Qinsheng Hou (侯勤胜)

About me

I received my Ph.D. degree from Shandong University, advised by Prof. Shanqing Guo and Prof. Haixin Duan. Currently, I also work with Dr. Lingyun Ying at QI-ANXIN Technology Research Institute. I ever worked/interned at JD.com and ISCAS. My research interests are primarily in AI for Security, Mobile Security, Software Supply Chain Security, and IoT Security.

Publications

2025

  1. [ESE] Shishuai Yang, Qinsheng Hou, Shuang Li, Fenghao Xu, and Wenrui Diao. From Guidelines to Practice: Assessing Android App Developer Compliance with Google’s Security Recommendations. Empirical Software Engineering, 30 (11): 1-33, 2025. [CCF B] [Link]

2024

  1. [TrustCom’24] Yifan Yu, Ruoyan Lin, Shuang Li, Qinsheng Hou, and Wenrui Diao. Security Assessment of Customizations in Android Smartwatch Firmware. The 23rd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Sanya, China. December 17-21, 2024. [CCF C]
  2. [ASE’24] Zifan Xie, Ming Wen, Tinghan Li, Yiding Zhu, Qinsheng Hou, and Hai Jin. How Does Code Optimization Impact Third-party Library Detection for Android Applications. The 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, USA. October 27-November 1, 2024. [Top] [CCF A] [PDF] [Code] [ACM SIGSOFT Distinguished Paper Awards]
  3. [CCS’24] Zidong Zhang, Qinsheng Hou, Lingyun Ying, Wenrui Diao, Yacong Gu, Rui Li, Shanqing Guo, and Haixin Duan. MiniCAT: Understanding and Detecting Cross-Page Request Forgery Vulnerabilities in Mini-Programs. The 31st ACM Conference on Computer and Communications Security, Salt Lake City, UT, USA. October 14-18, 2024. [Top] [CCF A] [PDF] [Code] [Demo] [QAX]
  4. [WWW’24] Xiaoyin Liu, Wenzhi Li, Qinsheng Hou, Shishuai Yang, Lingyun Ying, Wenrui Diao, Yanan Li, Shanqing Guo, and Haixin Duan. From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser Apps. The 33rd ACM Web Conference, Singapore. May 13-17, 2024. [Top] [CCF A] [PDF] [QAX]

2023

  1. [APSEC’23] Shishuai Yang, Qinsheng Hou (✉️), Shuang Li, and Wenrui Diao (✉️). Do App Developers Follow the Android Official Security Guidelines? The 30th Asia-Pacific Software Engineering Conference, Seoul, Korea. December 4-7, 2023. [CCF C] [Conference]
  2. [IEEE TDSC] Libo Chen, Yanhao Wang, Jiaqi Linghu, Qinsheng Hou, Quanpu Cai, Shanqing Guo, and Zhi Xue. SaTC: Shared-Keyword Aware Taint Checking for Detecting Bugs in Embedded Systems. IEEE Transactions on Dependable and Secure Computing, Early Access, 2023. [CCF A] [Journal]
  3. [IEEE TSE] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Chenglin Mao, Lingyun Ying, Song Liu, Xiaofeng Liu, Yuanzhi Li, Shanqing Guo, Meining Nie, and Haixin Duan. Can We Trust the Phone Vendors? Comprehensive Security Measurements on the Android Firmware Ecosystem. IEEE Transactions on Software Engineering, 49(7): 3901-3921, 2023. [CCF A] [Journal]

2022

  1. [Euro S&P’22] Huikai Xu, Miao Yu, Yanhao Wang, Yue Liu, Qinsheng Hou, Zhenbang Ma, Haixin Duan, Jianwei Zhuge, and Baojun Liu. Trampoline Over the Air: Breaking in IoT Devices Through MQTT Brokers. The 7th IEEE European Symposium on Security and Privacy, Genoa, Italy. June 6-10, 2022. [CCF C] [PDF] [QAX] [Gossip]
  2. [ICSE’22] Qinsheng Hou, Wenrui Diao, Yanhao Wang, Xiaofeng Liu, Song Liu, Lingyun Ying, Shanqing Guo, Yuanzhi Li, Meining Nie, and Haixin Duan. Large-scale Security Measurements on the Android Firmware Ecosystem. The 44th IEEE/ACM International Conference on Software Engineering, Pittsburgh, PA, USA. May 21-29, 2022. [Top] [CCF A] [PDF] [Conference] [QAX] [Gossip]

2021

  1. [USENIX Security’21] Libo Chen, Yanhao Wang, Quanpu Cai, Yunfan Zhan, Hong Hu, Jiaqi Linghu, Qinsheng Hou, Chao Zhang, Haixin Duan, and Zhi Xue. Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems. The 30th USENIX Security Symposium, Virtual. August 11-13, 2021. [Top] [CCF A] [PDF] [Conference] [Gossip] [SJTU] [Code]

2020

  1. [ASIA CCS’20] Qinsheng Hou, Yao Cheng, and Lingyun Ying. NativeX: Native Executioner Freezes Android. The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, October 5-9, 2020. [CCF C] [PDF] [Conference] [QAX] [Gossip]

Projects and Competitions

Talks

Vulnerabilities and Acknowledgments

  • Acknowledgments (厂商致谢)
  • CVE (5)
    • 2021: CVE-2021-22486, CVE-2021-26281, CVE-2021-26279, CVE-2021-21742, CVE-2021-3720
  • CNVD (44)
    • 2024: CNVD-2024-05527
    • 2023: CNVD-2023-75837, CNVD-2023-75836, CNVD-2023-60618, CNVD-2023-59491, CNVD-2023-59021, CNVD-2023-52831, CNVD-2023-52830, CNVD-2023-37621, CNVD-2023-30405, CNVD-2023-27536, CNVD-2023-27535, CNVD-2023-27534
    • 2021: CNVD-2021-67925, CNVD-2021-50158, CNVD-2021-42966, CNVD-2021-42949, CNVD-2021-44383, CNVD-2021-44382, CNVD-2021-48937, CNVD-2021-50157, CNVD-2021-42965, CNVD-2021-42964, CNVD-2021-42963, CNVD-2021-46708, CNVD-2021-48955, CNVD-2021-40258, CNVD-2021-37375, CNVD-2021-41512, CNVD-2021-40261, CNVD-2021-40262, CNVD-2021-37377, CNVD-2021-44691, CNVD-2021-40254, CNVD-2021-40255, CNVD-2021-40721, CNVD-2021-40259, CNVD-2021-41513, CNVD-2021-40256, CNVD-2021-40257, CNVD-2021-67925
    • 2020: CNVD-2020-33098, CNVD-2020-38456, CNVD-2020-28792
  • SVE (5)
    • 2022: SVE-2022-1176, SVE-2022-1177, SVE-2022-1178, SVE-2022-1179, SVE-2022-1180

Patents

  • 侯勤胜, 应凌云, 聂眉宁. 一种对应用程序进行测试的方法及装置, 发明专利, 2023, 专利号: ZL201910489985.1
  • 侯勤胜, 应凌云, 聂眉宁. 一种阻止基于原生代码攻击操作系统的方法及装置, 发明专利, 2021, 专利号: ZL201910489983.2

Services

  • Reviewer
    • SecureComm 2023
  • External Reviewer
    • ISSRE 2022
    • ESORICS 2020
  • Others
    • 电子科技大学外聘副研究员
    • 网络安全学院学生创新资助计划指导老师 [SDU] [SJTU]
    • 东南大学专业学位硕士研究生校外指导教师
    • “观安杯”网络安全技能竞赛特聘专家