thesis/bibliography.bib

@inproceedings{weiAmandroidPreciseGeneral2014,
	title = {Amandroid: {{A Precise}} and {{General Inter-component Data Flow Analysis Framework}} for {{Security Vetting}} of {{Android Apps}}},
	shorttitle = {Amandroid},
	booktitle = {{{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},
	author = {Wei, Fengguo and Roy, Sankardas and Ou, Xinming and {Robby}},
	year = {2014},
	month = nov,
	pages = {1329--1341},
	publisher = {{ACM}},
	address = {{Scottsdale Arizona USA}},
	doi = {10.1145/2660267.2660357},
	urldate = {2024-01-25},
	isbn = {978-1-4503-2957-6},
	langid = {english}
}
@inproceedings{xiaEffectiveRealTimeAndroid2015,
  title = {Effective {{Real-Time Android Application Auditing}}},
  booktitle = {2015 {{IEEE Symposium}} on {{Security}} and {{Privacy}}},
  author = {Xia, Mingyuan and Gong, Lu and Lyu, Yuanhao and Qi, Zhengwei and Liu, Xue},
  year = {2015},
  month = may,
  pages = {899--914},
  publisher = {{IEEE}},
  address = {{San Jose, CA}},
  doi = {10.1109/SP.2015.60},
  isbn = {978-1-4673-6949-7},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/VTA4PNJJ/Xia et al. - 2015 - Effective Real-Time Android Application Auditing.pdf}
}

@inproceedings{octeau2013effective,
  title={Effective Inter-Component communication mapping in android: An essential step towards holistic security analysis},
  author={Octeau, Damien and McDaniel, Patrick and Jha, Somesh and Bartel, Alexandre and Bodden, Eric and Klein, Jacques and Le Traon, Yves},
  booktitle={22nd USENIX Security Symposium (USENIX Security 13)},
  pages={543--558},
  year={2013}
}

@inproceedings{Enck2010,
  title = {{{TaintDroid}}: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones},
  booktitle = {9th {{USENIX Symposium}} on {{Operating Systems Design}} and {{Implementation}}},
  author = {Enck, William and Gilbert, Peter and Chun, Byung-Gon and Cox, Landon P. and Jung, Jaeyeon and McDaniel, Patrick and Sheth, Anmol N.},
  year = {2010},
  month = oct,
  pages = {393--407},
  publisher = {{USENIX Association}},
  address = {{Vancouver, BC, Canada}},
  isbn = {978-1-931971-79-9},
  keywords = {\ding{72},Dynamic analysis,Taint analysis},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/J8R79TUL/Enck et al. - 2010 - TaintDroid an information-flow tracking system for realtime privacy monitoring on smartphones.pdf}
}
@inproceedings{liApkCombinerCombiningMultiple2015,
  title = {{{ApkCombiner}}: {{Combining Multiple Android Apps}} to {{Support Inter-App Analysis}}},
  shorttitle = {{{ApkCombiner}}},
  booktitle = {{{ICT Systems Security}} and {{Privacy Protection}}},
  author = {Li, Li and Bartel, Alexandre and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques and Traon, Yves Le},
  editor = {Federrath, Hannes and Gollmann, Dieter},
  year = {2015},
  volume = {455},
  pages = {513--527},
  publisher = {{Springer International Publishing}},
  address = {{Cham}},
  doi = {10.1007/978-3-319-18467-8_34},
  isbn = {978-3-319-18466-1 978-3-319-18467-8},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/DG5LXLJ8/Li et al. - 2015 - ApkCombiner Combining Multiple Android Apps to Su.pdf}
}
@inproceedings{allixAndroZooCollectingMillions2016,
	title = {{{AndroZoo}}: {{Collecting Millions}} of {{Android Apps}} for the {{Research Community}}},
	shorttitle = {{{AndroZoo}}},
	booktitle = {13th {{Working Conference}} on {{Mining Software Repositories}} ({{MSR}})},
	author = {Allix, Kevin and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques and Traon, Yves Le},
	year = {2016},
	month = may,
	pages = {468--471},
	abstract = {We present a growing collection of Android Applications col-lected from several sources, including the official GooglePlay app market. Our dataset, AndroZoo, currently contains more than three million apps, each of which has beenanalysed by tens of different AntiVirus products to knowwhich applications are detected as Malware. We provide thisdataset to contribute to ongoing research efforts, as well asto enable new potential research topics on Android Apps.By releasing our dataset to the research community, we alsoaim at encouraging our fellow researchers to engage in reproducible experiments.},
	keywords = {Android Applications,Androids,APK,Crawlers,Google,HTML,Humanoid robots,Protocols,Software,Software Repository},
	file = {/home/jf/snap/zotero-snap/common/Zotero/storage/5SNISVTP/7832927.html}
}
@inproceedings{Arp2014,
	title = {Drebin: {{Effective}} and {{Explainable Detection}} of {{Android Malware}} in {{Your Pocket}}},
	booktitle = {Network and {{Distributed System Security Symposium}}},
	author = {Arp, Daniel and Spreitzenbarth, Michael and Gascon, Hugo and Rieck, Konrad and Siemens, Germany and Munich, Cert},
	year = {2014},
	month = feb,
	publisher = {{The Internet Society}},
	address = {{San Diego, California, USA}},
	isbn = {1-891562-35-5},
	keywords = {\ding{72},Static analysis},
	file = {/home/jf/snap/zotero-snap/common/Zotero/storage/364XVWJK/Arp et al. - 2014 - Drebin Effective and Explainable Detection of And.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/ITE85DES/Arp et al. - 2014 - Drebin Effective and Explainable Detection of Android Malware in Your Pocket.pdf}
}
@article{Pendlebury2018,
	title = {{{TESSERACT}}: {{Eliminating Experimental Bias}} in {{Malware Classification}} across {{Space}} and {{Time}}},
	author = {Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo},
	year = {2018},
	eprint = {1807.07838},
	abstract = {Is Android malware classification a solved problem? Published F1 scores of up to 0.99 appear to leave very little room for improvement. In this paper, we argue that results are commonly inflated due to two pervasive sources of experimental bias: "spatial bias" caused by distributions of training and testing data that are not representative of a real-world deployment; and "temporal bias" caused by incorrect time splits of training and testing sets, leading to impossible configurations. We propose a set of space and time constraints for experiment design that eliminates both sources of bias. We introduce a new metric that summarizes the expected robustness of a classifier in a real-world setting, and we present an algorithm to tune its performance. Finally, we demonstrate how this allows us to evaluate mitigation strategies for time decay such as active learning. We have implemented our solutions in TESSERACT, an open source evaluation framework for comparing malware classifiers in a realistic setting. We used TESSERACT to evaluate three Android malware classifiers from the literature on a dataset of 129K applications spanning over three years. Our evaluation confirms that earlier published results are biased, while also revealing counter-intuitive performance and showing that appropriate tuning can lead to significant improvements.},
	archiveprefix = {arxiv},
	file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QXT9GLTX/Pendlebury et al. - 2018 - TESSERACT Eliminating Experimental Bias in Malware Classification across Space and Time.pdf}
}
@inproceedings{shanSelfhidingBehaviorAndroid2018,
	title = {Self-Hiding Behavior in {{Android}} Apps},
	booktitle = {40th {{International Conference}} on {{Software Engineering}}},
	author = {Shan, Zhiyong and Neamtiu, Iulian and Samuel, Raina},
	year = {2018},
	pages = {728--739},
	publisher = {{ACM Press}},
	address = {{New York, New York, USA}},
	doi = {10.1145/3180155.3180214},
	isbn = {978-1-4503-5638-1},
	keywords = {Android,malware,mobile security,static analysis},
	file = {/home/jf/snap/zotero-snap/common/Zotero/storage/FN53LJGG/Shan, Neamtiu, Samuel - 2018 - Self-hiding behavior in Android apps.pdf}
}
@article{DBLPjournalstifsMirandaGLTW22,
	author       = {Tom{\'{a}}s Concepci{\'{o}}n Miranda and
	Pierre{-}Fran{\c{c}}ois Gimenez and
	Jean{-}Fran{\c{c}}ois Lalande and
	Val{\'{e}}rie Viet Triem Tong and
	Pierre Wilke},
	title        = {Debiasing Android Malware Datasets: How Can {I} Trust Your Results
	If Your Dataset Is Biased?},
	journal      = {{IEEE} Trans. Inf. Forensics Secur.},
	volume       = {17},
	pages        = {2182--2197},
	year         = {2022},
	doi          = {10.1109/TIFS.2022.3180184},
	timestamp    = {Thu, 25 Aug 2022 08:35:58 +0200},
	biburl       = {https://dblp.org/rec/journals/tifs/MirandaGLTW22.bib},
	bibsource    = {dblp computer science bibliography, https://dblp.org}
}
@inproceedings{Allix,
	title = {Are {{Your Training Datasets Yet Relevant}}?},
	booktitle = {Engineering {{Secure Software}} and {{Systems}}},
	author = {Allix, Kevin and Bissyand{\'e}, Tegawend{\'e} F. and Klein, Jacques and Le Traon, Yves},
	year = {2015},
	pages = {51--67},
	doi = {10.1007/978-3-319-15618-7_5},
	file = {/home/jf/snap/zotero-snap/common/Zotero/storage/RG6PLSKG/Allix - Unknown - Are Your Training Datasets Yet Relevant.pdf}
}

