ISSTA 2025
Wed 25 - Sat 28 June 2025 Trondheim, Norway
co-located with FSE 2025
Thu 26 Jun 2025 11:25 - 11:50 at Cosmos 3B - Bugs and Repository Mining Chair(s): Shiyi Wei

The Notification Listener Service (NLS) in Android allows third-party apps to monitor and process device notifications, enabling powerful features but also introducing security and privacy risks. Despite the special permission required to access NLS, it has been recurrently exploited by malicious actors. However, there is a lack of systematic investigation into NLS usage patterns and their security implications. In this paper, we propose NLRadar, a hybrid approach combining static analysis and LLM to examine NLS usage in Android apps. We apply NLRadar to a large scale of apps, including both malware and regular apps, to demystify NLS usage and to uncover abuses. Our analysis reveals that NLS is heavily abused, with interesting discoveries such as apps insecurely storing social media messages, exploiting NLS for destructive competition or SMS credential stealing, and leveraging NLS to spread promotional messages or even malicious links. We also find undisclosed changes in NLS usage through app updates and inadequate disclosure in privacy policies. Our findings emphasize the need for more rigorous vetting of NLS usage and better developer education on responsible NLS practices.

Thu 26 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

11:00 - 12:15
Bugs and Repository MiningResearch Papers at Cosmos 3B
Chair(s): Shiyi Wei University of Texas at Dallas
11:00
25m
Talk
LLM4SZZ: Enhancing SZZ Algorithm with Context-Enhanced Assessment on Large Language Models
Research Papers
Lingxiao Tang Zhejiang University, Jiakun Liu Singapore Management University, Zhongxin Liu Zhejiang University, Xiaohu Yang Zhejiang University, Lingfeng Bao Zhejiang University
DOI
11:25
25m
Talk
Walls Have Ears: Demystifying Notification Listener Usage in Android Apps
Research Papers
Jiapeng Deng Huazhong University of Science and Technology, Tianming Liu Monash Univerisity, Yanjie Zhao Huazhong University of Science and Technology, Chao Wang University of Science and Technology of China, Lin Zhang The National Computer Emergency Response Team/Coordination Center of China (CNCERT/CC), Haoyu Wang Huazhong University of Science and Technology
DOI
11:50
25m
Talk
An Investigation on Numerical Bugs in GPU Programs Towards Automated Bug Detection
Research Papers
Ravishka Shemal Rathnasuriya The University of Texas - Dallas, Nidhi Majoju University of Texas at Dallas, Zihe Song University of Texas at Dallas, Wei Yang UT Dallas
DOI

Information for Participants
Thu 26 Jun 2025 11:00 - 12:15 at Cosmos 3B - Bugs and Repository Mining Chair(s): Shiyi Wei
Info for room Cosmos 3B:

Cosmos 3B is the second room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.

:
:
:
: