{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,14]],"date-time":"2025-04-14T18:05:22Z","timestamp":1744653922159,"version":"3.37.3"},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2022,8,6]],"date-time":"2022-08-06T00:00:00Z","timestamp":1659744000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,8,6]],"date-time":"2022-08-06T00:00:00Z","timestamp":1659744000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,10]]},"DOI":"10.1007\/s10207-022-00603-9","type":"journal-article","created":{"date-parts":[[2022,8,6]],"date-time":"2022-08-06T13:02:52Z","timestamp":1659790972000},"page":"1127-1149","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Value-utilized taint propagation: toward precise detection of apps\u2019 information flows across Android API calls"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3355-8804","authenticated-orcid":false,"given":"Hiroki","family":"Inayoshi","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3137-4956","authenticated-orcid":false,"given":"Shohei","family":"Kakei","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8633-4383","authenticated-orcid":false,"given":"Eiji","family":"Takimoto","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7535-5840","authenticated-orcid":false,"given":"Koichi","family":"Mouri","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3103-9656","authenticated-orcid":false,"given":"Shoichi","family":"Saito","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,8,6]]},"reference":[{"key":"603_CR1","doi-asserted-by":"publisher","unstructured":"Arzt, S., Bodden, E.: StubDroid: automatic inference of precise data-flow summaries for the android framework. In: Proceedings of the 38th International Conference on Software Engineering (2016). https:\/\/doi.org\/10.1145\/2884781.2884816","DOI":"10.1145\/2884781.2884816"},{"key":"603_CR2","doi-asserted-by":"publisher","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le\u00a0Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (2014). https:\/\/doi.org\/10.1145\/2594291.2594299","DOI":"10.1145\/2594291.2594299"},{"key":"603_CR3","doi-asserted-by":"publisher","unstructured":"Backes, M., Bugiel, S., Schranz, O., Styp-Rekowsky, P.V., Weisgerber, S.: ARTist: the android runtime instrumentation and security toolkit. In: IEEE European Symposium on Security and Privacy (2017). https:\/\/doi.org\/10.1109\/EuroSP.2017.43","DOI":"10.1109\/EuroSP.2017.43"},{"key":"603_CR4","doi-asserted-by":"publisher","unstructured":"Barbon, G., Cortesi, A., Ferrara, P., Pistoia, M., Tripp, O.: Privacy analysis of android apps: implicit flows and quantitative analysis. In: Computer Information Systems and Industrial Management (2015). https:\/\/doi.org\/10.1007\/978-3-319-24369-6_1","DOI":"10.1007\/978-3-319-24369-6_1"},{"key":"603_CR5","unstructured":"Cavallaro, L., Saxena, P., Sekar, R.: Anti-taint-analysis: practical evasion techniques against information flow based malware defense. Stony Brook University, Tech. rep. (2007)"},{"key":"603_CR6","doi-asserted-by":"publisher","unstructured":"Chandra, S., Lin, Z., Kundu, A., Khan, L.: Towards a systematic study of the covert channel attacks in smartphones. In: International Conference on Security and Privacy in Communication Networks (2015). https:\/\/doi.org\/10.1007\/978-3-319-23829-6_29","DOI":"10.1007\/978-3-319-23829-6_29"},{"key":"603_CR7","doi-asserted-by":"publisher","unstructured":"Continella, A., Fratantonio, Y., Lindorfer, M., Puccetti, A., Zand, A., Kruegel, C., Vigna, G.: Obfuscation-resilient privacy leak detection for mobile apps through differential analysis. In: Proceedings of Network and Distributed System Security Symposium (2017). https:\/\/doi.org\/10.14722\/ndss.2017.23465","DOI":"10.14722\/ndss.2017.23465"},{"key":"603_CR8","doi-asserted-by":"publisher","unstructured":"Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20 (1977). https:\/\/doi.org\/10.1145\/359636.359712","DOI":"10.1145\/359636.359712"},{"key":"603_CR9","doi-asserted-by":"publisher","unstructured":"Enck, W., Gilbert, P., Chun, B., Cox, L.P., Jung, J., McDaniel, P.D., Sheth, A.