wip intro

bibliography.bib

@@ -1,3 +1,37 @@
+@InProceedings{rasta,
+	author="Mineau, Jean-Marie
+	and Lalande, Jean-Francois",
+	editor="Achilleos, Achilleas
+	and Fuentes, Lidia
+	and Papadopoulos, George Angelos",
+	title="Evaluating the Reusability of Android Static Analysis Tools",
+	booktitle="Reuse and Software Quality",
+	year="2024",
+	publisher="Springer Nature Switzerland",
+	address="Cham",
+	pages="153--170",
+	abstract="Reproducibility and reusability in computer science experiments become a requirement for research works. Reproducibility ensures that results can be confirmed by using the same dataset and software of previous papers. Reusability helps other researchers to build new approaches with distributed software artifacts. For researchers in the field of security of mobile platforms, ensuring reproducibility and reusability is difficult to implement. In particular for reusability, datasets of Android applications may contain recent applications that past analysis software cannot process. As a consequence, past software produced by researchers may be difficult to reuse, which endangers the reproducibility of research. This paper intends to explore the reusability of past software dedicated to static analysis of Android applications. We pursue the community effort that identified publications between 2011 and 2017 that perform static analysis of mobile applications and we propose a method for evaluating the reusability of the associated tools. We extensively evaluate the success or failure of these tools on a dataset containing Android applications that can have up to six years of distance from the original publication. We also measure the influence of some important characteristics of the application such as being a goodware or a malware or the application size. Our results show that 54.5{\%} of the evaluated tools are no longer usable and that the size of the bytecode and the min SDK version have the greatest influence on the reusability of tested tools.",
+	isbn="978-3-031-66459-5"
+}
+
+@article{classloaderinthemiddle,
+	author = {Mineau, Jean-Marie and Lalande, Jean-Fran\c{c}ois},
+	title = {Class loaders in the middle: confusing Android static analyzers},
+	year = {2025},
+	publisher = {Association for Computing Machinery},
+	address = {New York, NY, USA},
+	url = {https://doi.org/10.1145/3754457},
+	doi = {10.1145/3754457},
+	abstract = {When executing a mobile application, Android executes either the classes provided by the developer or the ones provided by the operating system. The dynamic linking and loading of the different classes is a complex task that may be exploited by an attacker. In particular, if the developer adds a class whose name collides with another class of Android, they may confuse a reverse engineer. In this paper, we explore the possible collisions that can occur between classes defined multiple times at different locations, i.e., multiple times in the APK file or, at the same time, in the APK and the operating system. We highlight three attacks that we call shadow attacks. In particular, we show that static analysis tools used by a reverse engineer choose the shadow implementation for most of the evaluated tools, and output a wrong result. In particular, the flow analysis of Androguard or Flowdroid can be fooled by an attacker. In a dataset of 49 975 applications, we also explored if shadow attacks are used in the wild and found that most of the time, there is no malicious behavior behind them. The main results are that 23.52 \% of applications shadow a class of the SDK and 3.11 \% a hidden class of the system.},
+	note = {Just Accepted},
+	journal = {Digital Threats},
+	month = jul,
+	keywords = {Android, static analysis, class loading, code obfuscation}
+}
+
+
+
+
 @inproceedings{weiAmandroidPreciseGeneral2014,
 	title = {Amandroid: {{A Precise}} and {{General Inter-component Data Flow Analysis Framework}} for {{Security Vetting}} of {{Android Apps}}},
 	shorttitle = {Amandroid},