@inproceedings{pendlebury2019tesseract,
	title={TESSERACT: Eliminating experimental bias in malware classification across space and time},
	author={Pendlebury, Feargus and Pierazzi, Fabio and Jordaney, Roberto and Kinder, Johannes and Cavallaro, Lorenzo and others},
	booktitle={Proceedings of the 28th USENIX Security Symposium},
	pages={729--746},
	year={2019},
	organization={USENIX Association}
}

@online{statcounter,
  author = {statcounter},
  title = {Operating System Market Share Worldwide},
  year = 2023,
  url = {https://gs.statcounter.com/os-market-share#monthly-200901-202304},
  urldate = {2023-04-30}
}

@online{statista,
  author = {statista},
  title = {Operating System Market Share Worldwide},
  year = 2023,
  url = {https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/},
  urldate = {2023-04-30}
}

@inproceedings{Arzt2014a,
  title = {{{FlowDroid}}: {{Precise Context}}, {{Flow}}, {{Field}}, {{Object-sensitive}} and {{Lifecycle-aware Taint Analysis}} for {{Android Apps}}},
  booktitle = {{{ACM SIGPLAN Conference}} on {{Programming Language Design}} and {{Implementation}}},
  author = {Arzt, Steven and Rasthofer, Siegfried and Fritz, Christian and Bodden, Eric and Bartel, Alexandre and Klein, Jacques and Le Traon, Yves and Octeau, Damien and McDaniel, Patrick},
  date = {2014-06-05},
  volume = {49},
  number = {6},
  pages = {259--269},
  publisher = {{ACM Press}},
  location = {{Edinburgh, UK}},
  issn = {03621340},
  doi = {10.1145/2666356.2594299},
  keywords = {Static analysis},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/XS8BH65X/Arzt et al. - 2014 - FlowDroid Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps.pdf}
}

@article{blackshearThresherPreciseRefutations2013,
  title = {Thresher: Precise Refutations for Heap Reachability},
  shorttitle = {Thresher},
  author = {Blackshear, Sam and Chang, Bor-Yuh Evan and Sridharan, Manu},
  date = {2013-06-23},
  journaltitle = {ACM SIGPLAN Notices},
  shortjournal = {SIGPLAN Not.},
  volume = {48},
  number = {6},
  pages = {275--286},
  issn = {0362-1340, 1558-1160},
  doi = {10.1145/2499370.2462186},
  urldate = {2023-02-11},
  abstract = {We present a precise, path-sensitive static analysis for reasoning about heap reachability, that is, whether an object can be reached from another variable or object via pointer dereferences. Precise reachability information is useful for a number of clients, including static detection of a class of Android memory leaks. For this client, we found the heap reachability information computed by a state-of-the-art points-to analysis was too imprecise, leading to numerous false-positive leak reports. Our analysis combines a symbolic execution capable of path-sensitivity and strong updates with abstract heap information computed by an initial flow-insensitive points-to analysis. This novel mixed representation allows us to achieve both precision and scalability by leveraging the pre-computed points-to facts to guide execution and prune infeasible paths. We have evaluated our techniques in the Thresher tool, which we used to find several developer-confirmed leaks in Android applications.},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QZ9T3NC6/Blackshear et al. - 2013 - Thresher precise refutations for heap reachabilit.pdf}
}

@article{CHOI2014620,
  title = {A Type and Effect System for Activation Flow of Components in {{Android}} Programs},
  author = {Choi, Kwanghoon and Chang, Byeong-Mo},
  date = {2014},
  journaltitle = {Information Processing Letters},
  volume = {114},
  number = {11},
  pages = {620--627},
  issn = {0020-0190},
  doi = {10.1016/j.ipl.2014.05.011},
  abstract = {This paper proposes a type and effect system for analyzing activation flow between components through intents in Android programs. The activation flow information is necessary for all Android analyses such as a secure information flow analysis for Android programs. We first design a formal semantics for a core of featherweight Android/Java, which can address interaction between components through intents. Based on the formal semantics, we design a type and effect system for analyzing activation flow between components and demonstrate the soundness of the system.},
  keywords = {Android,Control flow,Formal semantics,Java,Program analysis},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/MF5DRVJP/Choi et Chang - 2014 - A type and effect system for activation flow of co.pdf}
}

@inproceedings{DBLPconfndssGordonKPGNR15,
  title = {Information Flow Analysis of Android Applications in {{DroidSafe}}},
  booktitle = {22nd Annual Network and Distributed System Security Symposium, {{NDSS}} 2015, San Diego, California, {{USA}}, February 8-11, 2015},
  author = {Gordon, Michael I. and Kim, Deokhwan and Perkins, Jeff H. and Gilham, Limei and Nguyen, Nguyen and Rinard, Martin C.},
  date = {2015},
  publisher = {{The Internet Society}},
  bibsource = {dblp computer science bibliography, https://dblp.org},
  biburl = {https://dblp.org/rec/conf/ndss/GordonKPGNR15.bib},
  timestamp = {Thu, 22 Dec 2022 16:51:59 +0100},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/6JGWR4R5/Gordon et al. - 2015 - Information flow analysis of android applications .pdf}
}

@inproceedings{DBLPconfndssPoeplauFBKV14,
  title = {Execute This! {{Analyzing}} Unsafe and Malicious Dynamic Code Loading in Android Applications},
  booktitle = {21st Annual Network and Distributed System Security Symposium, {{NDSS}} 2014, San Diego, California, {{USA}}, February 23-26, 2014},
  author = {Poeplau, Sebastian and Fratantonio, Yanick and Bianchi, Antonio and Kruegel, Christopher and Vigna, Giovanni},
  date = {2014},
  publisher = {{The Internet Society}},
  bibsource = {dblp computer science bibliography, https://dblp.org},
  biburl = {https://dblp.org/rec/conf/ndss/PoeplauFBKV14.bib},
  timestamp = {Mon, 01 Feb 2021 08:42:18 +0100},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/CQX3FINC/Poeplau et al. - 2014 - Execute this! Analyzing unsafe and malicious dynam.pdf}
}

@inproceedings{DBLPconfoopslaAzimN13,
  title = {Targeted and Depth-First Exploration for Systematic Testing of Android Apps},
  booktitle = {Proceedings of the 2013 {{ACM SIGPLAN}} International Conference on Object Oriented Programming Systems Languages \& Applications, {{OOPSLA}} 2013, Part of {{SPLASH}} 2013, Indianapolis, {{IN}}, {{USA}}, October 26-31, 2013},
  author = {Azim, Tanzirul and Neamtiu, Iulian},
  editor = {Hosking, Antony L. and Eugster, Patrick Th. and Lopes, Cristina V.},
  date = {2013},
  pages = {641--660},
  publisher = {{ACM}},
  doi = {10.1145/2509136.2509549},
  bibsource = {dblp computer science bibliography, https://dblp.org},
  biburl = {https://dblp.org/rec/conf/oopsla/AzimN13.bib},
  timestamp = {Thu, 24 Jun 2021 16:19:30 +0200},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/MVEBFDE8/Azim et Neamtiu - 2013 - Targeted and depth-first exploration for systemati.pdf}
}

