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"\u00c1ngel Jes\u00fas Varela-Vaca","raw_affiliation_strings":["Departamento de Lenguajes y Sistemas Inform\u00e1ticos, Universidad de Sevilla, 41012 Sevilla, Spain"],"affiliations":[{"raw_affiliation_string":"Departamento de Lenguajes y Sistemas Inform\u00e1ticos, Universidad de Sevilla, 41012 Sevilla, Spain","institution_ids":["https://openalex.org/I79238269"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001814377","display_name":"Jorge Ropero","orcid":"https://orcid.org/0000-0001-5445-0646"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Jorge Ropero","raw_affiliation_strings":["Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain"],"affiliations":[{"raw_affiliation_string":"Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain","institution_ids":["https://openalex.org/I79238269"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052556771","display_name":"J. Luque","orcid":"https://orcid.org/0000-0001-9041-0035"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Joaqu\u00edn Luque","raw_affiliation_strings":["Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain"],"affiliations":[{"raw_affiliation_string":"Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain","institution_ids":["https://openalex.org/I79238269"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064211200","display_name":"Alejandro Carrasco","orcid":"https://orcid.org/0000-0001-9474-3929"},"institutions":[{"id":"https://openalex.org/I79238269","display_name":"Universidad de Sevilla","ror":"https://ror.org/03yxnpp24","country_code":"ES","type":"education","lineage":["https://openalex.org/I79238269"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"Alejandro Carrasco","raw_affiliation_strings":["Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain"],"affiliations":[{"raw_affiliation_string":"Departamento de Tecnolog\u00eda Electr\u00f3nica, Universidad de Sevilla, 41012 Sevilla, Spain","institution_ids":["https://openalex.org/I79238269"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5064211200"],"corresponding_institution_ids":["https://openalex.org/I79238269"],"apc_list":{"value":2000,"currency":"CHF","value_usd":2165},"apc_paid":{"value":2000,"currency":"CHF","value_usd":2165},"fwci":1.0015,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.77282132,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"21","issue":"12","first_page":"1136","last_page":"1136"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.7157588005065918},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6914702653884888},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6544497013092041},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6496111750602722},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.5932397246360779},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.47723057866096497},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.46839284896850586},{"id":"https://openalex.org/keywords/android-application","display_name":"Android application","score":0.4466783404350281},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14108818769454956},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.11373627185821533},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.09990191459655762},{"id":"https://openalex.org/keywords/medicine","display_name":"Medicine","score":0.090186208486557},{"id":"https://openalex.org/keywords/accounting","display_name":"Accounting","score":0.0816807746887207}],"concepts":[{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.7157588005065918},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6914702653884888},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6544497013092041},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6496111750602722},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.5932397246360779},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.47723057866096497},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.46839284896850586},{"id":"https://openalex.org/C3017891749","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android application","level":3,"score":0.4466783404350281},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14108818769454956},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.11373627185821533},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.09990191459655762},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.090186208486557},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.0816807746887207},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.3390/e21121136","is_oa":true,"landing_page_url":"https://doi.org/10.3390/e21121136","pdf_url":"https://www.mdpi.com/1099-4300/21/12/1136/pdf?version=1575366450","source":{"id":"https://openalex.org/S195231649","display_name":"Entropy","issn_l":"1099-4300","issn":["1099-4300"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:d6d8aac7f2324f52bd7cbcc7f5f963af","is_oa":true,"landing_page_url":"https://doaj.org/article/d6d8aac7f2324f52bd7cbcc7f5f963af","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Entropy, Vol 21, Iss 12, p 1136 (2019)","raw_type":"article"},{"id":"pmh:oai:idus.us.es:11441/152937","is_oa":true,"landing_page_url":"https://idus.us.es/handle//11441/152937","pdf_url":null,"source":{"id":"https://openalex.org/S4306400333","display_name":"idUS (Universidad de Sevilla)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79238269","host_organization_name":"Universidad de Sevilla","host_organization_lineage":["https://openalex.org/I79238269"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"info:eu-repo/semantics/article"},{"id":"pmh:oai:mdpi.com:/1099-4300/21/12/1136/","is_oa":true,"landing_page_url":"http://dx.doi.org/10.3390/e21121136","pdf_url":null,"source":{"id":"https://openalex.org/S4306400947","display_name":"MDPI (MDPI AG)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210097602","host_organization_name":"Multidisciplinary Digital Publishing Institute (Switzerland)","host_organization_lineage":["https://openalex.org/I4210097602"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Entropy","raw_type":"Text"},{"id":"pmh:oai:pubmedcentral.nih.gov:7514482","is_oa":true,"landing_page_url":"https://www.ncbi.nlm.nih.gov/pmc/articles/7514482","pdf_url":null,"source":{"id":"https://openalex.org/S2764455111","display_name":"PubMed Central","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1299303238","host_organization_name":"National Institutes of Health","host_organization_lineage":["https://openalex.org/I1299303238"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Entropy (Basel)","raw_type":"Text"}],"best_oa_location":{"id":"doi:10.3390/e21121136","is_oa":true,"landing_page_url":"https://doi.org/10.3390/e21121136","pdf_url":"https://www.mdpi.com/1099-4300/21/12/1136/pdf?version=1575366450","source":{"id":"https://openalex.org/S195231649","display_name":"Entropy","issn_l":"1099-4300","issn":["1099-4300"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Entropy","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1696861386","display_name":null,"funder_award_id":"ECLIPSE (RTI2018-094283-B-C33)","funder_id":"https://openalex.org/F4320323896","funder_display_name":"Ministerio de Ciencia Tecnolog\u00eda y Telecomunicaciones"},{"id":"https://openalex.org/G4233851808","display_name":null,"funder_award_id":"METAMORFOSIS","funder_id":"https://openalex.org/F4320326754","funder_display_name":"Junta de Andaluc\u00eda"}],"funders":[{"id":"https://openalex.org/F4320323896","display_name":"Ministerio de Ciencia Tecnolog\u00eda y Telecomunicaciones","ror":"https://ror.org/05dbsyw70"},{"id":"https://openalex.org/F4320326754","display_name":"Junta de Andaluc\u00eda","ror":"https://ror.org/01jem9c82"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2991471769.pdf","grobid_xml":"https://content.openalex.org/works/W2991471769.grobid-xml"},"referenced_works_count":18,"referenced_works":["https://openalex.org/W967998618","https://openalex.org/W1536059956","https://openalex.org/W1581441633","https://openalex.org/W1598030593","https://openalex.org/W2050053627","https://openalex.org/W2075250301","https://openalex.org/W2091749879","https://openalex.org/W2103370348","https://openalex.org/W2129426180","https://openalex.org/W2319116011","https://openalex.org/W2507568508","https://openalex.org/W2591587973","https://openalex.org/W2616068566","https://openalex.org/W2741105310","https://openalex.org/W2752036031","https://openalex.org/W2761748950","https://openalex.org/W2763488676","https://openalex.org/W6673293151"],"related_works":["https://openalex.org/W327645657","https://openalex.org/W2012891774","https://openalex.org/W4298063370","https://openalex.org/W2482892055","https://openalex.org/W2965382761","https://openalex.org/W4299620683","https://openalex.org/W2464350861","https://openalex.org/W4229710179","https://openalex.org/W3092209205","https://openalex.org/W4253505977"],"abstract_inverted_index":{"The":[0],"use":[1,84],"of":[2,40,85],"mobile":[3],"devices":[4],"has":[5,17,24],"undergone":[6],"rapid":[7],"growth":[8],"in":[9,88],"recent":[10],"years.":[11],"However,":[12],"on":[13],"some":[14,53,64,79],"occasions,":[15],"security":[16,54,86,107],"been":[18,25],"neglected":[19],"when":[20],"developing":[21],"applications.":[22],"SSL/TLS":[23],"used":[26,90],"for":[27,67,120],"years":[28],"to":[29,56,81],"secure":[30],"communications":[31],"although":[32],"it":[33],"is":[34,45],"not":[35],"a":[36,118],"vulnerability-free":[37],"protocol.":[38],"One":[39],"the":[41,83,105,110],"most":[42],"common":[43],"vulnerabilities":[44],"SSL":[46,60,94],"pinning":[47,61,95],"bypassing.":[48,62],"This":[49,115],"paper":[50],"first":[51],"describes":[52],"controls":[55,87,108],"help":[57],"protect":[58],"against":[59],"Subsequently,":[63],"existing":[65],"methods":[66,74,111],"bypassing":[68,96],"are":[69,75,113],"presented":[70],"and":[71,92,109,122],"two":[72],"new":[73],"defined.":[76],"We":[77],"performed":[78],"experiments":[80],"check":[82],"widely":[89],"applications,":[91],"applied":[93],"methods.":[97],"Finally,":[98],"we":[99],"created":[100],"an":[101],"applicability":[102],"framework,":[103],"relating":[104],"implemented":[106],"that":[112],"applicable.":[114],"framework":[116],"provides":[117],"guideline":[119],"pentesters":[121],"app":[123],"developers.":[124]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":5}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}