@inproceedings{weiAmandroidPreciseGeneral2014, title = {Amandroid: {{A Precise}} and {{General Inter-component Data Flow Analysis Framework}} for {{Security Vetting}} of {{Android Apps}}}, shorttitle = {Amandroid}, booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, author = {Wei, Fengguo and Roy, Sankardas and Ou, Xinming and {Robby}}, year = {2014}, month = nov, pages = {1329--1341}, publisher = {{ACM}}, address = {{Scottsdale Arizona USA}}, doi = {10.1145/2660267.2660357}, urldate = {2024-01-25}, isbn = {978-1-4503-2957-6}, langid = {english} } @inproceedings{xiaEffectiveRealTimeAndroid2015, title = {Effective {{Real-Time Android Application Auditing}}}, booktitle = {2015 {{IEEE Symposium}} on {{Security}} and {{Privacy}}}, author = {Xia, Mingyuan and Gong, Lu and Lyu, Yuanhao and Qi, Zhengwei and Liu, Xue}, year = {2015}, month = may, pages = {899--914}, publisher = {{IEEE}}, address = {{San Jose, CA}}, doi = {10.1109/SP.2015.60}, isbn = {978-1-4673-6949-7}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/VTA4PNJJ/Xia et al. - 2015 - Effective Real-Time Android Application Auditing.pdf} } @inproceedings{octeau2013effective, title={Effective Inter-Component communication mapping in android: An essential step towards holistic security analysis}, author={Octeau, Damien and McDaniel, Patrick and Jha, Somesh and Bartel, Alexandre and Bodden, Eric and Klein, Jacques and Le Traon, Yves}, booktitle={22nd USENIX Security Symposium (USENIX Security 13)}, pages={543--558}, year={2013} } @inproceedings{Enck2010, title = {{{TaintDroid}}: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones}, booktitle = {9th {{USENIX Symposium}} on {{Operating Systems Design}} and {{Implementation}}}, author = {Enck, William and Gilbert, Peter and Chun, Byung-Gon and Cox, Landon P. and Jung, Jaeyeon and McDaniel, Patrick and Sheth, Anmol N.}, year = {2010}, month = oct, pages = {393--407}, publisher = {{USENIX Association}}, address = {{Vancouver, BC, Canada}}, isbn = {978-1-931971-79-9}, keywords = {\ding{72},Dynamic analysis,Taint analysis}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/J8R79TUL/Enck et al. - 2010 - TaintDroid an information-flow tracking system for realtime privacy monitoring on smartphones.pdf} } @inproceedings{liApkCombinerCombiningMultiple2015, title = {{{ApkCombiner}}: {{Combining Multiple Android Apps}} to {{Support Inter-App Analysis}}}, shorttitle = {{{ApkCombiner}}}, booktitle = {{{ICT Systems Security}} and {{Privacy Protection}}}, author = {Li, Li and Bartel, Alexandre and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques and Traon, Yves Le}, editor = {Federrath, Hannes and Gollmann, Dieter}, year = {2015}, volume = {455}, pages = {513--527}, publisher = {{Springer International Publishing}}, address = {{Cham}}, doi = {10.1007/978-3-319-18467-8_34}, isbn = {978-3-319-18466-1 978-3-319-18467-8}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/DG5LXLJ8/Li et al. - 2015 - ApkCombiner Combining Multiple Android Apps to Su.pdf} } @inproceedings{allixAndroZooCollectingMillions2016, title = {{{AndroZoo}}: {{Collecting Millions}} of {{Android Apps}} for the {{Research Community}}}, shorttitle = {{{AndroZoo}}}, booktitle = {13th {{Working Conference}} on {{Mining Software Repositories}} ({{MSR}})}, author = {Allix, Kevin and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques and Traon, Yves Le}, year = {2016}, month = may, pages = {468--471}, abstract = {We present a growing collection of Android Applications col-lected from several sources, including the official GooglePlay app market. Our dataset, AndroZoo, currently contains more than three million apps, each of which has beenanalysed by tens of different AntiVirus products to knowwhich applications are detected as Malware. We provide thisdataset to contribute to ongoing research efforts, as well asto enable new potential research topics on Android Apps.By releasing our dataset to the research community, we alsoaim at encouraging our fellow researchers to engage in reproducible experiments.}, keywords = {Android Applications,Androids,APK,Crawlers,Google,HTML,Humanoid robots,Protocols,Software,Software Repository}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/5SNISVTP/7832927.html} } @inproceedings{Arp2014, title = {Drebin: {{Effective}} and {{Explainable Detection}} of {{Android Malware}} in {{Your Pocket}}}, booktitle = {Network and {{Distributed System Security Symposium}}}, author = {Arp, Daniel and Spreitzenbarth, Michael and Gascon, Hugo and Rieck, Konrad and Siemens, Germany and Munich, Cert}, year = {2014}, month = feb, publisher = {{The Internet Society}}, address = {{San Diego, California, USA}}, isbn = {1-891562-35-5}, keywords = {\ding{72},Static analysis}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/364XVWJK/Arp et al. - 2014 - Drebin Effective and Explainable Detection of And.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/ITE85DES/Arp et al. - 2014 - Drebin Effective and Explainable Detection of Android Malware in Your Pocket.pdf} } @article{Pendlebury2018, title = {{{TESSERACT}}: {{Eliminating Experimental Bias}} in {{Malware Classification}} across {{Space}} and {{Time}}}, author = {Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo}, year = {2018}, eprint = {1807.07838}, abstract = {Is Android malware classification a solved problem? Published F1 scores of up to 0.99 appear to leave very little room for improvement. In this paper, we argue that results are commonly inflated due to two pervasive sources of experimental bias: "spatial bias" caused by distributions of training and testing data that are not representative of a real-world deployment; and "temporal bias" caused by incorrect time splits of training and testing sets, leading to impossible configurations. We propose a set of space and time constraints for experiment design that eliminates both sources of bias. We introduce a new metric that summarizes the expected robustness of a classifier in a real-world setting, and we present an algorithm to tune its performance. Finally, we demonstrate how this allows us to evaluate mitigation strategies for time decay such as active learning. We have implemented our solutions in TESSERACT, an open source evaluation framework for comparing malware classifiers in a realistic setting. We used TESSERACT to evaluate three Android malware classifiers from the literature on a dataset of 129K applications spanning over three years. Our evaluation confirms that earlier published results are biased, while also revealing counter-intuitive performance and showing that appropriate tuning can lead to significant improvements.}, archiveprefix = {arxiv}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QXT9GLTX/Pendlebury et al. - 2018 - TESSERACT Eliminating Experimental Bias in Malware Classification across Space and Time.pdf} } @inproceedings{shanSelfhidingBehaviorAndroid2018, title = {Self-Hiding Behavior in {{Android}} Apps}, booktitle = {40th {{International Conference}} on {{Software Engineering}}}, author = {Shan, Zhiyong and Neamtiu, Iulian and Samuel, Raina}, year = {2018}, pages = {728--739}, publisher = {{ACM Press}}, address = {{New York, New York, USA}}, doi = {10.1145/3180155.3180214}, isbn = {978-1-4503-5638-1}, keywords = {Android,malware,mobile security,static analysis}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/FN53LJGG/Shan, Neamtiu, Samuel - 2018 - Self-hiding behavior in Android apps.pdf} } @article{DBLPjournalstifsMirandaGLTW22, author = {Tom{\'{a}}s Concepci{\'{o}}n Miranda and Pierre{-}Fran{\c{c}}ois Gimenez and Jean{-}Fran{\c{c}}ois Lalande and Val{\'{e}}rie Viet Triem Tong and Pierre Wilke}, title = {Debiasing Android Malware Datasets: How Can {I} Trust Your Results If Your Dataset Is Biased?}, journal = {{IEEE} Trans. Inf. Forensics Secur.}, volume = {17}, pages = {2182--2197}, year = {2022}, doi = {10.1109/TIFS.2022.3180184}, timestamp = {Thu, 25 Aug 2022 08:35:58 +0200}, biburl = {https://dblp.org/rec/journals/tifs/MirandaGLTW22.bib}, bibsource = {dblp computer science bibliography, https://dblp.org} } @inproceedings{Allix, title = {Are {{Your Training Datasets Yet Relevant}}?}, booktitle = {Engineering {{Secure Software}} and {{Systems}}}, author = {Allix, Kevin and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques and Le Traon, Yves}, year = {2015}, pages = {51--67}, doi = {10.1007/978-3-319-15618-7_5}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/RG6PLSKG/Allix - Unknown - Are Your Training Datasets Yet Relevant.pdf} } @inproceedings{pendlebury2019tesseract, title={TESSERACT: Eliminating experimental bias in malware classification across space and time}, author={Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo and others}, booktitle={Proceedings of the 28th USENIX Security Symposium}, pages={729--746}, year={2019}, organization={USENIX Association} } @online{statcounter, author = {statcounter}, title = {Operating System Market Share Worldwide}, year = 2023, url = {https://gs.statcounter.com/os-market-share#monthly-200901-202304}, urldate = {2023-04-30} } @online{statista, author = {statista}, title = {Operating System Market Share Worldwide}, year = 2023, url = {https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/}, urldate = {2023-04-30} } @inproceedings{Arzt2014a, title = {{{FlowDroid}}: {{Precise Context}}, {{Flow}}, {{Field}}, {{Object-sensitive}} and {{Lifecycle-aware Taint Analysis}} for {{Android Apps}}}, booktitle = {{{ACM SIGPLAN Conference}} on {{Programming Language Design}} and {{Implementation}}}, author = {Arzt, Steven and Rasthofer, Siegfried and Fritz, Christian and Bodden, Eric and Bartel, Alexandre and Klein, Jacques and Le Traon, Yves and Octeau, Damien and McDaniel, Patrick}, date = {2014-06-05}, volume = {49}, number = {6}, pages = {259--269}, publisher = {{ACM Press}}, location = {{Edinburgh, UK}}, issn = {03621340}, doi = {10.1145/2666356.2594299}, keywords = {Static analysis}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/XS8BH65X/Arzt et al. - 2014 - FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps.pdf} } @article{blackshearThresherPreciseRefutations2013, title = {Thresher: Precise Refutations for Heap Reachability}, shorttitle = {Thresher}, author = {Blackshear, Sam and Chang, Bor-Yuh Evan and Sridharan, Manu}, date = {2013-06-23}, journaltitle = {ACM SIGPLAN Notices}, shortjournal = {SIGPLAN Not.}, volume = {48}, number = {6}, pages = {275--286}, issn = {0362-1340, 1558-1160}, doi = {10.1145/2499370.2462186}, urldate = {2023-02-11}, abstract = {We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found the heap reachability information computed by a state-of-the-art points-to analysis was too imprecise, leading to numerous false-positive leak reports. Our analysis combines a symbolic execution capable of path-sensitivity and strong updates with abstract heap information computed by an initial flow-insensitive points-to analysis. This novel mixed representation allows us to achieve both precision and scalability by leveraging the pre-computed points-to facts to guide execution and prune infeasible paths. We have evaluated our techniques in the Thresher tool, which we used to find several developer-confirmed leaks in Android applications.