{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:X5ZOOQOBXSJFFZAKBAKIYHSEIL","short_pith_number":"pith:X5ZOOQOB","canonical_record":{"source":{"id":"1905.10141","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-24T10:49:49Z","cross_cats_sorted":["cs.HC","cs.OS"],"title_canon_sha256":"2141f07ef743922daff10d5f3e4643087e473c4b9de18e655ce50c75d82d3b93","abstract_canon_sha256":"4cb9fcf876fe428b958658c5099f6b7d80809a047fb6b3861638eccd7a225fd0"},"schema_version":"1.0"},"canonical_sha256":"bf72e741c1bc9252e40a08148c1e4442f8664a004b0be8d21b5ebaa7cab0f43d","source":{"kind":"arxiv","id":"1905.10141","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1905.10141","created_at":"2026-05-17T23:45:11Z"},{"alias_kind":"arxiv_version","alias_value":"1905.10141v1","created_at":"2026-05-17T23:45:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.10141","created_at":"2026-05-17T23:45:11Z"},{"alias_kind":"pith_short_12","alias_value":"X5ZOOQOBXSJF","created_at":"2026-05-18T12:33:33Z"},{"alias_kind":"pith_short_16","alias_value":"X5ZOOQOBXSJFFZAK","created_at":"2026-05-18T12:33:33Z"},{"alias_kind":"pith_short_8","alias_value":"X5ZOOQOB","created_at":"2026-05-18T12:33:33Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:X5ZOOQOBXSJFFZAKBAKIYHSEIL","target":"record","payload":{"canonical_record":{"source":{"id":"1905.10141","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-24T10:49:49Z","cross_cats_sorted":["cs.HC","cs.OS"],"title_canon_sha256":"2141f07ef743922daff10d5f3e4643087e473c4b9de18e655ce50c75d82d3b93","abstract_canon_sha256":"4cb9fcf876fe428b958658c5099f6b7d80809a047fb6b3861638eccd7a225fd0"},"schema_version":"1.0"},"canonical_sha256":"bf72e741c1bc9252e40a08148c1e4442f8664a004b0be8d21b5ebaa7cab0f43d","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:45:11.249988Z","signature_b64":"2TJBLOBeuKZItuUA7YyqpBzq//uJgFdmP1YmcZe1bYbL1nL7GBGLymhmSUz/gWfDdptCUo1rpcb6g+oQiCYrCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"bf72e741c1bc9252e40a08148c1e4442f8664a004b0be8d21b5ebaa7cab0f43d","last_reissued_at":"2026-05-17T23:45:11.249232Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:45:11.249232Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1905.10141","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:45:11Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"qFTTAmI6YpCx3P+733wCw9uu3lF21Cy4U7I4kKuC54/XeQqKL0nqlx4VkNmBOUgLz8XhT2YRWP85kCHGoZd7DA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-01T22:20:11.343833Z"},"content_sha256":"563a2b8af989349b6f3ee696c4ec56e2d2db4919af7ab5c0c6198199732f9354","schema_version":"1.0","event_id":"sha256:563a2b8af989349b6f3ee696c4ec56e2d2db4919af7ab5c0c6198199732f9354"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:X5ZOOQOBXSJFFZAKBAKIYHSEIL","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Scan-and-Pay on Android is Dangerous","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.HC","cs.OS"],"primary_cat":"cs.CR","authors_text":"Alessandro Mei, Enis Ulqinaku, Julinda Stefa","submitted_at":"2019-05-24T10:49:49Z","abstract_excerpt":"Mobile payments have increased significantly in the recent years and one-to-one money transfers are offered by a wide variety of smartphone applications. These applications usually support scan-and-pay -- a technique that allows a payer to easily scan the destination address of the payment directly from the payee's smartphone screen. This technique is pervasive because it does not require any particular hardware, only the camera, which is present on all modern smartphones. However, in this work we show that a malicious application can exploit the overlay feature on Android to compromise the