{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:5MQXTSNXMEGCL6R5UDFAPO25KM","short_pith_number":"pith:5MQXTSNX","canonical_record":{"source":{"id":"1702.03112","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-02-10T09:33:01Z","cross_cats_sorted":[],"title_canon_sha256":"dbd5249f2903152fe6d8bc6962a26f0dceb23c3f021dbe2568fbc10ce9b0dce8","abstract_canon_sha256":"457bd8291d0c959971e1b67c85eb923bc2c88657a7c7f6bde69a5a4b8b00b046"},"schema_version":"1.0"},"canonical_sha256":"eb2179c9b7610c25fa3da0ca07bb5d531fb64e649ab20dbe5039a5b11eb6c6a5","source":{"kind":"arxiv","id":"1702.03112","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1702.03112","created_at":"2026-05-18T00:47:56Z"},{"alias_kind":"arxiv_version","alias_value":"1702.03112v3","created_at":"2026-05-18T00:47:56Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1702.03112","created_at":"2026-05-18T00:47:56Z"},{"alias_kind":"pith_short_12","alias_value":"5MQXTSNXMEGC","created_at":"2026-05-18T12:31:00Z"},{"alias_kind":"pith_short_16","alias_value":"5MQXTSNXMEGCL6R5","created_at":"2026-05-18T12:31:00Z"},{"alias_kind":"pith_short_8","alias_value":"5MQXTSNX","created_at":"2026-05-18T12:31:00Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:5MQXTSNXMEGCL6R5UDFAPO25KM","target":"record","payload":{"canonical_record":{"source":{"id":"1702.03112","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-02-10T09:33:01Z","cross_cats_sorted":[],"title_canon_sha256":"dbd5249f2903152fe6d8bc6962a26f0dceb23c3f021dbe2568fbc10ce9b0dce8","abstract_canon_sha256":"457bd8291d0c959971e1b67c85eb923bc2c88657a7c7f6bde69a5a4b8b00b046"},"schema_version":"1.0"},"canonical_sha256":"eb2179c9b7610c25fa3da0ca07bb5d531fb64e649ab20dbe5039a5b11eb6c6a5","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:47:56.462990Z","signature_b64":"8YovgjxCVxJ9/eSJ0je+RppLhVHampW6l8hSN3hBbddXrByEY71sCX/nCBQStNbS80iv6tQfsDLpVBeuwJlGBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"eb2179c9b7610c25fa3da0ca07bb5d531fb64e649ab20dbe5039a5b11eb6c6a5","last_reissued_at":"2026-05-18T00:47:56.462195Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:47:56.462195Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1702.03112","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:47:56Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"THO82dOLAtWjd+OwcacjYEInfJ5fVAJA6oSETgwrEcF+YDiGjp3KXKNiXssCX+zd4r5P0ptSeZhhL57DhzBBCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T00:39:34.336289Z"},"content_sha256":"78d4ad564ca0bf08a9e759c145bc1ded0735523f82b4a9b1d903aebe525b329b","schema_version":"1.0","event_id":"sha256:78d4ad564ca0bf08a9e759c145bc1ded0735523f82b4a9b1d903aebe525b329b"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:5MQXTSNXMEGCL6R5UDFAPO25KM","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"A Study on the Vulnerabilities of Mobile Apps associated with Software Modules","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Bo Sun, Eitaro Shioji, Fumihiro Kanei, Mitsuaki Akiyama, Takeshi Yagi, Takuya Watanabe, Tatsuya Mori, Toshiki Shibahara, Yuta Ishi, Yuta Takata","submitted_at":"2017-02-10T09:33:01Z","abstract_excerpt":"This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party lib"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1702.03112","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:47:56Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"L/k3Q8MLVZdF2qbLptd3YGyevAhgbmZEZWbxzyrmtx2o3bYKcgN5ziDIhW140dFawPsbwU5aA1SzqijfOhiJAg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-11T00:39:34.337072Z"},"content_sha256":"76e87866747ad29e578ad5c8830fd3f4893740c06a61cf85490fb8ffab3d7045","schema_version":"1.0","event_id":"sha256:76e87866747ad29e578ad5c8830fd3f4893740c06a61cf85490fb8ffab3d7045"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/5MQXTSNXMEGCL6R5UDFAPO25KM/bundle.json","state_url