}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QZ9T3NC6/Blackshear et al. - 2013 - Thresher precise refutations for heap reachabilit.pdf} } @article{CHOI2014620, title = {A Type and Effect System for Activation Flow of Components in {{Android}} Programs}, author = {Choi, Kwanghoon and Chang, Byeong-Mo}, date = {2014}, journaltitle = {Information Processing Letters}, volume = {114}, number = {11}, pages = {620--627}, issn = {0020-0190}, doi = {10.1016/j.ipl.2014.05.011}, abstract = {This paper proposes a type and effect system for analyzing activation flow between components through intents in Android programs. The activation flow information is necessary for all Android analyses such as a secure information flow analysis for Android programs. We first design a formal semantics for a core of featherweight Android/Java, which can address interaction between components through intents. Based on the formal semantics, we design a type and effect system for analyzing activation flow between components and demonstrate the soundness of the system.}, keywords = {Android,Control flow,Formal semantics,Java,Program analysis}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/MF5DRVJP/Choi et Chang - 2014 - A type and effect system for activation flow of co.pdf} } @inproceedings{DBLPconfndssGordonKPGNR15, title = {Information Flow Analysis of Android Applications in {{DroidSafe}}}, booktitle = {22nd Annual Network and Distributed System Security Symposium, {{NDSS}} 2015, San Diego, California, {{USA}}, February 8-11, 2015}, author = {Gordon, Michael I. and Kim, Deokhwan and Perkins, Jeff H. and Gilham, Limei and Nguyen, Nguyen and Rinard, Martin C.}, date = {2015}, publisher = {{The Internet Society}}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ndss/GordonKPGNR15.bib}, timestamp = {Thu, 22 Dec 2022 16:51:59 +0100}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/6JGWR4R5/Gordon et al. - 2015 - Information flow analysis of android applications .pdf} } @inproceedings{DBLPconfndssPoeplauFBKV14, title = {Execute This! {{Analyzing}} Unsafe and Malicious Dynamic Code Loading in Android Applications}, booktitle = {21st Annual Network and Distributed System Security Symposium, {{NDSS}} 2014, San Diego, California, {{USA}}, February 23-26, 2014}, author = {Poeplau, Sebastian and Fratantonio, Yanick and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni}, date = {2014}, publisher = {{The Internet Society}}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/ndss/PoeplauFBKV14.bib}, timestamp = {Mon, 01 Feb 2021 08:42:18 +0100}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/CQX3FINC/Poeplau et al. - 2014 - Execute this! Analyzing unsafe and malicious dynam.pdf} } @inproceedings{DBLPconfoopslaAzimN13, title = {Targeted and Depth-First Exploration for Systematic Testing of Android Apps}, booktitle = {Proceedings of the 2013 {{ACM SIGPLAN}} International Conference on Object Oriented Programming Systems Languages \& Applications, {{OOPSLA}} 2013, Part of {{SPLASH}} 2013, Indianapolis, {{IN}}, {{USA}}, October 26-31, 2013}, author = {Azim, Tanzirul and Neamtiu, Iulian}, editor = {Hosking, Antony L. and Eugster, Patrick Th. and Lopes, Cristina V.}, date = {2013}, pages = {641--660}, publisher = {{ACM}}, doi = {10.1145/2509136.2509549}, bibsource = {dblp computer science bibliography, https://dblp.org}, biburl = {https://dblp.org/rec/conf/oopsla/AzimN13.bib}, timestamp = {Thu, 24 Jun 2021 16:19:30 +0200}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/MVEBFDE8/Azim et Neamtiu - 2013 - Targeted and depth-first exploration for systemati.pdf} } @inproceedings{fahlWhyEveMallory2012, title = {Why Eve and Mallory Love Android: An Analysis of Android {{SSL}} (in)Security}, shorttitle = {Why Eve and Mallory Love Android}, booktitle = {Proceedings of the 2012 {{ACM}} Conference on {{Computer}} and Communications Security}, author = {Fahl, Sascha and Harbach, Marian and Muders, Thomas and Baumgärtner, Lars and Freisleben, Bernd and Smith, Matthew}, date = {2012-10-16}, pages = {50--61}, publisher = {{ACM}}, location = {{Raleigh North Carolina USA}}, doi = {10.1145/2382196.2382205}, urldate = {2023-02-11}, eventtitle = {{{CCS}}'12: The {{ACM Conference}} on {{Computer}} and {{Communications Security}}}, isbn = {978-1-4503-1651-4}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/J3FSBFJ7/Fahl et al. - 2012 - Why eve and mallory love android an analysis of a.pdf} } @inproceedings{gasconStructuralDetectionAndroid2013, title = {Structural Detection of Android Malware Using Embedded Call Graphs}, booktitle = {Proceedings of the 2013 {{ACM}} Workshop on {{Artificial}} Intelligence and Security}, author = {Gascon, Hugo and Yamaguchi, Fabian and Arp, Daniel and Rieck, Konrad}, date = {2013-11-04}, pages = {45--54}, publisher = {{ACM}}, location = {{Berlin Germany}}, doi = {10.1145/2517312.2517315}, urldate = {2023-02-11}, eventtitle = {{{CCS}}'13: 2013 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, isbn = {978-1-4503-2488-5}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/9LF4FR8Y/2517312.2517315.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/YYVYSARX/Gascon et al. - 2013 - Structural detection of android malware using embe.pdf} } @article{geneiatakisPermissionVerificationApproach2015, title = {A {{Permission}} Verification Approach for Android Mobile Applications}, author = {Geneiatakis, Dimitris and Fovino, Igor Nai and Kounelis, Ioannis and Stirparo, Pasquale}, date = {2015-03}, journaltitle = {Computers \& Security}, shortjournal = {Computers \& Security}, volume = {49}, pages = {192--205}, issn = {01674048}, doi = {10.1016/j.cose.2014.10.005}, urldate = {2023-02-11}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/ENIVR8EY/Geneiatakis et al. - 2015 - A Permission verification approach for android mob.pdf} } @inproceedings{hoffmannSlicingDroidsProgram2013, title = {Slicing Droids: Program Slicing for Smali Code}, shorttitle = {Slicing Droids}, booktitle = {Proceedings of the 28th {{Annual ACM Symposium}} on {{Applied Computing}}}, author = {Hoffmann, Johannes and Ussath, Martin and Holz, Thorsten and Spreitzenbarth, Michael}, date = {2013-03-18}, series = {{{SAC}} '13}, pages = {1844--1851}, publisher = {{Association for Computing Machinery}}, location = {{New York, NY, USA}}, doi = {10.1145/2480362.2480706}, urldate = {2022-10-26}, abstract = {The popularity of mobile devices like smartphones and tablets has increased significantly in the last few years with many millions of sold devices. This growth also has its drawbacks: attackers have realized that smartphones are an attractive target and in the last months many different kinds of malicious software (short: malware) for such devices have emerged. This worrisome development has the potential to hamper the prospering ecosystem of mobile devices and the potential for damage is huge. Considering these aspects, it is evident that malicious apps need to be detected early on in order to prevent further distribution and infections. This implies that it is necessary to develop techniques capable of detecting malicious apps in an automated way. In this paper, we present SAAF, a Static Android Analysis Framework for Android apps. SAAF analyzes smali code, a disassembled version of the DEX format used by Android's Java VM implementation. Our goal is to create program slices in order to perform data-flow analyses to backtrack parameters used by a given method. This helps us to identify suspicious code regions in an automated way. Several other analysis techniques such as visualization of control flow graphs or identification of ad-related code are also implemented in SAAF. In this paper, we report on program slicing for Android and present results obtained by using this technique to analyze more than 136,000 benign and about 6,100 malicious apps.}, isbn = {978-1-4503-1656-9}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/XC3Z9ELA/Hoffmann et al. - 2013 - Slicing droids program slicing for smali code.pdf} } @inproceedings{jeonDrAndroidMr2012, title = {Dr. {{Android}} and {{Mr}}. {{Hide}}: Fine-Grained Permissions in Android Applications}, shorttitle = {Dr. {{Android}} and {{Mr}}. {{Hide}}}, booktitle = {Proceedings of the Second {{ACM}} Workshop on {{Security}} and Privacy in Smartphones and Mobile Devices}, author = {Jeon, Jinseong and Micinski, Kristopher K. and Vaughan, Jeffrey A. and Fogel, Ari and Reddy, Nikhilesh and Foster, Jeffrey S. and Millstein, Todd}, date = {2012-10-19}, pages = {3--14}, publisher = {{ACM}}, location = {{Raleigh North Carolina USA}}, doi = {10.1145/2381934.2381938}, urldate = {2023-02-10}, eventtitle = {{{CCS}}'12: The {{ACM Conference}} on {{Computer}} and {{Communications Security}}}, isbn = {978-1-4503-1666-8}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/99J6WNGV/Jeon et al. - 2012 - Dr. Android and Mr. Hide fine-grained permissions.pdf} } @inproceedings{klieberAndroidTaintFlow2014, title = {Android Taint Flow Analysis for App Sets}, booktitle = {Proceedings of the 3rd {{ACM SIGPLAN International Workshop}} on the {{State}} of the {{Art}} in {{Java Program Analysis}}}, author = {Klieber, William and Flynn, Lori and Bhosale, Amar and Jia, Limin and Bauer, Lujo}, date = {2014-06-12}, pages = {1--6}, publisher = {{ACM}}, location = {{Edinburgh United Kingdom}}, doi = {10.1145/2614628.2614633}, urldate = {2023-02-10}, eventtitle = {{{PLDI}} '14: {{ACM SIGPLAN Conference}} on {{Programming Language Design}} and {{Implementation}}}, isbn = {978-1-4503-2919-4}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8X6YV3IE/2614628.2614633.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/9DBAXR49/Klieber et al. - 2014 - Android taint flow analysis for app sets.pdf} } @inproceedings{liangSoundPreciseMalware2013, title = {Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation}, booktitle = {Proceedings of the {{Third ACM}} Workshop on {{Security}} and Privacy in Smartphones \& Mobile Devices}, author = {Liang, Shuying and Keep, Andrew W. and Might, Matthew and Lyde, Steven and Gilray, Thomas and Aldous, Petey and Van Horn, David}, date = {2013-11-08}, series = {{{SPSM}} '13}, pages = {21--32}, publisher = {{Association for Computing Machinery}}, location = {{New York, NY, USA}}, doi = {10.1145/2516760.2516769}, urldate = {2023-02-08}, abstract = {Sound malware analysis of Android applications is challenging. First, object-oriented programs exhibit highly interprocedural, dynamically dispatched control structure. Second, the Android programming paradigm relies heavily on the asynchronous execution of multiple entry points. Existing analysis techniques focus more on the second challenge, while relying on traditional analytic techniques that suffer from inherent imprecision or unsoundness to solve the first. We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to soundly approximate all possible interleavings of asynchronous entry points in Android applications. (It also integrates static taint-flow analysis and least permissions analysis to expand the class of malicious behaviors which it can catch.) Anadroid provides rich user interface support for human analysts which must ultimately rule on the "maliciousness" of a behavior. To demonstrate the effectiveness of Anadroid's malware analysis, we had teams of analysts analyze a challenge suite of 52 Android applications released as part of the Automated Program Analysis for Cybersecurity (APAC) DARPA program. The first team analyzed the apps using a version of Anadroid that uses traditional (finite-state-machine-based) control-flow-analysis found in existing malware analysis tools; the second team analyzed the apps using a version of Anadroid that uses our enhanced pushdown-based control-flow-analysis. We measured machine analysis time, human analyst time, and their accuracy in flagging malicious applications. With pushdown analysis, we found statistically significant (p {$<$} 0.05) decreases in time: from 85 minutes per app to 35 minutes per app in human plus machine analysis time; and statistically significant (p {$<$} 0.05) increases in accuracy with the pushdown-driven analyzer: from 71\% correct identification to 95\% correct identification.