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: USENIX Symposium on Operating Systems Design and Implementation (2010). https:\/\/doi.org\/10.1145\/2619091","DOI":"10.1145\/2619091"},{"key":"603_CR10","doi-asserted-by":"publisher","unstructured":"Fratantonio, Y., Machiry, A., Bianchi, A., Kruegel, C., Vigna, G.: CLAPP: characterizing loops in android applications. In: Proceedings of the Joint Meeting on Foundations of Software Engineering (2015). https:\/\/doi.org\/10.1145\/2786805.2786873","DOI":"10.1145\/2786805.2786873"},{"key":"603_CR11","doi-asserted-by":"publisher","unstructured":"Fratantonio, Y., Bianchi, A., Robertson, W., Kirda, E., Kruegel, C., Vigna, G.: TriggerScope: towards detecting logic bombs in android applications. In: IEEE Symposium on Security and Privacy (2016). https:\/\/doi.org\/10.1109\/SP.2016.30","DOI":"10.1109\/SP.2016.30"},{"key":"603_CR12","doi-asserted-by":"publisher","unstructured":"Gasior, W., Yang, L.: Exploring covert channel in android platform. In: International Conference on Cyber Security (2012). https:\/\/doi.org\/10.1109\/CyberSecurity.2012.29","DOI":"10.1109\/CyberSecurity.2012.29"},{"key":"603_CR13","doi-asserted-by":"publisher","unstructured":"Georgiadis, L., Werneck, R.F., Tarjan, R.E., Triantafyllis, S., August, D.I.: Finding dominators in practice. In: European Symposium on Algorithms (2004). https:\/\/doi.org\/10.1007\/978-3-540-30140-0_60","DOI":"10.1007\/978-3-540-30140-0_60"},{"key":"603_CR14","doi-asserted-by":"publisher","unstructured":"Graa, M., Boulahia, N.C., Cuppens, F., Cavalliy, A.: Protection against code obfuscation attacks based on control dependencies in android systems. In: IEEE Eighth International Conference on Software Security and Reliability-Companion (2014). https:\/\/doi.org\/10.1109\/SERE-C.2014.33","DOI":"10.1109\/SERE-C.2014.33"},{"key":"603_CR15","doi-asserted-by":"publisher","unstructured":"Graa, M., Cuppens-Boulahia, N., Cuppens, F., Lanet, J.L., Moussaileb, R.: Detection of side channel attacks based on data tainting in android systems. In: ICT Systems Security and Privacy Protection (2017). https:\/\/doi.org\/10.1007\/978-3-319-58469-0_14","DOI":"10.1007\/978-3-319-58469-0_14"},{"key":"603_CR16","doi-asserted-by":"publisher","unstructured":"Han, J., Huang, C., Shi, F., Liu, J.: Covert timing channel detection method based on time interval and payload length analysis. Comput. Secur. 97 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101952","DOI":"10.1016\/j.cose.2020.101952"},{"key":"603_CR17","doi-asserted-by":"publisher","unstructured":"Inayoshi, H., Kakei, S., Takimoto, E., Mouri, K., Saito, S.: VTDroid: value-based tracking for overcoming anti-taint-analysis techniques in android apps. In: International Conference on Availability, Reliability and Security (2021). https:\/\/doi.org\/10.1145\/3465481.3465759","DOI":"10.1145\/3465481.3465759"},{"key":"603_CR18","unstructured":"Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: dynamic taint analysis with targeted control-flow propagation. In: Proceedings of Network and Distributed System Security Symposium (2011)"},{"key":"603_CR19","doi-asserted-by":"publisher","unstructured":"Lalande, J.F., Wendzel, S.: Hiding privacy leaks in android applications using low-attention raising covert channels. In: International Conference on Availability, Reliability and Security (2013). https:\/\/doi.org\/10.1109\/ARES.2013.92","DOI":"10.1109\/ARES.2013.92"},{"key":"603_CR20","doi-asserted-by":"publisher","DOI":"10.1145\/45072.45074","author":"DA Lelewer","year":"1987","unstructured":"Lelewer, D.A., Hirschberg, D.S.: Data compression. ACM Comput. Surv. (1987). https:\/\/doi.org\/10.1145\/45072.45074","journal-title":"ACM Comput. Surv."