{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T15:14:29Z","timestamp":1773242069175,"version":"3.50.1"},"reference-count":38,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2017,9,1]],"date-time":"2017-09-01T00:00:00Z","timestamp":1504224000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/www.elsevier.com\/tdm\/userlicense\/1.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2017,9]]},"DOI":"10.1016\/j.cose.2017.07.011","type":"journal-article","created":{"date-parts":[[2017,8,2]],"date-time":"2017-08-02T03:31:59Z","timestamp":1501644719000},"page":"516-531","update-policy":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":29,"special_numbering":"C","title":["Breaking into the vault: Privacy, security and forensic analysis of Android vault applications"],"prefix":"10.1016","volume":"70","author":[{"given":"Xiaolu","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/2.zoppoz.workers.dev:443\/https\/orcid.org\/0000-0002-9574-9537","authenticated-orcid":false,"given":"Ibrahim","family":"Baggili","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frank","family":"Breitinger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2017.07.011_bib0015","series-title":"IEEE symposium on security and privacy","first-page":"289","article-title":"You get where youre looking for","author":"Acar","year":"2016"},{"key":"10.1016\/j.cose.2017.07.011_bib0020","article-title":"Forensic analysis of social networking applications on mobile devices","volume":"vol. 9","author":"Al Mutawa","year":"2012"},{"issue":"3","key":"10.1016\/j.cose.2017.07.011_bib0030","first-page":"1","article-title":"Forensic analysis of WhatsApp Messenger on Android smartphones","volume":"11","author":"Anglano","year":"2014","journal-title":"Dig Investig"},{"key":"10.1016\/j.cose.2017.07.011_bib0040","author":"Auerbach"},{"key":"10.1016\/j.cose.2017.07.011_bib0050","series-title":"Proceedings of the 5th IEEE international conference on malicious and unwanted software, malware 2010","first-page":"55","article-title":"An android application sandbox system for suspicious software detection","author":"Bl\u00e4sing","year":"2010"},{"issue":"1","key":"10.1016\/j.cose.2017.07.011_bib0055","first-page":"1","article-title":"Forensic data recovery from flash memory","volume":"1","author":"Breeuwsma","year":"2007","journal-title":"SSDDFJ"},{"key":"10.1016\/j.cose.2017.07.011_bib0060","series-title":"Proceedings of the fifth ACM conference on security and privacy in wireless and mobile networks","first-page":"125","article-title":"DroidChecker: analyzing android applications for capability leak","author":"Chan","year":"2012"},{"key":"10.1016\/j.cose.2017.07.011_bib0070","doi-asserted-by":"crossref","first-page":"S66","DOI":"10.1016\/j.diin.2016.04.006","article-title":"Anti-forensics: furthering digital forensic science through a new extended, granular taxonomy","volume":"18","author":"Conlan","year":"2016","journal-title":"Digital Investigation"},{"key":"10.1016\/j.cose.2017.07.011_bib0075","first-page":"481","article-title":"SpanDex: secure password tracking for Android","volume":"vol. Vm","author":"Cox","year":"2014"},{"key":"10.1016\/j.cose.2017.07.011_bib0095","author":"E2e"},{"issue":"August","key":"10.1016\/j.cose.2017.07.011_bib0100","first-page":"21","article-title":"A study of android application security","volume":"39","author":"Enck","year":"2011","journal-title":"USENIX Security Symposium"},{"issue":"2","key":"10.1016\/j.cose.2017.07.011_bib0105","doi-asserted-by":"crossref","first-page":"998","DOI":"10.1109\/COMST.2014.2386139","article-title":"Android security: a survey of issues, malware penetration, and defenses","volume":"17","author":"Faruki","year":"2015","journal-title":"IEEE Commun Surv Tut"},{"key":"10.1016\/j.cose.2017.07.011_bib0110","series-title":"Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics)","first-page":"291","article-title":"AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale","volume":"vol. 7344","author":"Gibler","year":"2012"},{"key":"10.1016\/j.cose.2017.07.011_bib0115","author":"Hawkins"},{"key":"10.1016\/j.cose.2017.07.011_bib0120","series-title":"Android forensics: investigation, analysis and mobile security for Google Android","author":"Hoog","year":"2011"},{"key":"10.1016\/j.cose.2017.07.011_bib0125","series-title":"International conference on digital forensics and cyber crime","first-page":"9","article-title":"iForensics: forensic analysis of instant messaging on smart phones","author":"Husain","year":"2009"},{"key":"10.1016\/j.cose.2017.07.011_bib0135","series-title":"Systematic approaches to digital forensic engineering (SADFE), 2013 eighth international workshop on","first-page":"1","article-title":"Forensic artifacts of the ChatON Instant Messaging application","author":"Iqbal","year":"2013"},{"key":"10.1016\/j.cose.2017.07.011_bib0140","series-title":"Proceedings \u2013 IEEE symposium on security and privacy","first-page":"143","article-title":"Memento: learning secrets from process footprints","author":"Jana","year":"2012"},{"key":"10.1016\/j.cose.2017.07.011_bib0155","series-title":"WhatsApp network forensics: decrypting and understanding the WhatsApp call signaling messages","author":"Karpisek","year":"2015"},{"key":"10.1016\/j.cose.2017.07.011_bib0160","series-title":"IEEE workshop on mobile security technologies (MoST)","first-page":"1","article-title":"Scandal: static analyzer for detecting privacy leaks in android applications","author":"Kim","year":"2012"},{"key":"10.1016\/j.cose.2017.07.011_bib0165","series-title":"Security and management","first-page":"410","article-title":"Forensic data acquisition from cell phones using