{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T03:08:28Z","timestamp":1743044908258,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":64,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819635306"},{"type":"electronic","value":"9789819635313"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-3531-3_12","type":"book-chapter","created":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:10:46Z","timestamp":1741867846000},"page":"232-253","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Auditing and\u00a0Attributing Behaviours of\u00a0Suspicious Android Health Applications"],"prefix":"10.1007","author":[{"given":"Muhammad","family":"Salman","sequence":"first","affiliation":[]},{"given":"I. Wayan Budi","family":"Santana","sequence":"additional","affiliation":[]},{"given":"Muhammad","family":"Ikram","sequence":"additional","affiliation":[]},{"given":"Mohamed Ali","family":"Kaafar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,14]]},"reference":[{"key":"12_CR1","unstructured":"Lief documentation - android formats and the API to use them. https:\/\/lief-project.github.io\/doc\/latest\/tutorials\/10_android_formats.html"},{"key":"12_CR2","unstructured":"1byone: 1byone health. https:\/\/play.google.com\/store\/apps\/details?id=com.quhwa.health"},{"key":"12_CR3","unstructured":"Airnow. https:\/\/airnowmonetization.com"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Alfawzan, N., Christen, M., Spitale, G., Biller-Andorno, N.: Privacy, data sharing, and data security policies of women\u2019s mhealth apps: scoping review and content analysis. JMIR Mhealth Uhealth 10(5), e33735 (2022). https:\/\/mhealth.jmir.org\/2022\/5\/e33735","DOI":"10.2196\/33735"},{"key":"12_CR5","unstructured":"Anderson, H.S., Roth, P.: Ember: an open dataset for training static PE malware machine learning models (2018). arXiv preprint arXiv:1804.04637"},{"key":"12_CR6","unstructured":"Apktool. https:\/\/ibotpeaches.github.io\/Apktool\/"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K., Siemens, C.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS, vol.\u00a014, pp. 23\u201326 (2014)","DOI":"10.14722\/ndss.2014.23247"},{"issue":"6","key":"12_CR8","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices 49(6), 259\u2013269 (2014)","journal-title":"ACM Sigplan Notices"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Au, K.W.Y., Zhou, Y.F., Huang, Z., Lie, D.: PScout: analyzing the android permission specification. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp. 217\u2013228 (2012)","DOI":"10.1145\/2382196.2382222"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Boulos, M.N.K., Brewer, A.C., Karimkhani, C., Buller, D.B., Dellavalle, R.P.: Mobile medical and health apps: state of the art, concerns, regulatory control and certification. Online J. Public Health Inform. 5(3), 229 (2014)","DOI":"10.5210\/ojphi.v5i3.4814"},{"key":"12_CR11","unstructured":"BouncyCastle: Raccoon \u2013 the APK donwloader. https:\/\/raccoon.onyxbits.de\/"},{"key":"12_CR12","unstructured":"Case, J.: rednaga\/apkid. https:\/\/github.com\/rednaga\/APKiD"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Chau, N., Jung, S.: An entropy-based solution for identifying android packers. IEEE Access 7, 28412\u201328421 (2019)","DOI":"10.1109\/ACCESS.2019.2901522"},{"key":"12_CR14","unstructured":"Chen, C.: Android community worried about presence of \"chinese spyware\" by qihoo 360 in samsung smartphones and tablets (2020). https:\/\/www.privateinternetaccess.com\/blog\/android-community-worried-about-presence-of-chinese-spyware-by-qihoo-360-in-samsung-smartphones-and-tablets\/"},{"key":"12_CR15","unstructured":"Collier, N.: Pre-installed auto installer threat found on android mobile devices in Germany (2021). https:\/\/www.malwarebytes.com\/blog\/news\/2021\/04\/pre-installed-auto-installer-threat-found-on-android-mobile-devices-in-germany. Accessed 