},{"key":"603_CR21","doi-asserted-by":"publisher","unstructured":"Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: Proceedings of Network and Distributed System Security Symposium (2014). https:\/\/doi.org\/10.14722\/ndss.2014.23039","DOI":"10.14722\/ndss.2014.23039"},{"key":"603_CR22","doi-asserted-by":"publisher","unstructured":"Rasthofer, S., Arzt, S., Triller, S., Pradel, M.: Making Malory behave maliciously: targeted fuzzing of android execution environments. In: IEEE\/ACM 39th International Conference on Software Engineering (2017). https:\/\/doi.org\/10.1109\/ICSE.2017.35","DOI":"10.1109\/ICSE.2017.35"},{"key":"603_CR23","doi-asserted-by":"publisher","unstructured":"Rumee, S.T.A., (Deceased) D.L., Lei, Y.: MirrorDroid: a framework to detect sensitive information leakage in android by duplicate program execution. In: Annual Conference on Information Sciences and Systems (2017). https:\/\/doi.org\/10.1109\/CISS.2017.7926086","DOI":"10.1109\/CISS.2017.7926086"},{"key":"603_CR24","doi-asserted-by":"publisher","unstructured":"Sarwar, G., Mehani, O., Boreli, R., Kaafar, M.A.: On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In: Proceedings of the 10th International Conference on Security and Cryptography (2013). https:\/\/doi.org\/10.5220\/0004535104610468","DOI":"10.5220\/0004535104610468"},{"key":"603_CR25","doi-asserted-by":"publisher","unstructured":"Schreckling, D., K\u00f6stler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for android. Inf. Secur. Tech. Rep. 17(3) (2013). https:\/\/doi.org\/10.1016\/j.istr.2012.10.006","DOI":"10.1016\/j.istr.2012.10.006"},{"key":"603_CR26","doi-asserted-by":"publisher","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: IEEE Symposium on Security and Privacy (2010). https:\/\/doi.org\/10.1109\/SP.2010.26","DOI":"10.1109\/SP.2010.26"},{"key":"603_CR27","doi-asserted-by":"publisher","unstructured":"Sch\u00fctte, J., Fedler, R., Titze, D.: ConDroid: targeted dynamic analysis of android applications. In: IEEE 29th International Conference on Advanced Information Networking and Applications (2015). https:\/\/doi.org\/10.1109\/AINA.2015.238","DOI":"10.1109\/AINA.2015.238"},{"key":"603_CR28","doi-asserted-by":"publisher","unstructured":"Sch\u00fctte, J., K\u00fcechler, A., TItze, D.: Practical application-level dynamic taint analysis of android apps. In: IEEE Trustcom\/BigDataSE\/ICESS (2017). https:\/\/doi.org\/10.1109\/Trustcom\/BigDataSE\/ICESS.2017.215","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.215"},{"key":"603_CR29","doi-asserted-by":"publisher","unstructured":"Slavin, R., Wang, X., Hosseini, M.B., Hester, J., Krishnan, R., Bhatia, J., Breaux, T.D., Niu, J.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the International Conference on Software Engineering (2016). https:\/\/doi.org\/10.1145\/2884781.2884855","DOI":"10.1145\/2884781.2884855"},{"key":"603_CR30","doi-asserted-by":"publisher","unstructured":"Staicu, C.A., Schoepe, D., Balliu, M., Pradel, M., Sabelfeld, A.: An empirical study of information flows in real-world javascript. In: Proceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security (2019). https:\/\/doi.org\/10.1145\/3338504.3357339","DOI":"10.1145\/3338504.3357339"},{"key":"603_CR31","doi-asserted-by":"publisher","unstructured":"Stephens, J., Yadegari, B., Collberg, C., Debray, S., Scheidegger, C.: Probabilistic obfuscation through covert channels. In: IEEE European Symposium on Security and Privacy (2018). https:\/\/doi.org\/10.1109\/EuroSP.2018.00025","DOI":"10.1109\/EuroSP.2018.00025"},{"key":"603_CR32","doi-asserted-by":"publisher","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing bots\u2019 remote control behavior. In: Detection of Intrusions and Malware, and Vulnerability Assessment (2007). https:\/\/doi.org\/10.1007\/978-3-540-73614-1_6","DOI":"10.1007\/978-3-540-73614-1_6"},{"key":"603_CR33","doi-asserted-by":"publisher","unstructured":"Sun, M., Wei, T., Lui, J.C.