{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T19:01:29Z","timestamp":1771268489280,"version":"3.50.1"},"reference-count":43,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:00:00Z","timestamp":1771200000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:00:00Z","timestamp":1771200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cluster Comput"],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1007\/s10586-025-05898-6","type":"journal-article","created":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T18:03:14Z","timestamp":1771264994000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Deconstructing android messaging clones: A hybrid reverse engineering and risk assessment framework"],"prefix":"10.1007","volume":"29","author":[{"given":"Ibrahim","family":"Al-Oqily","sequence":"first","affiliation":[]},{"given":"Basil","family":"Khalaf","sequence":"additional","affiliation":[]},{"given":"Mohammad","family":"Al-Fayez","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,16]]},"reference":[{"issue":"5","key":"5898_CR1","doi-asserted-by":"publisher","first-page":"309","DOI":"10.26855\/acc.2023.10.009","volume":"4","author":"B Liu","year":"2023","unstructured":"Liu, B.: Android reverse engineering and defense analysis. Adv. Comput. Commun. 4(5), 309\u2013317 (2023). https:\/\/doi.org\/10.26855\/acc.2023.10.009","journal-title":"Adv. Comput. Commun."},{"issue":"2","key":"5898_CR2","doi-asserted-by":"publisher","first-page":"998","DOI":"10.1109\/COMST.2014.2386915","volume":"17","author":"P Faruki","year":"2015","unstructured":"Faruki, P., Bharmal, A., Laxmi, V., Gaur, M., Conti, M.: Android security: A survey of issues, malware penetration, and defenses. IEEE Commun. Surv. Tutor. 17(2), 998\u20131022 (2015). https:\/\/doi.org\/10.1109\/COMST.2014.2386915","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"5898_CR3","unstructured":"Rahman, M.A., Moonsamy, Y.: Rethinking android permissions: Toward full disclosure and informed consent. arXiv preprint arXiv:2202.06995 (2022)"},{"issue":"2","key":"5898_CR4","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1016\/j.cpe.2021.03.005","volume":"7","author":"M Mohsen","year":"2021","unstructured":"Mohsen, M., et al.: Evaluating app intrusiveness using permission-based privacy scores. Computing in the Private Era 7(2), 45\u201362 (2021). https:\/\/doi.org\/10.1016\/j.cpe.2021.03.005","journal-title":"Computing in the Private Era"},{"key":"5898_CR5","doi-asserted-by":"crossref","unstructured":"Feng, Y., Liu, Q.: A malware-detection method using deep learning to fully extract API sequence features. Int. J. Inf. Secur 14, 167 (2024)","DOI":"10.3390\/electronics14010167"},{"key":"5898_CR6","doi-asserted-by":"publisher","unstructured":"Gamba, J., \u00c4lvaro Feal, et al.: Mules and permission laundering in android. In: Proceedings of the IEEE Mobile Security Conference (MobiSec), pp. 33\u201347 (2023). https:\/\/doi.org\/10.1109\/MOBSEC.2023.00015","DOI":"10.1109\/MOBSEC.2023.00015"},{"key":"5898_CR7","doi-asserted-by":"publisher","unstructured":"Khalaf, B., Al-Sarhan, A., Al-Naamneh, Q., Aljaidi, M., Almaiah, M.: The impact of reverse engineering on mobile applications security: comprehensive review. In: Advances in Mobile and Wireless Security, IGI Global, 2025. pp. 183\u2013204 (2026). https:\/\/doi.org\/10.4018\/979-8-3373-1717-5.ch008","DOI":"10.4018\/979-8-3373-1717-5.ch008"},{"issue":"8","key":"5898_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3491247","volume":"55","author":"G Meng","year":"2022","unstructured":"Meng, G., Zhang, Y., Liu, Y.: Obfuscation and repackaging in android apps: State of the art and future directions. ACM Comput. Surv. 55(8), 1\u201336 (2022). https:\/\/doi.org\/10.1145\/3491247","journal-title":"ACM Comput. Surv."