in"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.10141","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:45:11Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"DqNvzGNzgCnBNyVTASSeap2etZo2m3BbY07ZbZDdxVdqtvDdV9DCi0NMXWFFR8KWl3LaYg/JXfvsggRLoSzNDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-01T22:20:11.344220Z"},"content_sha256":"80f75b11f24f65c6118fce4fdc50c69240f9cf6e19db2cd6a977355baef3c05a","schema_version":"1.0","event_id":"sha256:80f75b11f24f65c6118fce4fdc50c69240f9cf6e19db2cd6a977355baef3c05a"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL/bundle.json","state_url":"https://pith.science/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-01T22:20:11Z","links":{"resolver":"https://pith.science/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL","bundle":"https://pith.science/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL/bundle.json","state":"https://pith.science/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL/state.json","well_known_bundle":"https://pith.science/.well-known/pith/X5ZOOQOBXSJFFZAKBAKIYHSEIL/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:X5ZOOQOBXSJFFZAKBAKIYHSEIL","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"4cb9fcf876fe428b958658c5099f6b7d80809a047fb6b3861638eccd7a225fd0","cross_cats_sorted":["cs.HC","cs.OS"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-24T10:49:49Z","title_canon_sha256":"2141f07ef743922daff10d5f3e4643087e473c4b9de18e655ce50c75d82d3b93"},"schema_version":"1.0","source":{"id":"1905.10141","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1905.10141","created_at":"2026-05-17T23:45:11Z"},{"alias_kind":"arxiv_version","alias_value":"1905.10141v1","created_at":"2026-05-17T23:45:11Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1905.10141","created_at":"2026-05-17T23:45:11Z"},{"alias_kind":"pith_short_12","alias_value":"X5ZOOQOBXSJF","created_at":"2026-05-18T12:33:33Z"},{"alias_kind":"pith_short_16","alias_value":"X5ZOOQOBXSJFFZAK","created_at":"2026-05-18T12:33:33Z"},{"alias_kind":"pith_short_8","alias_value":"X5ZOOQOB","created_at":"2026-05-18T12:33:33Z"}],"graph_snapshots":[{"event_id":"sha256:80f75b11f24f65c6118fce4fdc50c69240f9cf6e19db2cd6a977355baef3c05a","target":"graph","created_at":"2026-05-17T23:45:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Mobile payments have increased significantly in the recent years and one-to-one money transfers are offered by a wide variety of smartphone applications. These applications usually support scan-and-pay -- a technique that allows a payer to easily scan the destination address of the payment directly from the payee's smartphone screen. This technique is pervasive because it does not require any particular hardware, only the camera, which is present on all modern smartphones. However, in this work we show that a malicious application can exploit the overlay feature on Android to compromise the in","authors_text":"Alessandro Mei, Enis Ulqinaku, Julinda Stefa","cross_cats":["cs.HC","cs.OS"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-24T10:49:49Z","title":"Scan-and-Pay on Android is Dangerous"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1905.10141","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:563a2b8af989349b6f3ee696c4ec56e2d2db4919af7ab5c0c6198199732f9354","target":"record","created_at":"2026-05-17T23:45:11Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"4cb9fcf876fe428b958658c5099f6b7d80809a047fb6b3861638eccd7a225fd0","cross_cats_sorted":["cs.HC","cs.OS"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-05-24T10:49:49Z","title_canon_sha256":"2141f07ef743922daff10d5f3e4643087e473c4b9de18e655ce50c75d82d3b93"},"schema_version":"1.0","source":{"id":"1905.10141","kind":"arxiv","version":1}},"canonical_sha256":"bf72e741c1bc9252e40a08148c1e4442f8664a004b0be8d21b5ebaa7cab0f43d","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"bf72e741c1bc9252e40a08148c1e4442f8664a004b0be8d21b5ebaa7cab0f43d","first_computed_at":"2026-05-17T23:45:11.249232Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:45:11.249232Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"2TJBLOBeuKZItuUA7YyqpBzq//uJgFdmP1YmcZe1bYbL1nL7GBGLymhmSUz/gWfDdptCUo1rpcb6g+oQiCYrCg==","signature_status":"signed_v1","signed_at":"2026-05-17T23:45:11.249988Z","signed_message":"canonical_sha256_bytes"},"source_id":"1905.10141","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:563a2b8af989349b6f3ee696c4ec56e2d2db4919af7ab5c0c6198199732f9354","sha256:80f75b11f24f65c6118fce4fdc50c69240f9cf6e19db2cd6a977355baef3c05a"],"state_sha256":"e35cad064506d4182a9879f20a0b5d795b0759c498cf1189b64c10eac840565d"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"YQ0JvyjnaqnLD3ow3dwnlfITQmSAhpE03K80M4LKE6j5SX+z50izCg5T262+ySl7NfwUFSDfcUyhDV2ssiy+AQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-01T22:20:11.346527Z","bundle_sha256":"6a5178058e1085f09ab64ce11199761fb6397cd48e4fe9ab8e786890d8a934ee"}}