@inproceedings{fahlWhyEveMallory2012,
  title = {Why Eve and Mallory Love Android: An Analysis of Android {{SSL}} (in)Security},
  shorttitle = {Why Eve and Mallory Love Android},
  booktitle = {Proceedings of the 2012 {{ACM}} Conference on {{Computer}} and Communications Security},
  author = {Fahl, Sascha and Harbach, Marian and Muders, Thomas and Baumgärtner, Lars and Freisleben, Bernd and Smith, Matthew},
  date = {2012-10-16},
  pages = {50--61},
  publisher = {{ACM}},
  location = {{Raleigh North Carolina USA}},
  doi = {10.1145/2382196.2382205},
  urldate = {2023-02-11},
  eventtitle = {{{CCS}}'12: The {{ACM Conference}} on {{Computer}} and {{Communications Security}}},
  isbn = {978-1-4503-1651-4},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/J3FSBFJ7/Fahl et al. - 2012 - Why eve and mallory love android an analysis of a.pdf}
}

@inproceedings{gasconStructuralDetectionAndroid2013,
  title = {Structural Detection of Android Malware Using Embedded Call Graphs},
  booktitle = {Proceedings of the 2013 {{ACM}} Workshop on {{Artificial}} Intelligence and Security},
  author = {Gascon, Hugo and Yamaguchi, Fabian and Arp, Daniel and Rieck, Konrad},
  date = {2013-11-04},
  pages = {45--54},
  publisher = {{ACM}},
  location = {{Berlin Germany}},
  doi = {10.1145/2517312.2517315},
  urldate = {2023-02-11},
  eventtitle = {{{CCS}}'13: 2013 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},
  isbn = {978-1-4503-2488-5},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/9LF4FR8Y/2517312.2517315.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/YYVYSARX/Gascon et al. - 2013 - Structural detection of android malware using embe.pdf}
}

@article{geneiatakisPermissionVerificationApproach2015,
  title = {A {{Permission}} Verification Approach for Android Mobile Applications},
  author = {Geneiatakis, Dimitris and Fovino, Igor Nai and Kounelis, Ioannis and Stirparo, Pasquale},
  date = {2015-03},
  journaltitle = {Computers \& Security},
  shortjournal = {Computers \& Security},
  volume = {49},
  pages = {192--205},
  issn = {01674048},
  doi = {10.1016/j.cose.2014.10.005},
  urldate = {2023-02-11},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/ENIVR8EY/Geneiatakis et al. - 2015 - A Permission verification approach for android mob.pdf}
}

@inproceedings{hoffmannSlicingDroidsProgram2013,
  title = {Slicing Droids: Program Slicing for Smali Code},
  shorttitle = {Slicing Droids},
  booktitle = {Proceedings of the 28th {{Annual ACM Symposium}} on {{Applied Computing}}},
  author = {Hoffmann, Johannes and Ussath, Martin and Holz, Thorsten and Spreitzenbarth, Michael},
  date = {2013-03-18},
  series = {{{SAC}} '13},
  pages = {1844--1851},
  publisher = {{Association for Computing Machinery}},
  location = {{New York, NY, USA}},
  doi = {10.1145/2480362.2480706},
  urldate = {2022-10-26},
  abstract = {The popularity of mobile devices like smartphones and tablets has increased significantly in the last few years with many millions of sold devices. This growth also has its drawbacks: attackers have realized that smartphones are an attractive target and in the last months many different kinds of malicious software (short: malware) for such devices have emerged. This worrisome development has the potential to hamper the prospering ecosystem of mobile devices and the potential for damage is huge. Considering these aspects, it is evident that malicious apps need to be detected early on in order to prevent further distribution and infections. This implies that it is necessary to develop techniques capable of detecting malicious apps in an automated way. In this paper, we present SAAF, a Static Android Analysis Framework for Android apps. SAAF analyzes smali code, a disassembled version of the DEX format used by Android's Java VM implementation. Our goal is to create program slices in order to perform data-flow analyses to backtrack parameters used by a given method. This helps us to identify suspicious code regions in an automated way. Several other analysis techniques such as visualization of control flow graphs or identification of ad-related code are also implemented in SAAF. In this paper, we report on program slicing for Android and present results obtained by using this technique to analyze more than 136,000 benign and about 6,100 malicious apps.},
  isbn = {978-1-4503-1656-9},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/XC3Z9ELA/Hoffmann et al. - 2013 - Slicing droids program slicing for smali code.pdf}
}

@inproceedings{jeonDrAndroidMr2012,
  title = {Dr. {{Android}} and {{Mr}}. {{Hide}}: Fine-Grained Permissions in Android Applications},
  shorttitle = {Dr. {{Android}} and {{Mr}}. {{Hide}}},
  booktitle = {Proceedings of the Second {{ACM}} Workshop on {{Security}} and Privacy in Smartphones and Mobile Devices},
  author = {Jeon, Jinseong and Micinski, Kristopher K. and Vaughan, Jeffrey A. and Fogel, Ari and Reddy, Nikhilesh and Foster, Jeffrey S. and Millstein, Todd},
  date = {2012-10-19},
  pages = {3--14},
  publisher = {{ACM}},
  location = {{Raleigh North Carolina USA}},
  doi = {10.1145/2381934.2381938},
  urldate = {2023-02-10},
  eventtitle = {{{CCS}}'12: The {{ACM Conference}} on {{Computer}} and {{Communications Security}}},
  isbn = {978-1-4503-1666-8},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/99J6WNGV/Jeon et al. - 2012 - Dr. Android and Mr. Hide fine-grained permissions.pdf}
}

@inproceedings{klieberAndroidTaintFlow2014,
  title = {Android Taint Flow Analysis for App Sets},
  booktitle = {Proceedings of the 3rd {{ACM SIGPLAN International Workshop}} on the {{State}} of the {{Art}} in {{Java Program Analysis}}},
  author = {Klieber, William and Flynn, Lori and Bhosale, Amar and Jia, Limin and Bauer, Lujo},
  date = {2014-06-12},
  pages = {1--6},
  publisher = {{ACM}},
  location = {{Edinburgh United Kingdom}},
  doi = {10.1145/2614628.2614633},
  urldate = {2023-02-10},
  eventtitle = {{{PLDI}} '14: {{ACM SIGPLAN Conference}} on {{Programming Language Design}} and {{Implementation}}},
  isbn = {978-1-4503-2919-4},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8X6YV3IE/2614628.2614633.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/9DBAXR49/Klieber et al. - 2014 - Android taint flow analysis for app sets.pdf}
}

@inproceedings{liangSoundPreciseMalware2013,
  title = {Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation},
  booktitle = {Proceedings of the {{Third ACM}} Workshop on {{Security}} and Privacy in Smartphones \& Mobile Devices},
  author = {Liang, Shuying and Keep, Andrew W. and Might, Matthew and Lyde, Steven and Gilray, Thomas and Aldous, Petey and Van Horn, David},
  date = {2013-11-08},
  series = {{{SPSM}} '13},
  pages = {21--32},
  publisher = {{Association for Computing Machinery}},
  location = {{New York, NY, USA}},
  doi = {10.1145/2516760.2516769},
  urldate = {2023-02-08},
  abstract = {Sound malware analysis of Android applications is challenging. First, object-oriented programs exhibit highly interprocedural, dynamically dispatched control structure. Second, the Android programming paradigm relies heavily on the asynchronous execution of multiple entry points. Existing analysis techniques focus more on the second challenge, while relying on traditional analytic techniques that suffer from inherent imprecision or unsoundness to solve the first. We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to soundly approximate all possible interleavings of asynchronous entry points in Android applications. (It also integrates static taint-flow analysis and least permissions analysis to expand the class of malicious behaviors which it can catch.) Anadroid provides rich user interface support for human analysts which must ultimately rule on the "maliciousness" of a behavior. To demonstrate the effectiveness of Anadroid's malware analysis, we had teams of analysts analyze a challenge suite of 52 Android applications released as part of the Automated Program Analysis for Cybersecurity (APAC) DARPA program. The first team analyzed the apps using a version of Anadroid that uses traditional (finite-state-machine-based) control-flow-analysis found in existing malware analysis tools; the second team analyzed the apps using a version of Anadroid that uses our enhanced pushdown-based control-flow-analysis. We measured machine analysis time, human analyst time, and their accuracy in flagging malicious applications. With pushdown analysis, we found statistically significant (p {$<$} 0.05) decreases in time: from 85 minutes per app to 35 minutes per app in human plus machine analysis time; and statistically significant (p {$<$} 0.05) increases in accuracy with the pushdown-driven analyzer: from 71\% correct identification to 95\% correct identification.},
  isbn = {978-1-4503-2491-5},
  keywords = {abstract interpretation,malware detection,pushdown systems,static analysis,taint analysis},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QKCQ4LWI/Liang et al. - 2013 - Sound and precise malware analysis for android via.pdf}
}