":"https://pith.science/pith/5MQXTSNXMEGCL6R5UDFAPO25KM/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/5MQXTSNXMEGCL6R5UDFAPO25KM/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-11T00:39:34Z","links":{"resolver":"https://pith.science/pith/5MQXTSNXMEGCL6R5UDFAPO25KM","bundle":"https://pith.science/pith/5MQXTSNXMEGCL6R5UDFAPO25KM/bundle.json","state":"https://pith.science/pith/5MQXTSNXMEGCL6R5UDFAPO25KM/state.json","well_known_bundle":"https://pith.science/.well-known/pith/5MQXTSNXMEGCL6R5UDFAPO25KM/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:5MQXTSNXMEGCL6R5UDFAPO25KM","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"457bd8291d0c959971e1b67c85eb923bc2c88657a7c7f6bde69a5a4b8b00b046","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-02-10T09:33:01Z","title_canon_sha256":"dbd5249f2903152fe6d8bc6962a26f0dceb23c3f021dbe2568fbc10ce9b0dce8"},"schema_version":"1.0","source":{"id":"1702.03112","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1702.03112","created_at":"2026-05-18T00:47:56Z"},{"alias_kind":"arxiv_version","alias_value":"1702.03112v3","created_at":"2026-05-18T00:47:56Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1702.03112","created_at":"2026-05-18T00:47:56Z"},{"alias_kind":"pith_short_12","alias_value":"5MQXTSNXMEGC","created_at":"2026-05-18T12:31:00Z"},{"alias_kind":"pith_short_16","alias_value":"5MQXTSNXMEGCL6R5","created_at":"2026-05-18T12:31:00Z"},{"alias_kind":"pith_short_8","alias_value":"5MQXTSNX","created_at":"2026-05-18T12:31:00Z"}],"graph_snapshots":[{"event_id":"sha256:76e87866747ad29e578ad5c8830fd3f4893740c06a61cf85490fb8ffab3d7045","target":"graph","created_at":"2026-05-18T00:47:56Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party lib","authors_text":"Bo Sun, Eitaro Shioji, Fumihiro Kanei, Mitsuaki Akiyama, Takeshi Yagi, Takuya Watanabe, Tatsuya Mori, Toshiki Shibahara, Yuta Ishi, Yuta Takata","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-02-10T09:33:01Z","title":"A Study on the Vulnerabilities of Mobile Apps associated with Software Modules"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1702.03112","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:78d4ad564ca0bf08a9e759c145bc1ded0735523f82b4a9b1d903aebe525b329b","target":"record","created_at":"2026-05-18T00:47:56Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"457bd8291d0c959971e1b67c85eb923bc2c88657a7c7f6bde69a5a4b8b00b046","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-02-10T09:33:01Z","title_canon_sha256":"dbd5249f2903152fe6d8bc6962a26f0dceb23c3f021dbe2568fbc10ce9b0dce8"},"schema_version":"1.0","source":{"id":"1702.03112","kind":"arxiv","version":3}},"canonical_sha256":"eb2179c9b7610c25fa3da0ca07bb5d531fb64e649ab20dbe5039a5b11eb6c6a5","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"eb2179c9b7610c25fa3da0ca07bb5d531fb64e649ab20dbe5039a5b11eb6c6a5","first_computed_at":"2026-05-18T00:47:56.462195Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:47:56.462195Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"8YovgjxCVxJ9/eSJ0je+RppLhVHampW6l8hSN3hBbddXrByEY71sCX/nCBQStNbS80iv6tQfsDLpVBeuwJlGBA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:47:56.462990Z","signed_message":"canonical_sha256_bytes"},"source_id":"1702.03112","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:78d4ad564ca0bf08a9e759c145bc1ded0735523f82b4a9b1d903aebe525b329b","sha256:76e87866747ad29e578ad5c8830fd3f4893740c06a61cf85490fb8ffab3d7045"],"state_sha256":"501fab0e41b8aa0f40368f93d60e32eb750c54c77235b99330915b4f5bf17c8b"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"3SWW/3CsKEjz9YJvv9iAUDOx0X0io06SsiiNutqkmGfyUZDlTCTt8OkTujxooGqGWe5uz5pkZdxOwKWbAAHLCQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-11T00:39:34.341281Z","bundle_sha256":"db952d5935a02e571f965bf828d5d2d5c22ac955f5eadbea6b01e523a018269c"}}