{"id":"https://openalex.org/W4412373330","doi":"https://doi.org/10.56553/popets-2025-0156","title":"Uncovering the App Cloud Access Risks under Recommended IAM Security Practices","display_name":"Uncovering the App Cloud Access Risks under Recommended IAM Security Practices","publication_year":2025,"publication_date":"2025-07-13","ids":{"openalex":"https://openalex.org/W4412373330","doi":"https://doi.org/10.56553/popets-2025-0156"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2025-0156","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0156","pdf_url":null,"source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.56553/popets-2025-0156","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107849963","display_name":"H. Lu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hengtong Lu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China,"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China,","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100456103","display_name":"Yan Zhang","orcid":"https://orcid.org/0000-0001-5575-6882"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yan Zhang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China,"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China,","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046717343","display_name":"Qingfeng Tang","orcid":"https://orcid.org/0009-0008-9893-4376"},"institutions":[{"id":"https://openalex.org/I111950717","display_name":"Macau University of Science and Technology","ror":"https://ror.org/03jqs2n27","country_code":"MO","type":"education","lineage":["https://openalex.org/I111950717","https://openalex.org/I4391767947"]}],"countries":["MO"],"is_corresponding":false,"raw_author_name":"Qingfeng Tang","raw_affiliation_strings":["Macau University of Science and Technology, FIE"],"affiliations":[{"raw_affiliation_string":"Macau University of Science and Technology, FIE","institution_ids":["https://openalex.org/I111950717"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001574250","display_name":"Pengwei Zhan","orcid":"https://orcid.org/0000-0003-3724-4431"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Pengwei Zhan","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China,"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China,","institution_ids":["https://openalex.org/I4210156404"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5107849963"],"corresponding_institution_ids":["https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.28483358,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2025","issue":"4","first_page":"763","last_page":"776"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.8860999941825867,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.8860999941825867,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T14484","display_name":"Technology and Data Analysis","score":0.7918000221252441,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.6394504904747009},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4385731518268585},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4355073571205139},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4157712459564209},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.33912813663482666},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.09563115239143372}],"concepts":[{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.6394504904747009},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4385731518268585},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4355073571205139},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4157712459564209},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.33912813663482666},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.09563115239143372}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.56553/popets-2025-0156","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0156","pdf_url":null,"source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.56553/popets-2025-0156","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0156","pdf_url":null,"source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4244478748","https://openalex.org/W3150465815","https://openalex.org/W4223488648","https://openalex.org/W2134969820","https://openalex.org/W2251605416","https://openalex.org/W1997222214","https://openalex.org/W2560439919"],"abstract_inverted_index":{"The":[0],"rapid":[1],"development":[2],"of":[3,15,26,35,54],"mobile":[4,20,68],"applications":[5,81,115],"and":[6,73,85,148,158,171,189],"cloud":[7,16,27,39,45,64,95,106,117,176],"computing":[8],"has":[9,29],"led":[10],"to":[11,62,166],"the":[12,33,52,120],"widespread":[13],"adoption":[14],"service":[17,46],"platforms":[18],"for":[19,174],"backend":[21],"services.":[22],"However,":[23],"improper":[24,183],"use":[25],"credentials":[28,72,103,118,126],"frequently":[30],"resulted":[31],"in":[32,67,136],"leakage":[34],"application":[36],"data":[37],"on":[38,76],"servers.":[40,77],"Despite":[41],"security":[42,110],"recommendations":[43],"from":[44,82,119],"providers,":[47,123],"vulnerabilities":[48,135],"persist.":[49],"To":[50],"assess":[51],"effectiveness":[53],"these":[55,130],"measures,":[56],"we":[57,132],"propose":[58],"a":[59],"detection":[60],"system":[61],"identify":[63],"credential":[65,146,177],"leaks":[66],"applications,":[69],"including":[70],"hard-coded":[71],"those":[74],"stored":[75],"We":[78,112,161],"analyzed":[79],"21,724":[80],"Google":[83],"Play":[84],"one":[86],"Chinese":[87],"market,":[88],"revealing":[89],"new":[90],"attacks":[91],"triggered":[92],"by":[93,105],"stolen":[94],"credentials.":[96],"Our":[97],"findings":[98],"indicate":[99],"that":[100],"even":[101],"temporary":[102],"recommended":[104,167],"providers":[107],"may":[108],"pose":[109],"risks.":[111],"identified":[113],"893":[114],"using":[116],"three":[121],"major":[122],"with":[124],"945":[125],"found.":[127],"By":[128],"analyzing":[129],"credentials,":[131],"uncovered":[133],"severe":[134],"356":[137],"apps,":[138],"such":[139,181],"as":[140,182],"personally":[141],"identifiable":[142],"information":[143],"(PII)":[144],"leakage,":[145],"forgery,":[147],"remote":[149],"code":[150],"execution":[151],"(RCE).":[152],"These":[153],"issues":[154,180],"threaten":[155],"user":[156],"privacy":[157],"app":[159],"security.":[160],"also":[162],"evaluated":[163],"developer":[164],"adherence":[165],"IAM":[168],"best":[169],"practices":[170],"provided":[172],"suggestions":[173],"improving":[175],"security,":[178],"highlighting":[179],"permissions,":[184],"insufficient":[185],"protection,":[186],"outdated":[187],"versions,":[188],"regional":[190],"variants.":[191]},"counts_by_year":[],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}