@inproceedings{liIccTADetectingInterComponent2015,
  title = {{{IccTA}}: {{Detecting Inter-Component Privacy Leaks}} in {{Android Apps}}},
  shorttitle = {{{IccTA}}},
  booktitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}}},
  author = {Li, Li and Bartel, Alexandre and Bissyande, Tegawende F. and Klein, Jacques and Le Traon, Yves and Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric and Octeau, Damien and McDaniel, Patrick},
  date = {2015-05},
  pages = {280--291},
  publisher = {{IEEE}},
  location = {{Florence, Italy}},
  doi = {10.1109/ICSE.2015.48},
  url = {http://ieeexplore.ieee.org/document/7194581/},
  urldate = {2023-02-11},
  eventtitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}} ({{ICSE}})},
  isbn = {978-1-4799-1934-5},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8HDRKSA2/IccTA_Detecting_Inter-Component_Privacy_Leaks_in_Android_Apps.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/K749QIGK/Li et al. - 2015 - IccTA Detecting Inter-Component Privacy Leaks in .pdf}
}

@inproceedings{lillackTrackingLoadtimeConfiguration2014,
  title = {Tracking Load-Time Configuration Options},
  booktitle = {Proceedings of the 29th {{ACM}}/{{IEEE International Conference}} on {{Automated Software Engineering}}},
  author = {Lillack, Max and Kästner, Christian and Bodden, Eric},
  date = {2014-09-15},
  series = {{{ASE}} '14},
  pages = {445--456},
  publisher = {{Association for Computing Machinery}},
  location = {{New York, NY, USA}},
  doi = {10.1145/2642937.2643001},
  url = {https://doi.org/10.1145/2642937.2643001},
  urldate = {2023-02-08},
  abstract = {Highly-configurable software systems are pervasive, although configuration options and their interactions raise complexity of the program and increase maintenance effort. Especially load-time configuration options, such as parameters from command-line options or configuration files, are used with standard programming constructs such as variables and if statements intermixed with the program's implementation; manually tracking configuration options from the time they are loaded to the point where they may influence control-flow decisions is tedious and error prone. We design and implement Lotrack, an extended static taint analysis to automatically track configuration options. Lotrack derives a configuration map that explains for each code fragment under which configurations it may be executed. An evaluation on Android applications shows that Lotrack yields high accuracy with reasonable performance. We use Lotrack to empirically characterize how much of the implementation of Android apps depends on the platform's configuration options or interactions of these options.},
  isbn = {978-1-4503-3013-8},
  keywords = {configuration options,static analysis,variability mining},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/3BNMD58Z/Lillack et al. - 2014 - Tracking load-time configuration options.pdf}
}

@inproceedings{liuCharacterizingDetectingPerformance2014,
  title = {Characterizing and Detecting Performance Bugs for Smartphone Applications},
  booktitle = {Proceedings of the 36th {{International Conference}} on {{Software Engineering}}},
  author = {Liu, Yepang and Xu, Chang and Cheung, Shing-Chi},
  date = {2014-05-31},
  pages = {1013--1024},
  publisher = {{ACM}},
  location = {{Hyderabad India}},
  doi = {10.1145/2568225.2568229},
  url = {https://dl.acm.org/doi/10.1145/2568225.2568229},
  urldate = {2023-02-11},
  eventtitle = {{{ICSE}} '14: 36th {{International Conference}} on {{Software Engineering}}},
  isbn = {978-1-4503-2756-5},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8JE5EF72/Liu et al. - 2014 - Characterizing and detecting performance bugs for .pdf}
}

@inproceedings{octeauCompositeConstantPropagation2015,
  title = {Composite {{Constant Propagation}}: {{Application}} to {{Android Inter-Component Communication Analysis}}},
  shorttitle = {Composite {{Constant Propagation}}},
  booktitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}}},
  author = {Octeau, Damien and Luchaup, Daniel and Dering, Matthew and Jha, Somesh and McDaniel, Patrick},
  date = {2015-05},
  pages = {77--88},
  publisher = {{IEEE}},
  location = {{Florence, Italy}},
  doi = {10.1109/ICSE.2015.30},
  url = {http://ieeexplore.ieee.org/document/7194563/},
  urldate = {2023-02-11},
  eventtitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}} ({{ICSE}})},
  isbn = {978-1-4799-1934-5},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/INM9WAVU/Octeau et al. - 2015 - Composite Constant Propagation Application to And.pdf}
}

@inproceedings{rountevStaticReferenceAnalysis2014,
  title = {Static {{Reference Analysis}} for {{GUI Objects}} in {{Android Software}}},
  booktitle = {Proceedings of {{Annual IEEE}}/{{ACM International Symposium}} on {{Code Generation}} and {{Optimization}}},
  author = {Rountev, Atanas and Yan, Dacong},
  date = {2014-02-15},
  pages = {143--153},
  publisher = {{ACM}},
  location = {{Orlando FL USA}},
  doi = {10.1145/2544137.2544159},
  url = {https://dl.acm.org/doi/10.1145/2544137.2544159},
  urldate = {2023-02-11},
  eventtitle = {{{CGO}} '14: 12th {{Annual IEEE}}/{{ACM International Symposium}} on {{Code Generation}} and {{Optimization}}},
  isbn = {978-1-4503-2670-4},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/QWSPKRZ4/Rountev et Yan - 2014 - Static Reference Analysis for GUI Objects in Andro.pdf}
}

@inproceedings{shenInformationFlowsPermission2014,
  title = {Information Flows as a Permission Mechanism},
  booktitle = {Proceedings of the 29th {{ACM}}/{{IEEE International Conference}} on {{Automated Software Engineering}}},
  author = {Shen, Feng and Vishnubhotla, Namita and Todarka, Chirag and Arora, Mohit and Dhandapani, Babu and Lehner, Eric John and Ko, Steven Y. and Ziarek, Lukasz},
  date = {2014-09-15},
  pages = {515--526},
  publisher = {{ACM}},
  location = {{Vasteras Sweden}},
  doi = {10.1145/2642937.2643018},
  url = {https://dl.acm.org/doi/10.1145/2642937.2643018},
  urldate = {2023-02-11},
  eventtitle = {{{ASE}} '14: {{ACM}}/{{IEEE International Conference}} on {{Automated Software Engineering}}},
  isbn = {978-1-4503-3013-8},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/ZQSXYZNX/Shen et al. - 2014 - Information flows as a permission mechanism.pdf}
}

@inproceedings{titzeAppareciumRevealingData2015,
  title = {Apparecium: {{Revealing Data Flows}} in {{Android Applications}}},
  shorttitle = {Apparecium},
  booktitle = {2015 {{IEEE}} 29th {{International Conference}} on {{Advanced Information Networking}} and {{Applications}}},
  author = {Titze, Dennis and Schutte, Julian},
  date = {2015-03},
  pages = {579--586},
  publisher = {{IEEE}},
  location = {{Gwangiu, South Korea}},
  doi = {10.1109/AINA.2015.239},
  url = {http://ieeexplore.ieee.org/document/7098024/},
  urldate = {2023-02-11},
  eventtitle = {2015 {{IEEE}} 29th {{International Conference}} on {{Advanced Information Networking}} and {{Applications}} ({{AINA}})},
  isbn = {978-1-4799-7905-9},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/T6I4SND6/Titze et Schutte - 2015 - Apparecium Revealing Data Flows in Android Applic.pdf}
}

@inproceedings{vidasA5AutomatedAnalysis2014,
  title = {A5: {{Automated Analysis}} of {{Adversarial Android Applications}}},
  shorttitle = {A5},
  booktitle = {Proceedings of the 4th {{ACM Workshop}} on {{Security}} and {{Privacy}} in {{Smartphones}} \& {{Mobile Devices}}},
  author = {Vidas, Timothy and Tan, Jiaqi and Nahata, Jay and Tan, Chaur Lih and Christin, Nicolas and Tague, Patrick},
  date = {2014-11-07},
  pages = {39--50},
  publisher = {{ACM}},
  location = {{Scottsdale Arizona USA}},
  doi = {10.1145/2666620.2666630},
  url = {https://dl.acm.org/doi/10.1145/2666620.2666630},
  urldate = {2023-02-11},
  eventtitle = {{{CCS}}'14: 2014 {{ACM SIGSAC Conference}} on {{Computer}} and {{Communications Security}}},
  isbn = {978-1-4503-3155-5},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/CPKK7RNR/2666620.2666630.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/LJCIRR3J/Vidas et al. - 2014 - A5 Automated Analysis of Adversarial Android Appl.pdf}
}