},{"issue":"1","key":"5898_CR9","doi-asserted-by":"publisher","first-page":"112","DOI":"10.12785\/ijcds\/100132","volume":"10","author":"AA Ali","year":"2020","unstructured":"Ali, A.A., Abdul-Qawy, A.: Static analysis of malware in android-based platforms: A progress study. Int. J. Comput. Digit. Syst. 10(1), 112\u2013125 (2020). https:\/\/doi.org\/10.12785\/ijcds\/100132","journal-title":"Int. J. Comput. Digit. Syst."},{"key":"5898_CR10","doi-asserted-by":"publisher","unstructured":"Anglano, C., et al.: Enabling forensic analysis of encrypted mobile apps. In: Proceedings of the ACM Workshop on Digital Forensics, pp. 89\u2013104 (2023). https:\/\/doi.org\/10.1145\/3600160.3605029","DOI":"10.1145\/3600160.3605029"},{"key":"5898_CR11","first-page":"2640","volume":"2024","author":"D Paramasivam","year":"2024","unstructured":"Paramasivam, D., Ismail, N.L., Al-Nahari, A.: Static security analysis of government and non-government android mobile applications in malaysia: A comparative study using MobSF and OWASP mobile top 10. Math. Probl. Eng. 2024, 2640\u20132662 (2024). (Open access)","journal-title":"Math. Probl. Eng."},{"key":"5898_CR12","doi-asserted-by":"publisher","unstructured":"Amro, B.M., Abu Znaid, Z.A.: User centric android application permission manager. AL\u2011Rafidain J. Comput. Sci. Math 15(2), 213\u2013223 (2021). https:\/\/doi.org\/10.33899\/csmj.2021.170043","DOI":"10.33899\/csmj.2021.170043"},{"key":"5898_CR13","doi-asserted-by":"publisher","unstructured":"Lowu, F.X.: Security and privacy of app permissions on mobile eservices. In: Proceedings of the Kabarak International Conference on Computing and Data Security, pp. 78\u201392 (2023). https:\/\/doi.org\/10.1109\/KICCDS.2023.10175102","DOI":"10.1109\/KICCDS.2023.10175102"},{"key":"5898_CR14","doi-asserted-by":"publisher","unstructured":"Alzaylaee, M.K., Yerima, S.Y., Sezer, S.: Dynalog: An automated dynamic analysis framework for characterizing android applications. In: 2017 IEEE Trustcom\/BigDataSE\/ICESS, pp. 190\u2013197. IEEE (2017). https:\/\/doi.org\/10.1109\/Trustcom\/BigDataSE\/ICESS.2017.307","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.307"},{"key":"5898_CR15","unstructured":"Tumbleson, C.: APKTool - A tool for reverse engineering Android APK files. https:\/\/ibotpeaches.github.io\/Apktool\/ (2023)"},{"key":"5898_CR16","unstructured":"Skylot: JADX - Dex to Java decompiler. https:\/\/github.com\/skylot\/jadx (2023)"},{"key":"5898_CR17","unstructured":"Abraham, A.: Mobile Security Framework (MobSF). https:\/\/github.com\/MobSF\/Mobile-Security-Framework-MobSF. Version 3.1.5, accessed: 2023-11-15 (2019)"},{"key":"5898_CR18","unstructured":"Ravn\u00e5s, O.A.V.: Frida: Dynamic instrumentation toolkit. https:\/\/frida.re. Version 12.0, accessed: 2023-11-15 (2016)"},{"key":"5898_CR19","unstructured":"Desnos, A., Gueguen, G.: Androguard: Reverse engineering and analysis of android applications. In: Black Hat Abu Dhabi https:\/\/github.com\/androguard\/androguard (2011)"},{"key":"5898_CR20","unstructured":"Community, P.P.: Poetry - Python dependency management and packaging made easy. https:\/\/python-poetry.org\/ (2024)"},{"key":"5898_CR21","unstructured":"Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 20th USENIX Security Symposium, pp. 639\u2013654 (2011). https:\/\/www.usenix.org\/legacy\/event\/sec11\/tech\/full_papers\/Chin.pdf"},{"key":"5898_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2022\/4908134","volume":"2022","author":"B Albakri","year":"2022","unstructured":"Albakri, B., Salleh, M.N.M.: Survey on reverse-engineering tools for android mobile devices. Math. Probl. Eng. 2022, 1\u201322 (2022). https:\/\/doi.org\/10.1155\/2022\/4908134","journal-title":"Math. Probl. Eng."