JTAG interface","author":"Kim","year":"2008"},{"issue":"1","key":"10.1016\/j.cose.2017.07.011_bib0170","first-page":"1","article-title":"Android forensics: simplifying cell phone examinations","volume":"4","author":"Lessard","year":"2010","journal-title":"Small Scale Digital Device Forensics Journal"},{"issue":"8","key":"10.1016\/j.cose.2017.07.011_bib0175","doi-asserted-by":"crossref","first-page":"38","DOI":"10.5120\/11602-6965","article-title":"Forensic analysis of instant messenger applications on Android devices","volume":"68","author":"Mahajan","year":"2013","journal-title":"International Journal of Computer Applications"},{"key":"10.1016\/j.cose.2017.07.011_bib0180","series-title":"International conference on cybercrime, security and digital forensics","article-title":"Forensic analysis of geodata in android smartphones","author":"Maus","year":"2011"},{"key":"10.1016\/j.cose.2017.07.011_bib0185","series-title":"2013 IEEE international conference on computational intelligence and computing research, IEEE ICCIC 2013","article-title":"Forensic analysis of Wickr application on android devices","author":"Mehrotra","year":"2013"},{"issue":"1","key":"10.1016\/j.cose.2017.07.011_bib0190","first-page":"15","article-title":"Find me if you can: mobile GPS mapping applications forensics analysis & SNAVP the open source, modular, extensible parser","volume":"12","author":"Moore","year":"2016","journal-title":"Journal of Digital Forensics Security and Law"},{"key":"10.1016\/j.cose.2017.07.011_bib0195","series-title":"USENIX annual technical conference","first-page":"1","article-title":"A future-adaptable password scheme","author":"Provos","year":"1999"},{"issue":"5","key":"10.1016\/j.cose.2017.07.011_bib0205","doi-asserted-by":"crossref","first-page":"349","DOI":"10.17950\/ijer\/v3s5\/514","article-title":"Forensic analysis of WhatsApp on android smartphones","volume":"3","author":"Sahu","year":"2013","journal-title":"Int J Eng Res"},{"key":"10.1016\/j.cose.2017.07.011_bib0210","series-title":"USEC","article-title":"Screen after previous screens: spatial-temporal recreation of android app displays from memory images","author":"Saltaformaggio","year":"2016"},{"key":"10.1016\/j.cose.2017.07.011_bib0215","series-title":"NDSS","article-title":"Guess who's texting you? Evaluating the security of smartphone messaging applications","author":"Schrittwieser","year":"2012"},{"key":"10.1016\/j.cose.2017.07.011_bib0220","doi-asserted-by":"crossref","first-page":"S3","DOI":"10.1016\/j.diin.2013.06.001","article-title":"A study of user data integrity during acquisition of Android devices","volume":"10","author":"Son","year":"2013","journal-title":"Dig Investig"},{"key":"10.1016\/j.cose.2017.07.011_bib0230","doi-asserted-by":"crossref","first-page":"S14","DOI":"10.1016\/j.diin.2011.05.003","article-title":"Toward a general collection methodology for Android devices","volume":"8","author":"Vidas","year":"2011","journal-title":"Dig Investig"},{"key":"10.1016\/j.cose.2017.07.011_bib0235","doi-asserted-by":"crossref","first-page":"S77","DOI":"10.1016\/j.diin.2015.05.009","article-title":"Network and device forensic analysis of Android social-messaging applications","volume":"14","author":"Walnycky","year":"2015","journal-title":"Dig Investig"},{"key":"10.1016\/j.cose.2017.07.011_bib0240","first-page":"899","article-title":"Effective real-time android application auditing","volume":"vol. 2015-July","author":"Xia","year":"2015"},{"key":"10.1016\/j.cose.2017.07.011_bib0245","doi-asserted-by":"crossref","first-page":"S68","DOI":"10.1016\/j.diin.2015.05.008","article-title":"New acquisition method based on firmware update protocols for Android smartphones","volume":"14","author":"Yang","year":"2015","journal-title":"Dig Investig"},{"key":"10.1016\/j.cose.2017.07.011_bib0250","series-title":"Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security \u2013 CCS '13","first-page":"1043","article-title":"AppIntent: analyzing sensitive data transmission in android for privacy leakage detection","author":"Yang","year":"2013"},{"key":"10.1016\/j.cose.2017.07.011_bib0255","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1016\/j.diin.2016.03.002","article-title":"Rapid Android parser for investigating DEX files (RAPID)","volume":"17","author":"Zhang","year":"2016","journal-title":"Dig Investig"},{"key":"10.1016\/j.cose.2017.07.011_bib0260","series-title":"Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics)","first-page":"93","article-title":"Taming information-stealing smartphone applications (on android)","volume":"vol. 6740","author":"Zhou","year":"2011"}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.elsevier.com\/content\/article\/PII:S0167404817301529?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.elsevier.com\/content\/article\/PII:S0167404817301529?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2019,12,3]],"date-time":"2019-12-03T15:37:14Z","timestamp":1575387434000},"score":1,"resource":{"primary":{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404817301529"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,9]]},"references-count":38,"alternative-id":["S0167404817301529"],"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/j.cose.2017.07.011","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2017,9]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Breaking into the vault: Privacy, security and forensic analysis of Android vault applications","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/j.cose.2017.07.011","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2017 Elsevier Ltd. All rights reserved.","name":"copyright","label":"Copyright"}]}}