01 July 2024"},{"issue":"1","key":"12_CR16","doi-asserted-by":"publisher","DOI":"10.2196\/mhealth.3672","volume":"3","author":"T Dehling","year":"2015","unstructured":"Dehling, T., Gao, F., Schneider, S., Sunyaev, A.: Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and android. JMIR Mhealth Uhealth 3(1), e8 (2015)","journal-title":"JMIR Mhealth Uhealth"},{"key":"12_CR17","unstructured":"Duc, N.V., Giang, P.T., Vi, P.M.: Permission analysis for android malware detection. In: The Proceedings of the 7th VAST-AIST Workshop \u201cResearch Collaboration: Review and perspective (2015)"},{"key":"12_CR18","unstructured":"F-Secure: F-secure -threat description - riskware:android\/smsreg (2017). https:\/\/www.f-secure.com\/sw-desc\/riskware_android_smsreg.shtml"},{"key":"12_CR19","unstructured":"Fmind: fmind\/euphony. https:\/\/github.com\/fmind\/euphony"},{"key":"12_CR20","unstructured":"Food, U., Administration, D.: Policy for device software functions and mobile medical applications (2019). https:\/\/www.fda.gov\/media\/80958\/download"},{"key":"12_CR21","unstructured":"Fortiguard: Fortiguard labs - threat encyclopedia - android\/smsreg.zi!tr. https:\/\/www.fortiguard.com\/encyclopedia\/mobile\/7294379\/android-smsreg-zi-tr (2017)"},{"key":"12_CR22","unstructured":"Fortinet: Fortiguard labs - threat encyclopedia - adware\/revmob (2021). https:\/\/www.fortiguard.com\/encyclopedia\/mobile\/7016460\/adware-revmob. Accessed 01 July 2024"},{"key":"12_CR23","unstructured":"Grewenig, M.: BMI calculator. https:\/\/play.google.com\/store\/apps\/details?id= de.grewe.android.bmi"},{"key":"12_CR24","unstructured":"Grewenig, M.: Calorie calculator BMR BMI ads. https:\/\/play.google.com\/store\/apps\/details?id=de.grewe.android.caloriecalculatorfree"},{"key":"12_CR25","unstructured":"He, R., et al.: Beyond the virus: a first look at coronavirus-themed mobile malware (2020)"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Hurier, M., et al.: Euphony: harmonious unification of cacophonous anti-virus vendor labels for android malware. In: MSR (2017)","DOI":"10.1109\/MSR.2017.57"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Ikram, M., Kaafar, M.A.: A first look at mobile ad-blocking apps. In: NCA, pp.\u00a01\u20138. IEEE (2017)","DOI":"10.1109\/NCA.2017.8171376"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Ikram, M., Masood, R., Tyson, G., Kaafar, M.A., Loizon, N., Ensafi, R.: The chain of implicit trust: an analysis of the web third-party resources loading. In: The World Wide Web Conference, pp. 2851\u20132857 (2019)","DOI":"10.1145\/3308558.3313521"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kaafar, M.A., Paxson, V.: An analysis of the privacy and security risks of android VPN permission-enabled apps. In: Proceedings of the 2016 Internet Measurement Conference, pp. 349\u2013364 (2016)","DOI":"10.1145\/2987443.2987471"},{"issue":"5","key":"12_CR30","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1016\/j.arth.2012.11.013","volume":"28","author":"JY Jenny","year":"2013","unstructured":"Jenny, J.Y.: Measurement of the knee flexion angle with a smartphone-application is precise and accurate. J. Arthroplasty 28(5), 784\u2013787 (2013)","journal-title":"J. Arthroplasty"},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"Johnson, R., Wang, Z., Gagnon, C., Stavrou, A.: Analysis of android applications\u2019 permissions. In: 2012 IEEE Sixth International Conference on Software Security and Reliability Companion, pp. 45\u201346. IEEE (2012)","DOI":"10.1109\/SERE-C.2012.44"},{"key":"12_CR32","unstructured":"Kay, M., Santos, J., Takane, M.: mhealth: new horizons for health through mobile technologies. World Health Org. 64(7), 66\u201371 (2011)"},{"key":"12_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-20550-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Kharraz","year":"2015","unstructured":"Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the Gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3\u201324. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_1"},{"key":"12_CR34","unstructured":"Leadbolt: Leadbolt - high performance mobile advertising (2021). https:\/\/www.leadboltapps.com\/. Accessed 01 July 2024"},{"key":"12_CR35","unstructured":"Lukashuk, I.: Google play store changes 2022: what to expect? (2022). https:\/\/appradar.com\/blog\/google-play-store-changes-2022. Accessed August 2022"},{"key":"12_CR36","unstructured":"Malicialab: malicialab\/AVClass (2020). https:\/\/github.com\/malicialab\/avclass"},{"key":"12_CR37","unstructured":"Malwarebyte: Malwarebyte forum - android\/pup.riskware.smsreg.wwpa (2019). https:\/\/forums.malwarebytes.com\/topic\/249727-androidpupriskwaresmsregwwpa\/"},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"Manning, C.D., Surdeanu, M., Bauer, J., Finkel, J.R., Bethard, S., McClosky, D.: The Stanford CoreNLP natural language processing toolkit. In: Proceedings of 52nd annual meeting of the association for computational linguistics: system demonstrations, pp. 55\u201360 (2014)","DOI":"10.3115\/v1\/P14-5010"},{"key":"12_CR39","unstructured":"Microsoft: Microsoft security intelligence - pua:androidos\/smsreg.i!mtb (2021). https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?Name=PUA:AndroidOS\/SMSReg.I!MTB&threatId=324027"},{"key":"12_CR40","unstructured":"mitmproxy. https:\/\/mitmproxy.org"},{"key":"12_CR41","unstructured":"MonkeyRunner: monkeyrunner: Android developers. https:\/\/developer.android.com\/studio\/test\/monkeyrunner"},{"key":"12_CR42","doi-asserted-by":"crossref","unstructured":"M\u00fcthing, J., Br\u00fcngel, R., Friedrich, C.M.: Server-focused security assessment of mobile health apps for popular mobile platforms. J. Med. Internet Res. 21(1), e9818 (2019)","DOI":"10.2196\/jmir.9818"},{"key":"12_CR43","doi-asserted-by":"crossref","unstructured":"Odeh, A., Keshta, I., Aboshgifa, A., Abdelfattah, E.: Privacy and security in mobile health technologies: challenges and concerns. In: CCWC (2022)","DOI":"10.1109\/CCWC54503.2022.9720863"},{"key":"12_CR44","doi-asserted-by":"crossref","unstructured":"Oltrogge, M., et al.: The rise of the citizen developer: assessing the security impact of online app generators. In: 2018 IEEE Symposium on Security and Privacy (SP) (2018)","DOI":"10.1109\/SP.2018.00005"},{"issue":"9","key":"12_CR45","doi-asserted-by":"publisher","first-page":"e530","DOI":"10.1111\/j.1463-1318.2012.03088.x","volume":"14","author":"S O\u2019Neill","year":"2012","unstructured":"O\u2019Neill, S., Brady, R.R.W.: Colorectal smartphone apps: opportunities and risks. Colorectal Dis. 14(9), e530-4 (2012)","journal-title":"Colorectal Dis."},{"key":"12_CR46","unstructured":"Orange, D.: Fit bites. https:\/\/play.google.com\/store\/apps\/details?id=com.fit.bites"},{"key":"12_CR47","unstructured":"OWASP: Testing anti-debugging detection (mstg-resilience-2) - android anti-reversing defenses. https:\/\/mobile-security.gitbook.io\/mobile-security-testing-guide\/android-testing-guide\/0x05j-testing-resiliency-against-reverse-engineering (2020), oWASP Mobile Security Guide. Accessed 18 Jan 2023"},{"key":"12_CR48","doi-asserted-by":"crossref","unstructured":"Papageorgiou, A., Strigkos, M., Politou, E., Alepis, E., Solanas, A., Patsakis, C.: Security and privacy analysis of mobile health applications: the alarming state of practice. IEEE Access 6, 2169\u20133536 (2018)","DOI":"10.1109\/ACCESS.2018.2799522"},{"key":"12_CR49","doi-asserted-by":"crossref","unstructured":"Pinder, C., Vermeulen, J., Cowan, B.R., Beale, R.: Digital behaviour change interventions to break and form habits. TOCHI 25(3), 1\u201366 (2018)","DOI":"10.1145\/3196830"},{"issue":"Suppl 1","key":"12_CR50","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1111\/jhn.12071","volume":"27","author":"TE Schap","year":"2014","unstructured":"Schap, T.E., Zhu, F., Delp, E.J., Boushey, C.J.: Merging dietary assessment with the adolescent lifestyle. J. Hum. Nutr. Diet. 27(Suppl 1), 82\u201388 (2014)","journal-title":"J. Hum. Nutr. Diet."