}, isbn = {978-1-4503-2491-5}, keywords = {abstract interpretation,malware detection,pushdown systems,static analysis,taint analysis}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QKCQ4LWI/Liang et al. - 2013 - Sound and precise malware analysis for android via.pdf} } @inproceedings{liIccTADetectingInterComponent2015, title = {{{IccTA}}: {{Detecting Inter-Component Privacy Leaks}} in {{Android Apps}}}, shorttitle = {{{IccTA}}}, booktitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}}}, author = {Li, Li and Bartel, Alexandre and Bissyande, Tegawende F. and Klein, Jacques and Le Traon, Yves and Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric and Octeau, Damien and McDaniel, Patrick}, date = {2015-05}, pages = {280--291}, publisher = {{IEEE}}, location = {{Florence, Italy}}, doi = {10.1109/ICSE.2015.48}, url = {http://ieeexplore.ieee.org/document/7194581/}, urldate = {2023-02-11}, eventtitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}} ({{ICSE}})}, isbn = {978-1-4799-1934-5}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8HDRKSA2/IccTA_Detecting_Inter-Component_Privacy_Leaks_in_Android_Apps.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/K749QIGK/Li et al. - 2015 - IccTA Detecting Inter-Component Privacy Leaks in .pdf} } @inproceedings{lillackTrackingLoadtimeConfiguration2014, title = {Tracking Load-Time Configuration Options}, booktitle = {Proceedings of the 29th {{ACM}}/{{IEEE International Conference}} on {{Automated Software Engineering}}}, author = {Lillack, Max and Kästner, Christian and Bodden, Eric}, date = {2014-09-15}, series = {{{ASE}} '14}, pages = {445--456}, publisher = {{Association for Computing Machinery}}, location = {{New York, NY, USA}}, doi = {10.1145/2642937.2643001}, url = {https://doi.org/10.1145/2642937.2643001}, urldate = {2023-02-08}, abstract = {Highly-configurable software systems are pervasive, although configuration options and their interactions raise complexity of the program and increase maintenance effort. Especially load-time configuration options, such as parameters from command-line options or configuration files, are used with standard programming constructs such as variables and if statements intermixed with the program's implementation; manually tracking configuration options from the time they are loaded to the point where they may influence control-flow decisions is tedious and error prone. We design and implement Lotrack, an extended static taint analysis to automatically track configuration options. Lotrack derives a configuration map that explains for each code fragment under which configurations it may be executed. An evaluation on Android applications shows that Lotrack yields high accuracy with reasonable performance. We use Lotrack to empirically characterize how much of the implementation of Android apps depends on the platform's configuration options or interactions of these options.}, isbn = {978-1-4503-3013-8}, keywords = {configuration options,static analysis,variability mining}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/3BNMD58Z/Lillack et al. - 2014 - Tracking load-time configuration options.pdf} } @inproceedings{liuCharacterizingDetectingPerformance2014, title = {Characterizing and Detecting Performance Bugs for Smartphone Applications}, booktitle = {Proceedings of the 36th {{International Conference}} on {{Software Engineering}}}, author = {Liu, Yepang and Xu, Chang and Cheung, Shing-Chi}, date = {2014-05-31}, pages = {1013--1024}, publisher = {{ACM}}, location = {{Hyderabad India}}, doi = {10.1145/2568225.2568229}, url = {https://dl.acm.org/doi/10.1145/2568225.2568229}, urldate = {2023-02-11}, eventtitle = {{{ICSE}} '14: 36th {{International Conference}} on {{Software Engineering}}}, isbn = {978-1-4503-2756-5}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8JE5EF72/Liu et al. - 2014 - Characterizing and detecting performance bugs for .pdf} } @inproceedings{octeauCompositeConstantPropagation2015, title = {Composite {{Constant Propagation}}: {{Application}} to {{Android Inter-Component Communication Analysis}}}, shorttitle = {Composite {{Constant Propagation}}}, booktitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}}}, author = {Octeau, Damien and Luchaup, Daniel and Dering, Matthew and Jha, Somesh and McDaniel, Patrick}, date = {2015-05}, pages = {77--88}, publisher = {{IEEE}}, location = {{Florence, Italy}}, doi = {10.1109/ICSE.2015.30}, url = {http://ieeexplore.ieee.org/document/7194563/}, urldate = {2023-02-11}, eventtitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}} ({{ICSE}})}, isbn = {978-1-4799-1934-5}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/INM9WAVU/Octeau et al. - 2015 - Composite Constant Propagation Application to And.pdf} } @inproceedings{rountevStaticReferenceAnalysis2014, title = {Static {{Reference Analysis}} for {{GUI Objects}} in {{Android Software}}}, booktitle = {Proceedings of {{Annual IEEE}}/{{ACM International Symposium}} on {{Code Generation}} and {{Optimization}}}, author = {Rountev, Atanas and Yan, Dacong}, date = {2014-02-15}, pages = {143--153}, publisher = {{ACM}}, location = {{Orlando FL USA}}, doi = {10.1145/2544137.2544159}, url = {https://dl.acm.org/doi/10.1145/2544137.2544159}, urldate = {2023-02-11}, eventtitle = {{{CGO}} '14: 12th {{Annual IEEE}}/{{ACM International Symposium}} on {{Code Generation}} and {{Optimization}}}, isbn = {978-1-4503-2670-4}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QWSPKRZ4/Rountev et Yan - 2014 - Static Reference Analysis for GUI Objects in