complete bck dynamic analysis

2_background/7_dynamic_analysis.typ

@@ -29,12 +29,18 @@ Unfortuntely, exploring the application entirely is not always possible, as some
 Ruggia #etal~@ruggia_unmasking_2024 make a list of evasion techniques.
 They propose a new sandbox, DroidDungeon, that contrary to other sandboxes like DroidScope@droidscope180237 or CopperDroid@Tam2015, strongly emphasizes on resiliance against evasion mechanism.
 
-A common objectif of dynamic analysis is to collect bytecode loaded dynamically #jm-note[and reflections information.][check?].
+A common objectif of dynamic analysis is to collect bytecode loaded dynamically and reflections information.
 Like we said earlier, DexHunter~@zhang2015dexhunter and AppSpear~@yang_appspear_2015 that by instrumenting the Android Runtime.
 Qu #etal~@qu_dydroid_2017 developped DyDroid, an hybrid framework using dynamic analysis to intercept dynamic code loading and static analysis to determine the nature of the loaded code.
-They used DyDroid to make an autid of the use of dynamic code loading in applications from the Google Play store in 2016.
+They used DyDroid to make an autit of the use of dynamic code loading in applications from the Google Play store in 2016.
-They found that it was mostly related to mobile advertisement, and that the code loading originated from a third party library included in the application, rather than the code of the application developper itself.
+It resulted that dynamic code loading was mostly related to mobile advertisement, and that the code loading originated from a third party library included in the application, rather than the code of the application developper itself.
-#todo[DCL and reflection, then segway to hybride an limite ]
+Similarly, StaDynA~@zhauniarovichStaDynAAddressingProblem2015 is a framework that generate a call graph statically, then use dynamic analysis to analyse dynamic code loading and reflection calls to complete this call graph.
+
+The issue with those approach is that they are only compatible with their own subsequent analysis.
+For instance, StaDynA only provide the call graph, and cannot be used as is to improve the capacity of Flowdroid.
+This is unfortunate, has the reverse engineer next step will depend on the context: not beeing able to reuse the result of a previous analysis with other #jm-note[non-specialise][erf, non-specific? non-adapted?] tools limit greatly their options.
+AppSpear has an interesting solution to this issue: the code it intercept is repackage inside a new #APK file that Android analysis tools should be able to analyze.
+In the next section, we will explore further the contributions that take this approache of using actual application to encode its result.
 
 //#todo[RealDroid sandbox bases on modified ART?]
 //#todo[force execution?]

2_background/main.typ

@@ -11,7 +11,7 @@
 #include("4_datasets_and_benchmarking.typ")
 #include("5_platform_classes.typ")
 #include("6_classloading.typ")
-#include("X_dynamic_analysis.typ")
+#include("7_dynamic_analysis.typ")
 
 /*
 * Cours generique sur android