},{"key":"12_CR51","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: AVCLASS: a tool for massive malware labeling. In: RAID (2016)","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"12_CR52","unstructured":"Security, R.: Detecting pirated and malicious android apps with APKID (2016). https:\/\/rednaga.io\/2016\/07\/31\/detecting_pirated_and_malicious_android_apps _with_apkid\/"},{"key":"12_CR53","doi-asserted-by":"crossref","unstructured":"Sentana., I.W.B., Ikram., M., Kaafar., M., Berkovsky., S.: Empirical security and privacy analysis of mobile symptom checking apps on google play. In: Proceedings of the 18th International Conference on Security and Cryptography - SECRYPT (2021)","DOI":"10.5220\/0010520100002998"},{"key":"12_CR54","unstructured":"Sha, A.: APK vs AAB (android app bundles): everything you need to know!. https:\/\/beebom.com\/apk-vs-aab\/. Accessed 18 June 2024"},{"key":"12_CR55","doi-asserted-by":"crossref","unstructured":"Smahel, D., Elavsky, S., Machackova, H.: Functions of mhealth applications: a user\u2019s perspective. HIJ 25(3), 1065\u20131075 (2019)","DOI":"10.1177\/1460458217740725"},{"key":"12_CR56","unstructured":"Soylentnews.org: Samsung devices allegedly use qihoo 360 spyware to phone home to china (2020). https:\/\/www.newsbreak.com\/news\/1486552211048\/samsung-devices-allegedly-use-qihoo-360-spyware-to-phone-home-to-china"},{"key":"12_CR57","unstructured":"Statista: Google play store: number of apps 2023. https:\/\/www.statista.com\/statistics\/266210\/number-of-available-applications-in-the-google-play-store\/"},{"key":"12_CR58","doi-asserted-by":"publisher","DOI":"10.1136\/bmj.n1248","volume":"373","author":"G Tangari","year":"2021","unstructured":"Tangari, G., Ikram, M., Ijaz, K., Kaafar, M.A., Berkovsky, S.: Mobile health and privacy: cross sectional study. BMJ 373, n1248 (2021)","journal-title":"BMJ"},{"issue":"10","key":"12_CR59","doi-asserted-by":"publisher","first-page":"2074","DOI":"10.1093\/jamia\/ocab131","volume":"28","author":"G Tangari","year":"2021","unstructured":"Tangari, G., Ikram, M., Sentana, I.W.B., Ijaz, K., Kaafar, M.A., Berkovsky, S.: Analyzing security issues of android mobile health and medical applications. J. Am. Med. Inf. Assoc. 28(10), 2074\u20132084 (2021)","journal-title":"J. Am. Med. Inf. Assoc."},{"key":"12_CR60","unstructured":"Technologies, S.: Bodymonitor. https:\/\/play.google.com\/store\/apps\/details?id= com.senssun.bodymonitor"},{"key":"12_CR61","unstructured":"Townsend, K.: Threat from pre-installed malware on android phones is growing (2020). https:\/\/www.securityweek.com\/threat-pre-installed-malware-android-phones-growing. Accessed 01 July 2024"},{"key":"12_CR62","unstructured":"VirusTotal: https:\/\/www.virustotal.com\/gui\/home\/upload"},{"key":"12_CR63","unstructured":"Wang, J., et al.: Understanding malicious cross-library data harvesting on android. In: USENIX Security Symposium (2021)"},{"key":"12_CR64","unstructured":"Web, D.: Adware.leadbolt.24 technical information (2021). https:\/\/vms.drweb.com\/virus\/?i=24980493&lng=en. Accessed 01 July 2024"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-3531-3_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:11:10Z","timestamp":1741867870000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-3531-3_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819635306","9789819635313"],"references-count":64,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-3531-3_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Abu Dhabi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss-socialsec2024\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}