@article{weiAmandroidPreciseGeneral2018,
  title = {Amandroid: {{A Precise}} and {{General Inter-component Data Flow Analysis Framework}} for {{Security Vetting}} of {{Android Apps}}},
  shorttitle = {Amandroid},
  author = {Wei, Fengguo and Roy, Sankardas and Ou, Xinming and {Robby}},
  date = {2018-08-31},
  journaltitle = {ACM Transactions on Privacy and Security},
  shortjournal = {ACM Trans. Priv. Secur.},
  volume = {21},
  number = {3},
  pages = {1--32},
  issn = {2471-2566, 2471-2574},
  doi = {10.1145/3183575},
  url = {https://dl.acm.org/doi/10.1145/3183575},
  urldate = {2023-02-11},
  abstract = {We present a new approach to static analysis for security vetting of Android apps and a general framework called Amandroid. Amandroid determines points-to information for all objects in an Android app component in a flow and context-sensitive (user-configurable) way and performs data flow and data dependence analysis for the component. Amandroid also tracks inter-component communication activities. It can stitch the component-level information into the app-level information to perform intra-app or inter-app analysis. In this article, (a) we show that the aforementioned type of comprehensive app analysis is completely feasible in terms of computing resources with modern hardware, (b) we demonstrate that one can easily leverage the results from this general analysis to build various types of specialized security analyses—in many cases the amount of additional coding needed is around 100 lines of code, and (c) the result of those specialized analyses leveraging Amandroid is at least on par and often exceeds prior works designed for the specific problems, which we demonstrate by comparing Amandroid’s results with those of prior works whenever we can obtain the executable of those tools. Since Amandroid’s analysis directly handles inter-component control and data flows, it can be used to address security problems that result from interactions among multiple components from either the same or different apps. Amandroid’s analysis is sound in that it can provide assurance of the absence of the specified security problems in an app with well-specified and reasonable assumptions on Android runtime system and its library.},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/5IDHRP5H/Wei et al. - 2018 - Amandroid A Precise and General Inter-component D.pdf}
}

@article{wognsenFormalisationAnalysisDalvik2014,
  title = {Formalisation and Analysis of {{Dalvik}} Bytecode},
  author = {Wognsen, Erik Ramsgaard and Karlsen, Henrik Søndberg and Olesen, Mads Chr. and Hansen, René Rydhof},
  date = {2014-10},
  journaltitle = {Science of Computer Programming},
  shortjournal = {Science of Computer Programming},
  volume = {92},
  pages = {25--55},
  issn = {01676423},
  doi = {10.1016/j.scico.2013.11.037},
  url = {https://linkinghub.elsevier.com/retrieve/pii/S0167642313003304},
  urldate = {2023-02-11},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/69DQRABJ/Wognsen et al. - 2014 - Formalisation and analysis of Dalvik bytecode.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/X9LQ5YCI/1-s2.0-S0167642313003304-main.pdf}
}

@inproceedings{yangStaticControlFlowAnalysis2015,
  title = {Static {{Control-Flow Analysis}} of {{User-Driven Callbacks}} in {{Android Applications}}},
  booktitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}}},
  author = {Yang, Shengqian and Yan, Dacong and Wu, Haowei and Wang, Yan and Rountev, Atanas},
  date = {2015-05},
  pages = {89--99},
  publisher = {{IEEE}},
  location = {{Florence, Italy}},
  doi = {10.1109/ICSE.2015.31},
  url = {http://ieeexplore.ieee.org/document/7194564/},
  urldate = {2023-02-11},
  eventtitle = {2015 {{IEEE}}/{{ACM}} 37th {{IEEE International Conference}} on {{Software Engineering}} ({{ICSE}})},
  isbn = {978-1-4799-1934-5},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/LH7HE28Q/Yang et al. - 2015 - Static Control-Flow Analysis of User-Driven Callba.pdf}
}

@inproceedings{zhauniarovichStaDynAAddressingProblem2015,
  title = {{{StaDynA}}: {{Addressing}} the {{Problem}} of {{Dynamic Code Updates}} in the {{Security Analysis}} of {{Android Applications}}},
  shorttitle = {{{StaDynA}}},
  booktitle = {Proceedings of the 5th {{ACM Conference}} on {{Data}} and {{Application Security}} and {{Privacy}}},
  author = {Zhauniarovich, Yury and Ahmad, Maqsood and Gadyatskaya, Olga and Crispo, Bruno and Massacci, Fabio},
  date = {2015-03-02},
  pages = {37--48},
  publisher = {{ACM}},
  location = {{San Antonio Texas USA}},
  doi = {10.1145/2699026.2699105},
  url = {https://dl.acm.org/doi/10.1145/2699026.2699105},
  urldate = {2023-02-11},
  eventtitle = {{{CODASPY}}'15: {{Fifth ACM Conference}} on {{Data}} and {{Application Security}} and {{Privacy}}},
  isbn = {978-1-4503-3191-3},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/Z9BCFAJY/Zhauniarovich et al. - 2015 - StaDynA Addressing the Problem of Dynamic Code Up.pdf}
}
@article{Li2017,
  title = {Static Analysis of Android Apps: {{A}} Systematic Literature Review},
  author = {Li, Li and Bissyandé, Tegawendé F. and Papadakis, Mike and Rasthofer, Siegfried and Bartel, Alexandre and Octeau, Damien and Klein, Jacques and Le Traon, Yves},
  date = {2017},
  journaltitle = {Information and Software Technology},
  volume = {88},
  pages = {67--95},
  issn = {09505849},
  doi = {10.1016/j.infsof.2017.04.001},
  abstract = {Context Static analysis exploits techniques that parse program source code or bytecode, often traversing program paths to check some program properties. Static analysis approaches have been proposed for different tasks, including for assessing the security of Android apps, detecting app clones, automating test cases generation, or for uncovering non-functional issues related to performance or energy. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps. Objective We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put, and enumerate the key aspects where future researches are still needed. Method We have performed a systematic literature review (SLR) which involves studying 124 research papers published in software engineering, programming languages and security venues in the last 5 years (January 2011–December 2015). This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results Our in-depth examination has led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available. Conclusion The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/3JL36E6L/1-s2.0-S0950584917302987-main.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/4M2MB6RS/Li et al. - 2017 - Static analysis of android apps A systematic lite.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/U77CUK9D/S0950584917302987.html}
}
@article{luoTaintBenchAutomaticRealworld2022,
  title = {{{TaintBench}}: {{Automatic}} Real-World Malware Benchmarking of {{Android}} Taint Analyses},
  shorttitle = {{{TaintBench}}},
  author = {Luo, Linghui and Pauck, Felix and Piskachev, Goran and Benz, Manuel and Pashchenko, Ivan and Mory, Martin and Bodden, Eric and Hermann, Ben and Massacci, Fabio},
  date = {2022-01},
  journaltitle = {Empirical Software Engineering},
  shortjournal = {Empir Software Eng},
  volume = {27},
  number = {1},
  pages = {16},
  issn = {1382-3256, 1573-7616},
  doi = {10.1007/s10664-021-10013-5},
  url = {https://link.springer.com/10.1007/s10664-021-10013-5},
  urldate = {2023-02-13},
  abstract = {Abstract                            Due to the lack of established real-world benchmark suites for static taint analyses of Android applications, evaluations of these analyses are often restricted and hard to compare. Even in evaluations that do use real-world apps, details about the ground truth in those apps are rarely documented, which makes it difficult to compare and reproduce the results. To push Android taint analysis research forward, this paper thus recommends criteria for constructing real-world benchmark suites for this specific domain, and presents               TaintBench               , the first real-world               malware               benchmark suite with documented taint flows.               TaintBench               benchmark apps include taint flows with complex structures, and addresses static challenges that are commonly agreed on by the community. Together with the               TaintBench               suite, we introduce the               TaintBench               framework, whose goal is to simplify real-world benchmarking of Android taint analyses. First, a usability test shows that the framework improves experts’ performance and perceived usability when documenting and inspecting taint flows. Second, experiments using               TaintBench               reveal new insights for the taint analysis tools               Amandroid               and               FlowDroid               : (i) They are less effective on real-world malware apps than on synthetic benchmark apps. (ii) Predefined lists of sources and sinks heavily impact the tools’ accuracy. (iii) Surprisingly, up-to-date versions of both tools are less accurate than their predecessors.},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/8UTN2I89/Luo et al. - 2022 - TaintBench Automatic real-world malware benchmark.pdf}
}

