{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2016:CU2ODLTJAJIX4T3LLUW5KPD6VB","short_pith_number":"pith:CU2ODLTJ","canonical_record":{"source":{"id":"1606.01708","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-06-06T12:11:08Z","cross_cats_sorted":["cs.CY"],"title_canon_sha256":"10aa2de7267074f5df4bab7b184e569787e72dabbe793e273b0009a11f842eea","abstract_canon_sha256":"97ca7cb5dfec3e54a3d2d95f2d98d489d47047588a5e2a6aa08d619438b7e819"},"schema_version":"1.0"},"canonical_sha256":"1534e1ae6902517e4f6b5d2dd53c7ea876077310fb4a75e4d101abc6cc3ff4a7","source":{"kind":"arxiv","id":"1606.01708","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1606.01708","created_at":"2026-05-18T01:09:30Z"},{"alias_kind":"arxiv_version","alias_value":"1606.01708v2","created_at":"2026-05-18T01:09:30Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1606.01708","created_at":"2026-05-18T01:09:30Z"},{"alias_kind":"pith_short_12","alias_value":"CU2ODLTJAJIX","created_at":"2026-05-18T12:30:09Z"},{"alias_kind":"pith_short_16","alias_value":"CU2ODLTJAJIX4T3L","created_at":"2026-05-18T12:30:09Z"},{"alias_kind":"pith_short_8","alias_value":"CU2ODLTJ","created_at":"2026-05-18T12:30:09Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2016:CU2ODLTJAJIX4T3LLUW5KPD6VB","target":"record","payload":{"canonical_record":{"source":{"id":"1606.01708","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-06-06T12:11:08Z","cross_cats_sorted":["cs.CY"],"title_canon_sha256":"10aa2de7267074f5df4bab7b184e569787e72dabbe793e273b0009a11f842eea","abstract_canon_sha256":"97ca7cb5dfec3e54a3d2d95f2d98d489d47047588a5e2a6aa08d619438b7e819"},"schema_version":"1.0"},"canonical_sha256":"1534e1ae6902517e4f6b5d2dd53c7ea876077310fb4a75e4d101abc6cc3ff4a7","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T01:09:30.740269Z","signature_b64":"9qSLiFP5JOuB4Md+KvlkEBNXgA0Gi1TMh+9a4fRd37c80GriH6eCG3U0lbwpspw4/ptf5OGMF4KoKY/uqvA+BQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1534e1ae6902517e4f6b5d2dd53c7ea876077310fb4a75e4d101abc6cc3ff4a7","last_reissued_at":"2026-05-18T01:09:30.739881Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T01:09:30.739881Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1606.01708","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:09:30Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ribrzuAhw6V84huiog8ErauMsMZ2JPsYi4NwGu/BYAjx4KpzWglbsSCrnFuc2WXsIFD4DC4Agvuof8rMG0cyDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-07T16:09:43.499605Z"},"content_sha256":"84c593e0e7419908ad3db612a93205154cae3de6832fef8fceaa68829c0c6aba","schema_version":"1.0","event_id":"sha256:84c593e0e7419908ad3db612a93205154cae3de6832fef8fceaa68829c0c6aba"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2016:CU2ODLTJAJIX4T3LLUW5KPD6VB","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Quantifying Permission-Creep in the Google Play Store","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.CY"],"primary_cat":"cs.CR","authors_text":"Ivan Martinovic, Vincent F. Taylor","submitted_at":"2016-06-06T12:11:08Z","abstract_excerpt":"Although there are over 1,600,000 third-party Android apps in the Google Play Store, little has been conclusively shown about how their individual (and collective) permission usage has evolved over time. Recently, Android 6 overhauled the way permissions are granted by users, by switching to run-time permission requests instead of install-time permission requests. This is a welcome change, but recent research has shown that many users continue to accept run-time permissions blindly, leaving them at the mercy of third-party app developers and adversaries. Beyond intentionally invading privacy, "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1606.01708","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T01:09:30Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"N8sZyZ4fD3f9li5bIRLTCCrsafqR0m/xH5Y1ec+JlwCk0uUH6ywLwCku0sxpi3/40mpvOSLslMAZoLhCMeevCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-07T16:09:43.500304Z"},"content_sha256":"c3eb436ce05b6b0d40bc2815a3e82c666fb259dc3c7a41e56dc366c7da34d750","schema_version":"1.0","event_id":"sha256:c3eb436ce05b6b0d40bc2815a3e82c666fb259dc3c7a41e56dc366c7da34d750"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB/bundle.json","state_url":"https://pith.science/