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: ACM SIGSAC Conference on Computer and Communications Security (2016). https:\/\/doi.org\/10.1145\/2976749.2978343","DOI":"10.1145\/2976749.2978343"},{"key":"603_CR34","doi-asserted-by":"publisher","unstructured":"Venkatakrishnan, V.N., Xu, W., DuVarney, D.C., Sekar, R.: Provably correct runtime enforcement of non-interference properties. In: Information and Communications Security (2006). https:\/\/doi.org\/10.1007\/11935308_24","DOI":"10.1007\/11935308_24"},{"key":"603_CR35","doi-asserted-by":"publisher","unstructured":"Wang, J.C., Lee, H.M., Chen, C.W., Jeng, A.B.: Estimating intent-based covert channel bandwidth by time series decomposition analysis in android platform. In: IEEE Conference on Application, Information and Network Security (2017). https:\/\/doi.org\/10.1109\/AINS.2017.8270420","DOI":"10.1109\/AINS.2017.8270420"},{"key":"603_CR36","doi-asserted-by":"publisher","unstructured":"Wei, T., Mao, J., Zou, W., Chen, Y.: A new algorithm for identifying loops in decompilation. In: International Static Analysis Symposium (2007). https:\/\/doi.org\/10.1007\/978-3-540-74061-2_11","DOI":"10.1007\/978-3-540-74061-2_11"},{"key":"603_CR37","unstructured":"Xue, L., Zhou, Y., Chen, T., Luo, X., Gu, G.: Malton: towards on-device non-invasive mobile malware analysis for ART. In: USENIX Security Symposium, pp. 289\u2013306 (2017)"},{"key":"603_CR38","unstructured":"Yan, L.K., Yin, H.: DroidScope: seamlessly reconstructing the OS and Dalvik semantic views for dynamic android malware analysis. In: USENIX Security Symposium, pp. 569\u2013584 (2012)"},{"key":"603_CR39","doi-asserted-by":"publisher","unstructured":"You, W., Liang, B., Li, J., Shi, W., Zhang, X.: Android implicit information flow demystified. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (2015). https:\/\/doi.org\/10.1145\/2714576.2714604","DOI":"10.1145\/2714576.2714604"},{"key":"603_CR40","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2740169","author":"W You","year":"2020","unstructured":"You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TaintMan: an art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Trans. Dependable and Secur. Comput. (2020). https:\/\/doi.org\/10.1109\/TDSC.2017.2740169","journal-title":"IEEE Trans. Dependable and Secur. Comput."},{"key":"603_CR41","doi-asserted-by":"publisher","unstructured":"Zhao, Q., Zuo, C., Dolan-Gavitt, B., Pellegrino, G., Lin, Z.: Automatic uncovering of hidden behaviors from input validation in mobile apps. In: IEEE Symposium on Security and Privacy (2020). https:\/\/doi.org\/10.1109\/SP40000.2020.00072","DOI":"10.1109\/SP40000.2020.00072"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00603-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-022-00603-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-022-00603-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,23]],"date-time":"2022-09-23T15:51:29Z","timestamp":1663948289000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-022-00603-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,6]]},"references-count":41,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,10]]}},"alternative-id":["603"],"URL":"https:\/\/doi.org\/10.1007\/s10207-022-00603-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2022,8,6]]},"assertion":[{"value":"6 August 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no relevant financial or non-financial interests to disclose.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}