@inproceedings{pauckAndroidTaintAnalysis2018,
  title = {Do {{Android}} Taint Analysis Tools Keep Their Promises?},
  booktitle = {Proceedings of the 2018 26th {{ACM Joint Meeting}} on {{European Software Engineering Conference}} and {{Symposium}} on the {{Foundations}} of {{Software Engineering}}},
  author = {Pauck, Felix and Bodden, Eric and Wehrheim, Heike},
  date = {2018-10-26},
  pages = {331--341},
  publisher = {{ACM}},
  location = {{Lake Buena Vista FL USA}},
  doi = {10.1145/3236024.3236029},
  url = {https://dl.acm.org/doi/10.1145/3236024.3236029},
  urldate = {2023-02-13},
  eventtitle = {{{ESEC}}/{{FSE}} '18: 26th {{ACM Joint European Software Engineering Conference}} and {{Symposium}} on the {{Foundations}} of {{Software Engineering}}},
  isbn = {978-1-4503-5573-5},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/DSMG5QEE/3236024.3236029.pdf;/home/jf/snap/zotero-snap/common/Zotero/storage/JVQWJV6Z/Pauck et al. - 2018 - Do Android taint analysis tools keep their promise.pdf}
}
@inproceedings{bosuCollusiveDataLeak2017,
  title = {Collusive {{Data Leak}} and {{More}}: {{Large-scale Threat Analysis}} of {{Inter-app Communications}}},
  shorttitle = {Collusive {{Data Leak}} and {{More}}},
  booktitle = {Proceedings of the 2017 {{ACM}} on {{Asia Conference}} on {{Computer}} and {{Communications Security}}},
  author = {Bosu, Amiangshu and Liu, Fang and Yao, Danfeng (Daphne) and Wang, Gang},
  date = {2017-04-02},
  pages = {71--85},
  publisher = {{ACM}},
  location = {{Abu Dhabi United Arab Emirates}},
  doi = {10.1145/3052973.3053004},
  url = {https://dl.acm.org/doi/10.1145/3052973.3053004},
  urldate = {2023-02-13},
  eventtitle = {{{ASIA CCS}} '17: {{ACM Asia Conference}} on {{Computer}} and {{Communications Security}}},
  isbn = {978-1-4503-4944-4},
  langid = {english},
  file = {/home/jf/snap/zotero-snap/common/Zotero/storage/KGRWZUY8/Bosu et al. - 2017 - Collusive Data Leak and More Large-scale Threat A.pdf}
},


@article{desnos:adnroguard:2011,
  title={Android: From Reversing to Decompilation},
  author={Desnos, Anthony and Gueguen, Geoffroy},
  journal={Black Hat Abu Dhabi},
  year={2011},
  url={https://media.blackhat.com/bh-ad-11/Desnos/bh-ad-11-DesnosGueguen-Andriod-Reversing_to_Decompilation_WP.pdf},

},

@article{reaves_droid_2016,
	title = {*droid: {Assessment} and {Evaluation} of {Android} {Application} {Analysis} {Tools}},
	volume = {49},
	issn = {0360-0300},
	shorttitle = {*droid},
	url = {https://doi.org/10.1145/2996358},
	doi = {10.1145/2996358},
	abstract = {The security research community has invested significant effort in improving the security of Android applications over the past half decade. This effort has addressed a wide range of problems and resulted in the creation of many tools for application analysis. In this article, we perform the first systematization of Android security research that analyzes applications, characterizing the work published in more than 17 top venues since 2010. We categorize each paper by the types of problems they solve, highlight areas that have received the most attention, and note whether tools were ever publicly released for each effort. Of the released tools, we then evaluate a representative sample to determine how well application developers can apply the results of our community’s efforts to improve their products. We find not only that significant work remains to be done in terms of research coverage but also that the tools suffer from significant issues ranging from lack of maintenance to the inability to produce functional output for applications with known vulnerabilities. We close by offering suggestions on how the community can more successfully move forward.},
	number = {3},
	urldate = {2023-01-10},
	journal = {ACM Computing Surveys},
	author = {Reaves, Bradley and Bowers, Jasmine and Gorski III, Sigmund Albert and Anise, Olabode and Bobhate, Rahul and Cho, Raymond and Das, Hiranava and Hussain, Sharique and Karachiwala, Hamza and Scaife, Nolen and Wright, Byron and Butler, Kevin and Enck, William and Traynor, Patrick},
	month = oct,
	year = {2016},
	keywords = {Android, application security, program analysis},
	pages = {55:1--55:30},
	file = {Full Text PDF:/home/histausse/Zotero/storage/8JZFY54J/Reaves et al. - 2016 - droid Assessment and Evaluation of Android Appli.pdf:application/pdf},
}


@inproceedings{mauthe_large-scale_2021,
	title = {A {Large}-{Scale} {Empirical} {Study} of {Android} {App} {Decompilation}},
	doi = {10.1109/SANER50967.2021.00044},
	abstract = {Decompilers are indispensable tools in Android malware analysis and app security auditing. Numerous academic works also employ an Android decompiler as the first step in a program analysis pipeline. In such settings, decompilation is frequently regarded as a "solved" problem, in that it is simply expected that source code can be accurately recovered from an app. While a large proportion of methods in an app can typically be decompiled successfully, it is common that at least some methods fail to decompile. In order to better understand the practical applicability of techniques in which decompilation is used as part of an automated analysis, it is important to know the actual expected failure rate of Android decompilation. To this end, we have performed what is, to the best of our knowledge, the first large-scale study of Android decompilation failure rates. We have used three sets of apps, consisting of, respectively, 3,018 open-source apps, 13,601 apps from a recent crawl of Google Play, and a collection of 24,553 malware samples. In addition to the state-of-the-art Dalvik bytecode decompiler jadx, we used three popular Java decompilers. While jadx achieves an impressively low failure rate of only 0.02\% failed methods per app on average, we found that it manages to recover source code for all methods in only 21\% of the Google Play apps.We have also sought to better understand the degree to which in-the-wild obfuscation techniques can prevent decompilation. Our empirical evaluation, complemented with an indepth manual analysis of a number of apps, indicate that code obfuscation is quite rarely encountered, even in malicious apps. Moreover, decompilation failures mostly appear to be caused by technical limitations in decompilers, rather than by deliberate attempts to thwart source-code recovery by obfuscation. This is an encouraging finding, as it indicates that near-perfect Android decompilation is, at least in theory, achievable, with implementation-level improvements to decompilation tools.},
	booktitle = {2021 {IEEE} {International} {Conference} on {Software} {Analysis}, {Evolution} and {Reengineering} ({SANER})},
	author = {Mauthe, Noah and Kargén, Ulf and Shahmehri, Nahid},
	month = mar,
	year = {2021},
	note = {ISSN: 1534-5351},
	keywords = {Android, Java, Malware, malware, reverse engineering, mobile apps, obfuscation, Tools, Conferences, decompilation, Manuals, Pipelines, Process control},
	pages = {400--410},
	file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/RWT9CKBF/9425937.html:text/html;Mauthe et al. - 2021 - A Large-Scale Empirical Study of Android App Decom.pdf:/home/histausse/Zotero/storage/I8KKRIJV/Mauthe et al. - 2021 - A Large-Scale Empirical Study of Android App Decom.pdf:application/pdf},
}

@ARTICLE{9118907,
	author={Pan, Ya and Ge, Xiuting and Fang, Chunrong and Fan, Yong},
	journal={IEEE Access}, 
	title={A Systematic Literature Review of Android Malware Detection Using Static Analysis}, 
	year={2020},
	volume={8},
	number={},
	pages={116363-116379},
	keywords={Malware;Static analysis;Feature extraction;Analytical models;Bibliographies;Sensitivity;Systematics;Android malware detection;static analysis;systematic literature review},
	doi={10.1109/ACCESS.2020.3002842}}

