Selected Publications

• Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs [PDF] [Bib]
  Yifan Zhang*, Zhaojie Hu*, Xueqiang Wang, Yuhui Hong, Yuhong Nan, XiaoFeng Wang, Jiatao Cheng, Luyi Xing
  In USENIX Security'24


• Seeing is Not Always Believing: An Empirical Analysis of Fake Evidence Generators [PDF] [Bib]
  Zhaojie Hu*, Jingzhou Ye*, Yifan Zhang, Xueqiang Wang
  In EuroS&P’24


• DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator [PDF] [Bib]
  Zhaoxin Cai, Yuhong Nan, Xueqiang Wang, Mengyi Long, Qihua Ou, Min Yang, Zibin Zheng
  In DSN’23


• Union under Duress: Understanding Hazards of Duplicate Resource Mismediation in Android Software Supply Chain [PDF] [Bib]
  Xueqiang Wang*, Yifan Zhang*, XiaoFeng Wang, Yan Jia, Luyi Xing
  In USENIX Security’23


• Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps [PDF] [Bib] [Supplementary]
  Yuhong Nan*, Xueqiang Wang*, Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu, Yifan Zhang, XiaoFeng Wang
  In USENIX Security’23


• Credit Karma: Understanding Security Implications of Exposed Cloud Services through Automated Capability Inference [PDF] [Bib]
  Xueqiang Wang*, Yuqiong Sun*, Susanta Nanda, XiaoFeng Wang
  In USENIX Security’23


• Understanding Malicious Cross-library Data Harvesting on Android [PDF] [Bib]
  Jice Wang*, Yue Xiao*, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, JinWei Dong, Nicolas Serrano, XiaoFeng Wang, Yuqing Zhang, Haoran Lu
  In USENIX Security’21


• Demystifying Resource Management Risks in Emerging Mobile App-in-App Ecosystems [PDF] [Bib]
  Haoran Lu, Luyi Xing, Yue Xiao, Yifan Zhang, Xiaojing Liao, XiaoFeng Wang, Xueqiang Wang
  In CCS'20


• Understanding Illicit UI in iOS apps Through Hidden UI Analysis [PDF] [Bib] [Supplementary] [Media]
  Yeonjoon Lee*,Xueqiang Wang*, Xiaojing Liao, XiaoFeng Wang
  In TDSC'19


• System and Methods for Evaluating Security Posture of Smart Home Devices
  Yuqiong Sun, Xueqiang Wang, Susanta Nanda, Petros Efstathopouloss
  US Patent (US11132447B1)


• Generate Accurate IoT Device Fingerprints Without IoT Device
  Yuqiong Sun, Xueqiang Wang, Susanta Nanda, Yun Shen, Pierre-Antoine Vervier, Petros Efstathopouloss
  US Patent (US11122040B1)


• Looking from the Mirror: Evaluating IoT Device Security through Mobile Companion Apps [PDF] [Bib] [AppSet]
  Xueqiang Wang, Yuqiong Sun, Susanta Nanda, XiaoFeng Wang
  In USENIX Security'19


• Understanding iOS-based Crowdturfing Through Hidden UI Analysis [PDF] [Bib]
  Yeonjoon Lee*, Xueqiang Wang*, Kwangwuk Lee, Xiaojing Liao, XiaoFeng Wang, Tongxi Li, Xianghang Mi
  In USENIX Security'19


• ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery [PDF] [Bib]
  Wei You, Xueqiang Wang, Shiqing Ma, Jianjun Huang, Xiangyu Zhang, XiaoFeng Wang, Bin Liang
  In Security and Privacy (SP'19)


• OS-level Side Channels without Procfs: Exploring Cross-App Information Leakage on iOS [PDF] [Bib]
  Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, XiaoFeng Wang
  In the Network and Distributed System Security Symposium (NDSS'18)


• Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation [PDF] [Bib]
  Yue Duan, Mu Zhang, Abhishek Vasist Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, Xiaofeng Wang
  In the Network and Distributed System Security Symposium (NDSS'18)


• Privacy Loss in Apple’s Implementation of Differential Privacy on MacOS 10.12 [PDF] [Bib]
  Jun Tang, Aleksandra Korolova, Xiaolong Bai, Xueqiang Wang, XiaoFeng Wang
  In TPDP'17 (co-located with CCS)


• Unleashing the Walking Dead: Understanding Cross-App Remote Infections on Mobile WebViews [PDF] [Bib] [Supplementary]
  Tongxin Li, Xueqiang Wang, Mingming Zha, Kai Chen, XiaoFeng Wang, Luyi Xing, Xiaolong Bai, Nan Zhang, Xinhui Han
  In the 24th ACM Conference on Computer and Communications Security (CCS'17)


• Dark Hazard: Learning-based, Large-scale Discovery of Hidden Sensitive Operations in Android Apps [PDF] [Bib]
  Xiaorui Pan, Xueqiang Wang, Yue Duan, XiaoFeng Wang, Heng Yin
  In the Network and Distributed System Security Symposium (NDSS'17)


• Following devil's footprints: Cross-platform analysis of potentially harmful libraries on android and ios [PDF] [Bib] [Supplementary]
  Kai Chen, Xueqiang Wang, Yi Chen, Peng Wang, Yeonjoon Lee, XiaoFeng Wang, Bin Ma, Aohui Wang, Yingjun Zhang, Wei Zou
  In Security and Privacy (SP'16)


• DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices [PDF] [Bib]
  Xueqiang Wang, Kun Sun, Yuewu Wang, Jiwu Jing
  In the Network and Distributed System Security Symposium (NDSS'15)


• WrapDroid: Flexible and Fine-Grained Scheme Towards Regulating Behaviors of Android Apps [PDF] [Bib]
  Xueqiang Wang, Yuewu Wang, Limin Liu, Lingguang Lei, Jiwu Jing
  In International Conference on Information Security and Cryptology (ICISC'14)


• An Easy-To-Deploy Behavior Monitoring Scheme for Android Applications (In Chinese)
  Xueqiang Wang, Lingguang Lei, Yuewu Wang
  In Journal of University of Chinese Academy of Sciences


• A Review of Security Threats of Mobile Internet (In Chinese)
  Xueqiang Wang, Lingguang Lei, Yuewu Wang
  In Netinfo Security