Andro.pdf} } @inproceedings{shenInformationFlowsPermission2014, title = {Information Flows as a Permission Mechanism}, booktitle = {Proceedings of the 29th {{ACM}}/{{IEEE International Conference}} on {{Automated Software Engineering}}}, author = {Shen, Feng and Vishnubhotla, Namita and Todarka, Chirag and Arora, Mohit and Dhandapani, Babu and Lehner, Eric John and Ko, Steven Y. and Ziarek, Lukasz}, date = {2014-09-15}, pages = {515--526}, publisher = {{ACM}}, location = {{Vasteras Sweden}}, doi = {10.1145/2642937.2643018}, url = {https://dl.acm.org/doi/10.1145/2642937.2643018}, urldate = {2023-02-11}, eventtitle = {{{ASE}} '14: {{ACM}}/{{IEEE International Conference}} on {{Automated Software Engineering}}}, isbn = {978-1-4503-3013-8}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/ZQSXYZNX/Shen et al. - 2014 - Information flows as a permission mechanism.pdf} } @inproceedings{titzeAppareciumRevealingData2015, title = {Apparecium: {{Revealing Data Flows}} in {{Android Applications}}}, shorttitle = {Apparecium}, booktitle = {2015 {{IEEE}} 29th {{International Conference}} on {{Advanced Information Networking}} and {{Applications}}}, author = {Titze, Dennis and Schutte, Julian}, date = {2015-03}, pages = {579--586}, publisher = {{IEEE}}, location = {{Gwangiu, South Korea}}, doi = {10.1109/AINA.2015.239}, url = {http://ieeexplore.ieee.org/document/7098024/}, urldate = {2023-02-11}, eventtitle = {2015 {{IEEE}} 29th {{International Conference}} on {{Advanced Information Networking}} and {{Applications}} ({{AINA}})}, isbn = {978-1-4799-7905-9}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/T6I4SND6/Titze et Schutte - 2015 - Apparecium Revealing Data Flows in Android Applic.pdf} } @inproceedings{vidasA5AutomatedAnalysis2014, title = {A5: {{Automated Analysis}} of {{Adversarial Android Applications}}}, shorttitle = {A5}, booktitle = {Proceedings of the 4th {{ACM Workshop}} on {{Security}} and {{Privacy}} in {{Smartphones}} \& {{Mobile Devices}}}, author = {Vidas, Timothy and Tan, Jiaqi and Nahata, Jay and Tan, Chaur Lih and Christin, Nicolas and Tague, Patrick}, date = {2014-11-07}, pages = {39--50}, publisher = {{ACM}}, location = {{Scottsdale Arizona USA}}, doi = {10.1145/2666620.2666630}, url = {https://dl.acm.org/doi/10.1145/2666620.2666630}, urldate = {2023-02-11}, eventtitle = {{{CCS}}'14: 2014 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}}, isbn = {978-1-4503-3155-5}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/CPKK7RNR/2666620.2666630.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/LJCIRR3J/Vidas et al. - 2014 - A5 Automated Analysis of Adversarial Android Appl.pdf} } @article{weiAmandroidPreciseGeneral2018, title = {Amandroid: {{A Precise}} and {{General Inter-component Data Flow Analysis Framework}} for {{Security Vetting}} of {{Android Apps}}}, shorttitle = {Amandroid}, author = {Wei, Fengguo and Roy, Sankardas and Ou, Xinming and {Robby}}, date = {2018-08-31}, journaltitle = {ACM Transactions on Privacy and Security}, shortjournal = {ACM Trans. Priv. Secur.}, volume = {21}, number = {3}, pages = {1--32}, issn = {2471-2566, 2471-2574}, doi = {10.1145/3183575}, url = {https://dl.acm.org/doi/10.1145/3183575}, urldate = {2023-02-11}, abstract = {We present a new approach to static analysis for security vetting of Android apps and a general framework called Amandroid. Amandroid determines points-to information for all objects in an Android app component in a flow and context-sensitive (user-configurable) way and performs data flow and data dependence analysis for the component. Amandroid also tracks inter-component communication activities. It can stitch the component-level information into the app-level information to perform intra-app or inter-app analysis. In this article, (a) we show that the aforementioned type of comprehensive app analysis is completely feasible in terms of computing resources with modern hardware, (b) we demonstrate that one can easily leverage the results from this general analysis to build various types of specialized security analyses—in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Amandroid is at least on par and often exceeds prior works designed for the specific problems, which we demonstrate by comparing Amandroid’s results with those of prior works whenever we can obtain the executable of those tools. Since Amandroid’s analysis directly handles inter-component control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps. Amandroid’s analysis is sound in that it can provide assurance of the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/5IDHRP5H/Wei et al. - 2018 - Amandroid A Precise and General Inter-component D.pdf} } @article{wognsenFormalisationAnalysisDalvik2014, title = {Formalisation and Analysis of {{Dalvik}} Bytecode}, author = {Wognsen, Erik Ramsgaard and Karlsen, Henrik Søndberg and Olesen, Mads Chr. and Hansen, René Rydhof}, date = {2014-10}, journaltitle = {Science of Computer Programming}, shortjournal = {Science of Computer Programming}, volume = {92}, pages = {25--55}, issn = {01676423}, doi = {10.1016/j.scico.2013.11.037}, url = {https://linkinghub.elsevier.com/retrieve/pii/S0167642313003304}, urldate = {2023-02-11}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/69DQRABJ/Wognsen et al. - 2014 - Formalisation and analysis of Dalvik bytecode.