@inproceedings{zhang2015dexhunter,
	author={Zhang, Yueqian and Luo, Xiapu and Yin, Haoyang},
	title={Dexhunter: toward extracting hidden code from packed android applications},
	booktitle={European Symposium on Research in Computer Security},
	number={20},
	address={Vienna, Austria},
	pages={293--311},
	month={nov},
	year={2015},
	publisher={Springer}
} 
@inproceedings{liao2016automated,
	author={Liao, Yibin and Li, Jiakuan and Li, Bo and Zhu, Guodong and Yin, Yue and Cai, Ruoyan},
	title={Automated Detection and Classification for Packed Android Applications},
	booktitle={International Conference on Mobile Services},
	address={San Francisco, USA},
	pages={200--203},
	month={jun},
	year={2016},
	publisher={IEEE}
}
@inproceedings{xue2017adaptive,
	author={Xue, Lei and Luo, Xiapu and Yu, Le and Wang, Shuai and Wu, Dinghao},
	title={Adaptive unpacking of Android apps},
	booktitle={International Conference on Software Engineering},
	number={39},
	address={Buenos Aires, Argentina},
	pages={358--369},
	month={may},
	year={2017},
	publisher={IEEE}
} 
@inproceedings{wong2018tackling,
	author={Wong, Michelle Y and Lie, David},
	title={Tackling runtime-based obfuscation in Android with TIRO},
	booktitle={USENIX Security Symposium},
	number={27},
	address={Baltimore, USA},
	pages={1247-1262},
	month={aug},
	year={2018},
	publisher={USENIX}
} 


@article{Egele2012,
	title = {A survey on automated dynamic malware-analysis techniques and tools},
	volume = {44},
	issn = {03600300},
	doi = {10.1145/2089125.2089126},
	number = {2},
	journaltitle = {{ACM} Computing Surveys},
	author = {Egele, Manuel and Scholte, Theodoor and Kirda, Engin and Kruegel, Christopher},
	date = {2012},
	note = {{ISBN}: 0360-0300},
	file = {PDF:/home/jf/Zotero/storage/6FHSYVW2/Egele et al. - 2012 - A survey on automated dynamic malware-analysis techniques and tools.pdf:application/pdf},
}



@inproceedings{Arzt2013,
	location = {Rennes, France},
	title = {Instrumenting Android and Java Applications as Easy as abc},
	volume = {8174},
	isbn = {978-3-642-40786-4},
	doi = {10.1007/978-3-642-40787-1_26},
	pages = {364--381},
	booktitle = {Fourth International Conference on Runtime Verification},
	publisher = {Springer Berlin Heidelberg},
	author = {Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric},
	date = {2013-09},
	note = {Series Title: {LNCS}},
	keywords = {★, security, dynamic analysis, android, java, runtime},
	file = {PDF:/home/jf/Zotero/storage/LPNNXEJI/Arzt, Rasthofer, Bodden - 2013 - Instrumenting Android and Java Applications as Easy as abc.pdf:application/pdf},
}

@inproceedings{mineau_evaluating_2024,
	location = {Limassol, Cyprus},
	title = {Evaluating the Reusability of Android Static Analysis Tools},
	volume = {{LNCS} 14614},
	rights = {All rights reserved},
	url = {http://dx.doi.org/10.1007/978-3-031-66459-5_10},
	doi = {10.1007/978-3-031-66459-5_10},
	series = {{LNCS}},
	shorttitle = {Rank B in {CORE}.},
	pages = {153--170},
	booktitle = {{ICSR} 2024 - 21st International Conference on Software and Systems Reuse},
	publisher = {Springer},
	author = {Mineau, Jean-Marie and Lalande, Jean-François},
	date = {2024-06},
	note = {Medium: {ICSR} 2024},
}


@inproceedings{Duan2018,
	title = {Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation},
	booktitle = {24th Annual Network and Distributed System Security Symposium},
	author = {Duan, Yue and Zhang, Mu and Bhaskar, Abhishek Vasisht and Yin, Heng and Pan, Xiaorui and Li, Tongxin and Wang, Xueqiang and Wang, Xiaofeng},
	date = {2018},
	note = {Issue: February},
	keywords = {★},
	file = {PDF:/home/jf/Zotero/storage/Y3TWNQKP/Duan et al. - 2018 - Things You May Not Know About Android (Un)Packers A Systematic Study based on Whole-System Emulation.pdf:application/pdf},
}

@article{he_systematic_2023,
	title = {A {Systematic} {Study} of {Android} {Non}-{SDK} ({Hidden}) {Service} {API} {Security}},
	volume = {20},
	issn = {1941-0018},
	url = {https://ieeexplore.ieee.org/abstract/document/9739878},
	doi = {10.1109/TDSC.2022.3160872},
	abstract = {Android allows apps to communicate with its system services via system service helpers so that these apps can use various functions provided by the system services. Meanwhile, the system services rely on their service helpers to enforce security checks for protection. Unfortunately, the security checks in the service helpers may be bypassed via directly exploiting the non-SDK (hidden) APIs, degrading the stability and posing severe security threats such as privilege escalation, automatic function execution without users’ interactions, crashes, and DoS attacks. Google has proposed various approaches to address this problem, e.g., case-by-case fixing the bugs or even proposing a blacklist to block all the non-SDK APIs. However, the developers can still figure out new ways of exploiting these hidden APIs to evade the non-SDKs restrictions. In this article, we systematically study the vulnerabilities due to the hidden API exploitation and analyze the effectiveness of Google’s countermeasures. We aim to answer if there are still vulnerable hidden APIs that can be exploited in newest Android 12. We develop a static analysis tool called {\textbackslash}sf ServiceAuditServiceAudit to automatically mine the inconsistent security enforcement between service helper classes and the hidden service APIs. We apply {\textbackslash}sf ServiceAuditServiceAudit to Android 6{\textbackslash}sim∼12. Our tool discovers 112 vulnerabilities in Android 6 with a higher precision than existing approaches. Moreover, in Android 11 and 12, we identify more than 25 hidden APIs with inconsistent protections; however, only one of the vulnerable APIs can lead to severe security problem in Android 11, and none of them work on Android 12.},
	number = {2},
	urldate = {2024-09-09},
	journal = {IEEE Transactions on Dependable and Secure Computing},
	author = {He, Yi and Gu, Yacong and Su, Purui and Sun, Kun and Zhou, Yajin and Wang, Zhi and Li, Qi},
	month = mar,
	year = {2023},
	note = {Conference Name: IEEE Transactions on Dependable and Secure Computing},
	keywords = {Security, Android, security, Internet, Smart phones, Static analysis, Codes, Sun, Blocklists, non-sdk API},
	pages = {1609--1623},
	file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/7U7WUIFL/9739878.html:text/html;Submitted Version:/home/histausse/Zotero/storage/74BN4HRJ/He et al. - 2023 - A Systematic Study of Android Non-SDK (Hidden) Service API Security.pdf:application/pdf},
}

@inproceedings{li_accessing_2016,
	title = {Accessing {Inaccessible} {Android} {APIs}: {An} {Empirical} {Study}},
	shorttitle = {Accessing {Inaccessible} {Android} {APIs}},
	url = {https://ieeexplore.ieee.org/abstract/document/7816486},
	doi = {10.1109/ICSME.2016.35},
	abstract = {As Android becomes a de-facto choice of development platform for mobile apps, developers extensively leverage its accompanying Software Development Kit to quickly build their apps. This SDK comes with a set of APIs which developers may find limited in comparison to what system apps can do or what framework developers are preparing to harness capabilities of new generation devices. Thus, developers may attempt to explore in advance the normally "inaccessible" APIs for building unique API-based functionality in their app. The Android programming model is unique in its kind. Inaccessible APIs, which however are used by developers, constitute yet another specificity of Android development, and is worth investigating to understand what they are, how they evolve over time, and who uses them. To that end, in this work, we empirically investigate 17 important releases of the Android framework source code base, and we find that inaccessible APIs are commonly implemented in the Android framework, which are further neither forward nor backward compatible. Moreover, a small set of inaccessible APIs can eventually become publicly accessible, while most of them are removed during the evolution, resulting in risks for such apps that have leveraged inaccessible APIs. Finally, we show that inaccessible APIs are indeed accessed by third-party apps, and the official Google Play store has tolerated the proliferation of apps leveraging inaccessible API methods.},
	urldate = {2024-09-09},
	booktitle = {2016 {IEEE} {International} {Conference} on {Software} {Maintenance} and {Evolution} ({ICSME})},
	author = {Li, Li and Bissyandé, Tegawendé F. and Le Traon, Yves and Klein, Jacques},
	month = oct,
	year = {2016},
	keywords = {Androids, Google, Humanoid robots, Software, Libraries, Runtime, Ecosystems},
	pages = {411--422},
	file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/WQ564CZA/7816486.html:text/html;PDF:/home/histausse/Zotero/storage/ZTDU84BY/Li et al. - 2016 - Accessing Inaccessible Android APIs An Empirical Study.pdf:application/pdf},
}