},{"key":"5898_CR23","unstructured":"Khan, S., Zhang, X.: Evaluating android permissions through static analysis. Technical Report, University of Cybersecurity (2022)"},{"key":"5898_CR24","doi-asserted-by":"publisher","unstructured":"Dominguez, C., et al.: LibKit: Detecting data leakage in SDKs. In: Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE), pp. 1567\u20131579 (2023). https:\/\/doi.org\/10.1145\/3611643.3616278","DOI":"10.1145\/3611643.3616278"},{"key":"5898_CR25","doi-asserted-by":"crossref","unstructured":"Saliha, Y., Mastaneh, D.: Hidden permissions on android: a permission-based android mobile privacy risk model. In: European Conference on Cyber Warfare and Security, pp. 717\u2013724 (2023)","DOI":"10.34190\/eccws.22.1.1453"},{"key":"5898_CR26","doi-asserted-by":"publisher","unstructured":"Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the Android ecosystem. In: Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec \u201912), pp. 165\u2013176. ACM (2012). https:\/\/doi.org\/10.1145\/2185448.2185467","DOI":"10.1145\/2185448.2185467"},{"key":"5898_CR27","doi-asserted-by":"crossref","unstructured":"Fratantonio, Y., Bianchi, A., Robertson, W., Kirda, E.: TriggerScope: Towards detecting logic bombs in android applications. In: Proceedings of the 26th USENIX Security Symposium, pp. 377\u2013394 (2017). https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/fratantonio","DOI":"10.1109\/SP.2016.30"},{"key":"5898_CR28","doi-asserted-by":"publisher","unstructured":"Mohsen, F., Abdelhaq, H., Bisgin, H.: Security-centric ranking algorithm and two privacy scores to mitigate intrusive apps. Concurr. Comput. Pract. Exp. 34(14), e6571 (2022). https:\/\/doi.org\/10.1002\/cpe.6571","DOI":"10.1002\/cpe.6571"},{"key":"5898_CR29","doi-asserted-by":"crossref","unstructured":"Aafer, Y., Du, W., Yin, H.: DroidAPIMiner: Mining API-level features for robust malware detection in android. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 523\u2013534 (2013). https:\/\/www.cs.ucr.edu\/~heng\/pubs\/droidapiminer-securecomm13.pdf","DOI":"10.1007\/978-3-319-04283-1_6"},{"issue":"1","key":"5898_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3191315","volume":"21","author":"W Wang","year":"2018","unstructured":"Wang, W., Zhou, Y., Li, Y.: AppContext: Differentiating malicious and benign mobile app behavior under contexts. ACM Trans. Priv. Secur. 21(1), 1\u201328 (2018). https:\/\/doi.org\/10.1145\/3191315","journal-title":"ACM Trans. Priv. Secur."},{"key":"5898_CR31","doi-asserted-by":"publisher","unstructured":"Sedhom, R., Sklar, M., Terry, P., Cole, C., Menson, K., Rogers, J., Morrato, E., Venkatesh, A.K.: Mobile app validation : a digital health scorecard approach. npj Digital Medicine 4(1), 1\u20138 (2021). https:\/\/doi.org\/10.1038\/s41746-021-00476-7","DOI":"10.1038\/s41746-021-00476-7"},{"key":"5898_CR32","doi-asserted-by":"crossref","unstructured":"Rahman, M.S.: Permpress: Machine Learning-based pipeline to evaluate permissions. IEEE Access 10, 89249\u201389264 (2022)","DOI":"10.1109\/ACCESS.2022.3199882"},{"issue":"6","key":"5898_CR33","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1109\/SP.2015.38","volume":"13","author":"A Avdiienko","year":"2015","unstructured":"Avdiienko, A., et al.: Mining apps for abnormal permission request patterns. IEEE Secur. Priv. 13(6), 24\u201332 (2015). https:\/\/doi.org\/10.1109\/SP.2015.38","journal-title":"IEEE Secur. Priv."},{"key":"5898_CR34","doi-asserted-by":"publisher","unstructured":"Wang, Z., et al.: Why are android apps removed from google play? In: Proceedings of the 2016 ACM Internet Measurement Conference (IMC), pp. 511\u2013524 (2016). https:\/\/doi.org\/10.1145\/2987443.2987466","DOI":"10.1145\/2987443.2987466"},{"key":"5898_CR35","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101660","volume":"92","author":"A Narayanan","year":"2020","unstructured":"Narayanan, A., et al.: Obfuscation in android malware: A comprehensive survey. Comput. Secur. 