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/X9LQ5YCI/1-s2.0-S0167642313003304-main.pdf} } @inproceedings{yangStaticControlFlowAnalysis2015, title = {Static {{Control-Flow Analysis}} of {{User-Driven Callbacks}} in {{Android Applications}}}, booktitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}}}, author = {Yang, Shengqian and Yan, Dacong and Wu, Haowei and Wang, Yan and Rountev, Atanas}, date = {2015-05}, pages = {89--99}, publisher = {{IEEE}}, location = {{Florence, Italy}}, doi = {10.1109/ICSE.2015.31}, url = {http://ieeexplore.ieee.org/document/7194564/}, urldate = {2023-02-11}, eventtitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}} ({{ICSE}})}, isbn = {978-1-4799-1934-5}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/LH7HE28Q/Yang et al. - 2015 - Static Control-Flow Analysis of User-Driven Callba.pdf} } @inproceedings{zhauniarovichStaDynAAddressingProblem2015, title = {{{StaDynA}}: {{Addressing}} the {{Problem}} of {{Dynamic Code Updates}} in the {{Security Analysis}} of {{Android Applications}}}, shorttitle = {{{StaDynA}}}, booktitle = {Proceedings of the 5th {{ACM Conference}} on {{Data}} and {{Application Security}} and {{Privacy}}}, author = {Zhauniarovich, Yury and Ahmad, Maqsood and Gadyatskaya, Olga and Crispo, Bruno and Massacci, Fabio}, date = {2015-03-02}, pages = {37--48}, publisher = {{ACM}}, location = {{San Antonio Texas USA}}, doi = {10.1145/2699026.2699105}, url = {https://dl.acm.org/doi/10.1145/2699026.2699105}, urldate = {2023-02-11}, eventtitle = {{{CODASPY}}'15: {{Fifth ACM Conference}} on {{Data}} and {{Application Security}} and {{Privacy}}}, isbn = {978-1-4503-3191-3}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/Z9BCFAJY/Zhauniarovich et al. - 2015 - StaDynA Addressing the Problem of Dynamic Code Up.pdf} } @article{Li2017, title = {Static Analysis of Android Apps: {{A}} Systematic Literature Review}, author = {Li, Li and Bissyandé, Tegawendé F. and Papadakis, Mike and Rasthofer, Siegfried and Bartel, Alexandre and Octeau, Damien and Klein, Jacques and Le Traon, Yves}, date = {2017}, journaltitle = {Information and Software Technology}, volume = {88}, pages = {67--95}, issn = {09505849}, doi = {10.1016/j.infsof.2017.04.001}, abstract = {Context Static analysis exploits techniques that parse program source code or bytecode, often traversing program paths to check some program properties. Static analysis approaches have been proposed for different tasks, including for assessing the security of Android apps, detecting app clones, automating test cases generation, or for uncovering non-functional issues related to performance or energy. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps. Objective We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put, and enumerate the key aspects where future researches are still needed. Method We have performed a systematic literature review (SLR) which involves studying 124 research papers published in software engineering, programming languages and security venues in the last 5 years (January 2011–December 2015). This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results Our in-depth examination has led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available. Conclusion The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/3JL36E6L/1-s2.0-S0950584917302987-main.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/4M2MB6RS/Li et al. - 2017 - Static analysis of android apps A systematic lite.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/U77CUK9D/S0950584917302987.html} } @article{luoTaintBenchAutomaticRealworld2022, title = {{{TaintBench}}: {{Automatic}} Real-World Malware Benchmarking of {{Android}} Taint Analyses}, shorttitle = {{{TaintBench}}}, author = {Luo, Linghui and Pauck, Felix and Piskachev, Goran and Benz, Manuel and Pashchenko, Ivan and Mory, Martin and Bodden, Eric and Hermann, Ben and Massacci, Fabio}, date = {2022-01}, journaltitle = {Empirical Software Engineering}, shortjournal = {Empir Software Eng}, volume = {27}, number = {1}, pages = {16}, issn = {1382-3256, 1573-7616}, doi = {10.1007/s10664-021-10013-5}, url = {https://link.springer.com/10.1007/s10664-021-10013-5}, urldate = {2023-02-13}, abstract = {Abstract Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents TaintBench , the first real-world malware benchmark suite with documented taint flows. TaintBench benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the TaintBench suite, we introduce the TaintBench framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts’ performance and perceived usability when documenting and inspecting taint flows. Second, experiments using TaintBench reveal new insights for the taint analysis tools Amandroid and FlowDroid : (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors.}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8UTN2I89/Luo et al. - 2022 - TaintBench Automatic real-world malware benchmark.pdf} } @inproceedings{pauckAndroidTaintAnalysis2018, title = {Do {{Android}} Taint Analysis Tools Keep Their Promises?}, booktitle = {Proceedings of the 2018 26th {{ACM Joint Meeting}} on {{European Software Engineering Conference}} and {{Symposium}} on the {{Foundations}} of {{Software Engineering}}}, author = {Pauck, Felix and Bodden, Eric and Wehrheim, Heike}, date = {2018-10-26}, pages = {331--341}, publisher = {{ACM}}, location = {{Lake Buena Vista FL USA}}, doi = {10.1145/3236024.3236029}, url = {https://dl.acm.org/doi/10.1145/3236024.3236029}, urldate = {2023-02-13}, eventtitle = {{{ESEC}}/{{FSE}} '18: 26th {{ACM Joint European Software Engineering Conference}} and {{Symposium}} on the {{Foundations}} of {{Software Engineering}}}, isbn = {978-1-4503-5573-5}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/DSMG5QEE/3236024.3236029.