@article{tozawa_formalization_2002,
	title = {Formalization and {Analysis} of {Class} {Loading} in {Java}},
	volume = {15},
	issn = {1573-0557},
	url = {https://doi.org/10.1023/A:1019912130555},
	doi = {10.1023/A:1019912130555},
	abstract = {Since Java security relies on the type-safety of the JVM, many formal approaches have been taken in order to prove the soundness of the JVM. This paper presents a new formalization of the JVM and proves its soundness. It is the first model to employ dynamic linking and bytecode verification to analyze the loading constraint scheme of Java2. The key concept required for proving the soundness of the new model is augmented value typing, which is defined from ordinary value typing combined with the loading constraint scheme. In proving the soundness of the model, it is shown that there are some problems inside the current reference implementation of the JVM with respect to our model. We also analyze the findClass scheme, newly introduced in Java2. The same analysis also shows why applets cannot exploit the type-spoofing vulnerability reported by Saraswat, which led to the introduction of the loading constraint scheme.},
	language = {en},
	number = {1},
	urldate = {2024-04-30},
	journal = {Higher-Order and Symbolic Computation},
	author = {Tozawa, Akihiko and Hagiya, Masami},
	month = mar,
	year = {2002},
	keywords = {security, Java, class loading},
	pages = {7--55},
	file = {Tozawa and Hagiya - 2002 - Formalization and Analysis of Class Loading in Jav.pdf:/home/histausse/Zotero/storage/YCL3ULAF/Tozawa and Hagiya - 2002 - Formalization and Analysis of Class Loading in Jav.pdf:application/pdf},
}


@article{gong_secure_1998,
	title = {Secure {Java} class loading},
	volume = {2},
	issn = {1941-0131},
	url = {https://ieeexplore.ieee.org/abstract/document/735987},
	doi = {10.1109/4236.735987},
	abstract = {The class loading mechanism, central to Java, plays a key role in JDK 1.2 by enabling an improved security policy that is permission-based and extensible. The author concludes that JDK 1.2 has introduced a powerful and secure class loading mechanism. It not only enforces type safety and name space separation but also has a significant role in the new security architecture that supports fine grained, permission based access control. The new class loading mechanism's flexibility-through its delegation scheme and the rich set of class loader classes-gives Java applications and applets greater freedom to customize and specify how, when, and from where classes are loaded. Because the class loading mechanism is central to both the correctness and the security of the Java runtime system, we would like to model and define this mechanism, perhaps in a formal verification system. We can then obtain a formal specification and prove (or disprove) that the mechanism as currently designed is sufficient for security.},
	number = {6},
	urldate = {2024-04-30},
	journal = {IEEE Internet Computing},
	author = {Gong, Li},
	month = nov,
	year = {1998},
	note = {Conference Name: IEEE Internet Computing},
	keywords = {Internet, Java, File systems, Access control, Computer architecture, Computer security, Layout, Permission, Public key, Sun},
	pages = {56--61},
	file = {Gong - 1998 - Secure Java class loading.pdf:/home/histausse/Zotero/storage/4REG3E94/Gong - 1998 - Secure Java class loading.pdf:application/pdf;IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/5D7Z3JNH/735987.html:text/html},
}

@article{liang_dynamic_1998,
	title = {Dynamic class loading in the {Java} virtual machine},
	volume = {33},
	issn = {0362-1340},
	url = {https://dl.acm.org/doi/10.1145/286942.286945},
	doi = {10.1145/286942.286945},
	abstract = {Class loaders are a powerful mechanism for dynamically loading software components on the Java platform. They are unusual in supporting all of the following features: laziness, type-safe linkage, user-defined extensibility, and multiple communicating namespaces.We present the notion of class loaders and demonstrate some of their interesting uses. In addition, we discuss how to maintain type safety in the presence of user-defined dynamic class loading.},
	number = {10},
	urldate = {2024-10-15},
	journal = {SIGPLAN Not.},
	author = {Liang, Sheng and Bracha, Gilad},
	month = oct,
	year = {1998},
	pages = {36--44},
	file = {Full Text PDF:/home/histausse/Zotero/storage/5N43QJ69/Liang and Bracha - 1998 - Dynamic class loading in the Java virtual machine.pdf:application/pdf},
}


@inproceedings{zhou_dynamic_2022,
	title = {Dynamic {Class} {Generating} and {Loading} {Technology} in {Android} {Web} {Application}},
	url = {https://ieeexplore.ieee.org/abstract/document/9851782},
	doi = {10.1109/ISNCC55209.2022.9851782},
	abstract = {Google’s android operating system has been widely used since being released, and occupies a major share of the market in the field of mobile computation. In Android, user applications mostly run in the dalvik virtual machine (DVM) due to the copyrights. The byte codes that the DVM use are different from the java virtual machine (JVM), so the class files that conform to the Java specification can’t be loaded and executed directly in android. Based on the analysis of the class loading mechanism of DVM and JVM, this paper proposes the dynamic class generating and loading mechanism in Android with existing technologies. The mechanism solves the compatibility problem caused by the differences of class file byte code, and extends the thought of ‘written once, run anywhere’. Two simple applications demonstrate the validity and effectiveness of the technology.},
	urldate = {2024-04-30},
	booktitle = {2022 {International} {Symposium} on {Networks}, {Computers} and {Communications} ({ISNCC})},
	author = {Zhou, Wenwen and Yongzhi, Yang and Wang, Jiejuan},
	month = jul,
	year = {2022},
	keywords = {android, Java, Smart phones, dynamic, Loading, byte code, class load, Codes, compatibility, Computers, dalvik, java virtual machine, Operating systems, Virtual machining},
	pages = {1--6},
	file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/ZR9MJBAG/9851782.html:text/html;Zhou et al. - 2022 - Dynamic Class Generating and Loading Technology in.pdf:/home/histausse/Zotero/storage/5X4AAR9N/Zhou et al. - 2022 - Dynamic Class Generating and Loading Technology in.pdf:application/pdf},
}

@inproceedings{kriz_provisioning_2015,
	title = {Provisioning of application modules to {Android} devices},
	url = {https://ieeexplore.ieee.org/abstract/document/7129009},
	doi = {10.1109/RADIOELEK.2015.7129009},
	abstract = {The Google Android platform supports provisioning of packaged applications to an Android device. However, an existing approach requires user's interaction during the installation of a new application or its modules. We present a new approach to dynamic modules loading which enables provisioning of new modules to Android device dynamically without the interaction with the user. It will allow complex applications to adapt to the surrounding conditions and requirements of the user by downloading additional code from a server or a neighboring peer device. In our solution we propose to replace the default application class-loader with a custom one while employing some existing mechanisms of class-loading from APK packages at the Android platform.},
	urldate = {2024-04-30},
	booktitle = {2015 25th {International} {Conference} {Radioelektronika} ({RADIOELEKTRONIKA})},
	author = {Kriz, Pavel and Maly, Filip},
	month = apr,
	year = {2015},
	keywords = {Android, Androids, Humanoid robots, Java, Mobile handsets, Servers, Loading, class loading, Java Reflection API, m-client, modular application, Reflection},
	pages = {423--426},
	file = {IEEE Xplore Abstract Record:/home/histausse/Zotero/storage/QEQLZHMD/7129009.html:text/html;Kriz and Maly - 2015 - Provisioning of application modules to Android dev.pdf:/home/histausse/Zotero/storage/8GRUYQLQ/Kriz and Maly - 2015 - Provisioning of application modules to Android dev.pdf:application/pdf},
}