92, 101660 (2020). https:\/\/doi.org\/10.1016\/j.cose.2019.101660","journal-title":"Comput. Secur."},{"key":"5898_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101880","volume":"92","author":"Y Feng","year":"2020","unstructured":"Feng, Y., Zhu, J., Wang, X.: DeGuard: A static analysis tool for detecting obfuscated android malware. Comput. Secur. 92, 101880 (2020). https:\/\/doi.org\/10.1016\/j.cose.2020.101880","journal-title":"Comput. Secur."},{"issue":"5","key":"5898_CR37","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/SP.2019.00043","volume":"17","author":"A Alrawi","year":"2019","unstructured":"Alrawi, A., et al.: SoK: Security evaluation of home-based IoT deployments. IEEE Secur. Priv. 17(5), 44\u201359 (2019). https:\/\/doi.org\/10.1109\/SP.2019.00043","journal-title":"IEEE Secur. Priv."},{"key":"5898_CR38","doi-asserted-by":"publisher","unstructured":"Ma, Y., et al.: Detecting android app collusion using logic programming. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2016). https:\/\/doi.org\/10.14722\/ndss.2016.23105","DOI":"10.14722\/ndss.2016.23105"},{"key":"5898_CR39","unstructured":"Book, J., et al.: Longitudinal analysis of android app permissions. In: Proceedings of the 22nd USENIX Security Symposium, pp. 241\u2013256 (2013). https:\/\/arxiv.org\/pdf\/1303.0857"},{"key":"5898_CR40","doi-asserted-by":"publisher","unstructured":"Bhandari, S., et al.: Apposcopy: Semantic-based detection of android malware. In: Proceedings of the 26th ACM Conference on Computer and Communications Security, pp. 311\u2013325 (2019). https:\/\/doi.org\/10.1145\/3319535.3363221","DOI":"10.1145\/3319535.3363221"},{"key":"5898_CR41","doi-asserted-by":"publisher","unstructured":"Rasthofer, S., et al.: FlowDroid: Precise context, flow, field, object-sensitive analysis. In: Proceedings of the 35th ACM Conference on Programming Language Design and Implementation (PLDI), pp. 259\u2013269 (2014). https:\/\/doi.org\/10.1145\/2594291.2594299","DOI":"10.1145\/2594291.2594299"},{"key":"5898_CR42","unstructured":"Enck, W., et al.: TaintDroid: An information-flow tracking system. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, pp. 1\u201316 (2010). https:\/\/www.usenix.org\/legacy\/event\/osdi10\/tech\/full_papers\/Enck.pdf"},{"key":"5898_CR43","unstructured":"Ren, H., et al.: ReCon: Revealing and controlling pii leaks in mobile network traffic. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2018). https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2018\/02\/ndss2016_05A-1_Ren_paper.pdf"}],"container-title":["Cluster Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05898-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10586-025-05898-6","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10586-025-05898-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T18:03:17Z","timestamp":1771264997000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10586-025-05898-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,16]]},"references-count":43,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,6]]}},"alternative-id":["5898"],"URL":"https:\/\/doi.org\/10.1007\/s10586-025-05898-6","relation":{},"ISSN":["1386-7857","1573-7543"],"issn-type":[{"value":"1386-7857","type":"print"},{"value":"1573-7543","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,16]]},"assertion":[{"value":"15 July 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 December 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 December 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 February 2026","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"162"}}