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/JVQWJV6Z/Pauck et al. - 2018 - Do Android taint analysis tools keep their promise.pdf} } @inproceedings{bosuCollusiveDataLeak2017, title = {Collusive {{Data Leak}} and {{More}}: {{Large-scale Threat Analysis}} of {{Inter-app Communications}}}, shorttitle = {Collusive {{Data Leak}} and {{More}}}, booktitle = {Proceedings of the 2017 {{ACM}} on {{Asia Conference}} on {{Computer}} and {{Communications Security}}}, author = {Bosu, Amiangshu and Liu, Fang and Yao, Danfeng (Daphne) and Wang, Gang}, date = {2017-04-02}, pages = {71--85}, publisher = {{ACM}}, location = {{Abu Dhabi United Arab Emirates}}, doi = {10.1145/3052973.3053004}, url = {https://dl.acm.org/doi/10.1145/3052973.3053004}, urldate = {2023-02-13}, eventtitle = {{{ASIA CCS}} '17: {{ACM Asia Conference}} on {{Computer}} and {{Communications Security}}}, isbn = {978-1-4503-4944-4}, langid = {english}, file = {/home/jf/snap/zotero-snap/common/Zotero/storage/KGRWZUY8/Bosu et al. - 2017 - Collusive Data Leak and More Large-scale Threat A.pdf} }, @article{desnos:adnroguard:2011, title={Android: From Reversing to Decompilation}, author={Desnos, Anthony and Gueguen, Geoffroy}, journal={Black Hat Abu Dhabi}, year={2011}, url={https://media.blackhat.com/bh-ad-11/Desnos/bh-ad-11-DesnosGueguen-Andriod-Reversing_to_Decompilation_WP.pdf}, }, @article{reaves_droid_2016, title = {*droid: {Assessment} and {Evaluation} of {Android} {Application} {Analysis} {Tools}}, volume = {49}, issn = {0360-0300}, shorttitle = {*droid}, url = {https://doi.org/10.1145/2996358}, doi = {10.1145/2996358}, abstract = {The security research community has invested significant effort in improving the security of Android applications over the past half decade. This effort has addressed a wide range of problems and resulted in the creation of many tools for application analysis. In this article, we perform the first systematization of Android security research that analyzes applications, characterizing the work published in more than 17 top venues since 2010. We categorize each paper by the types of problems they solve, highlight areas that have received the most attention, and note whether tools were ever publicly released for each effort. Of the released tools, we then evaluate a representative sample to determine how well application developers can apply the results of our community’s efforts to improve their products. We find not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues ranging from lack of maintenance to the inability to produce functional output for applications with known vulnerabilities. We close by offering suggestions on how the community can more successfully move forward.}, number = {3}, urldate = {2023-01-10}, journal = {ACM Computing Surveys}, author = {Reaves, Bradley and Bowers, Jasmine and Gorski III, Sigmund Albert and Anise, Olabode and Bobhate, Rahul and Cho, Raymond and Das, Hiranava and Hussain, Sharique and Karachiwala, Hamza and Scaife, Nolen and Wright, Byron and Butler, Kevin and Enck, William and Traynor, Patrick}, month = oct, year = {2016}, keywords = {Android, application security, program analysis}, pages = {55:1--55:30}, file = {Full Text PDF:/home/histausse/Zotero/storage/8JZFY54J/Reaves et al. - 2016 - droid Assessment and Evaluation of Android Appli.pdf:application/pdf}, } @inproceedings{mauthe_large-scale_2021, title = {A {Large}-{Scale} {Empirical} {Study} of {Android} {App} {Decompilation}}, doi = {10.1109/SANER50967.2021.00044}, abstract = {Decompilers are indispensable tools in Android malware analysis and app security auditing. Numerous academic works also employ an Android decompiler as the first step in a program analysis pipeline. In such settings, decompilation is frequently regarded as a "solved" problem, in that it is simply expected that source code can be accurately recovered from an app. While a large proportion of methods in an app can typically be decompiled successfully, it is common that at least some methods fail to decompile. In order to better understand the practical applicability of techniques in which decompilation is used as part of an automated analysis, it is important to know the actual expected failure rate of Android decompilation. To this end, we have performed what is, to the best of our knowledge, the first large-scale study of Android decompilation failure rates. We have used three sets of apps, consisting of, respectively, 3,018 open-source apps, 13,601 apps from a recent crawl of Google Play, and a collection of 24,553 malware samples. In addition to the state-of-the-art Dalvik bytecode decompiler jadx, we used three popular Java decompilers. While jadx achieves an impressively low failure rate of only 0.02\% failed methods per app on average, we found that it manages to recover source code for all methods in only 21\% of the Google Play apps.We have also sought to better understand the degree to which in-the-wild obfuscation techniques can prevent decompilation. Our empirical evaluation, complemented with an indepth manual analysis of a number of apps, indicate that code obfuscation is quite rarely encountered, even in malicious apps. Moreover, decompilation failures mostly appear to be caused by technical limitations in decompilers, rather than by deliberate attempts to thwart source-code recovery by obfuscation. This is an encouraging finding, as it indicates that near-perfect Android decompilation is, at least in theory, achievable, with implementation-level improvements to decompilation tools.}, booktitle = {2021 {IEEE} {International} {Conference} on {Software} {Analysis}, {Evolution} and {Reengineering} ({SANER})}, author = {Mauthe, Noah and Kargén, Ulf and Shahmehri, Nahid}, month = mar, year = {2021}, note = {ISSN: 1534-5351}, keywords = {Android, Java, Malware, malware, reverse engineering, mobile apps, obfuscation, Tools, Conferences, decompilation, Manuals, Pipelines, Process control}, pages = {400--410}, file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/RWT9CKBF/9425937.html:text/html;Mauthe et al. - 2021 - A Large-Scale Empirical Study of Android App Decom.pdf:/home/histausse/Zotero/storage/I8KKRIJV/Mauthe et al. - 2021 - A Large-Scale Empirical Study of Android App Decom.pdf:application/pdf}, }