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-07T16:09:43Z","links":{"resolver":"https://pith.science/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB","bundle":"https://pith.science/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB/bundle.json","state":"https://pith.science/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB/state.json","well_known_bundle":"https://pith.science/.well-known/pith/CU2ODLTJAJIX4T3LLUW5KPD6VB/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2016:CU2ODLTJAJIX4T3LLUW5KPD6VB","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"97ca7cb5dfec3e54a3d2d95f2d98d489d47047588a5e2a6aa08d619438b7e819","cross_cats_sorted":["cs.CY"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-06-06T12:11:08Z","title_canon_sha256":"10aa2de7267074f5df4bab7b184e569787e72dabbe793e273b0009a11f842eea"},"schema_version":"1.0","source":{"id":"1606.01708","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1606.01708","created_at":"2026-05-18T01:09:30Z"},{"alias_kind":"arxiv_version","alias_value":"1606.01708v2","created_at":"2026-05-18T01:09:30Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1606.01708","created_at":"2026-05-18T01:09:30Z"},{"alias_kind":"pith_short_12","alias_value":"CU2ODLTJAJIX","created_at":"2026-05-18T12:30:09Z"},{"alias_kind":"pith_short_16","alias_value":"CU2ODLTJAJIX4T3L","created_at":"2026-05-18T12:30:09Z"},{"alias_kind":"pith_short_8","alias_value":"CU2ODLTJ","created_at":"2026-05-18T12:30:09Z"}],"graph_snapshots":[{"event_id":"sha256:c3eb436ce05b6b0d40bc2815a3e82c666fb259dc3c7a41e56dc366c7da34d750","target":"graph","created_at":"2026-05-18T01:09:30Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Although there are over 1,600,000 third-party Android apps in the Google Play Store, little has been conclusively shown about how their individual (and collective) permission usage has evolved over time. Recently, Android 6 overhauled the way permissions are granted by users, by switching to run-time permission requests instead of install-time permission requests. This is a welcome change, but recent research has shown that many users continue to accept run-time permissions blindly, leaving them at the mercy of third-party app developers and adversaries. Beyond intentionally invading privacy, ","authors_text":"Ivan Martinovic, Vincent F. Taylor","cross_cats":["cs.CY"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-06-06T12:11:08Z","title":"Quantifying Permission-Creep in the Google Play Store"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1606.01708","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:84c593e0e7419908ad3db612a93205154cae3de6832fef8fceaa68829c0c6aba","target":"record","created_at":"2026-05-18T01:09:30Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"97ca7cb5dfec3e54a3d2d95f2d98d489d47047588a5e2a6aa08d619438b7e819","cross_cats_sorted":["cs.CY"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2016-06-06T12:11:08Z","title_canon_sha256":"10aa2de7267074f5df4bab7b184e569787e72dabbe793e273b0009a11f842eea"},"schema_version":"1.0","source":{"id":"1606.01708","kind":"arxiv","version":2}},"canonical_sha256":"1534e1ae6902517e4f6b5d2dd53c7ea876077310fb4a75e4d101abc6cc3ff4a7","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1534e1ae6902517e4f6b5d2dd53c7ea876077310fb4a75e4d101abc6cc3ff4a7","first_computed_at":"2026-05-18T01:09:30.739881Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T01:09:30.739881Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"9qSLiFP5JOuB4Md+KvlkEBNXgA0Gi1TMh+9a4fRd37c80GriH6eCG3U0lbwpspw4/ptf5OGMF4KoKY/uqvA+BQ==","signature_status":"signed_v1","signed_at":"2026-05-18T01:09:30.740269Z","signed_message":"canonical_sha256_bytes"},"source_id":"1606.01708","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:84c593e0e7419908ad3db612a93205154cae3de6832fef8fceaa68829c0c6aba","sha256:c3eb436ce05b6b0d40bc2815a3e82c666fb259dc3c7a41e56dc366c7da34d750"],"state_sha256":"1be62b2b98d88be2d31ccd395c1e7fd5bdb2ce96d80e1e79c9d82c38f121afd4"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"upHebfL8KVvfnWfGTc5AgVHKmBBeXOACV+c6eZYF3fGiIZcL12cHTWuJi0FsBpFRvfXnSgH34R+6ek8kf/oWAg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-07T16:09:43.504051Z","bundle_sha256":"d449c6e41651be3a6ba7dff58db8ff4d5fde245fb26091f688bf109a87324b52"}}