{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T00:46:44Z","timestamp":1771030004556,"version":"3.50.1"},"reference-count":63,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2020,9,15]],"date-time":"2020-09-15T00:00:00Z","timestamp":1600128000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,9,15]],"date-time":"2020-09-15T00:00:00Z","timestamp":1600128000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2020,11]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The Android platform facilitates reuse of app functionalities by allowing an app to request an action from another app through inter-process communication mechanism. This feature is one of the reasons for the popularity of Android, but it also poses security risks to the end users because malicious, unprivileged apps could exploit this feature to make privileged apps perform privileged actions on behalf of them. In this paper, we investigate the hybrid use of program analysis, genetic algorithm based test generation, natural language processing, machine learning techniques for <jats:italic>precise<\/jats:italic> detection of permission re-delegation vulnerabilities in Android apps. Our approach first groups a large set of benign and non-vulnerable apps into different clusters, based on their similarities in terms of functional descriptions. It then generates permission re-delegation model for each cluster, which characterizes common permission re-delegation behaviors of the apps in the cluster. Given an app under test, our approach checks whether it has permission re-delegation behaviors that deviate from the model of the cluster it belongs to. If that is the case, it generates test cases to detect the vulnerabilities. We evaluated the vulnerability detection capability of our approach based on 1,258 official apps and 20 mutated apps. Our approach achieved 81.8% recall and 100% precision. We also compared our approach with two static analysis-based approaches \u2014 <jats:italic>Covert<\/jats:italic> and <jats:italic>IccTA<\/jats:italic> \u2014 based on 595 open source apps. Our approach detected 30 vulnerable apps whereas <jats:italic>Covert<\/jats:italic> detected one of them and <jats:italic>IccTA<\/jats:italic> did not detect any. Executable proof-of-concept attacks generated by our approach were reported to the corresponding app developers.<\/jats:p>","DOI":"10.1007\/s10664-020-09879-8","type":"journal-article","created":{"date-parts":[[2020,9,15]],"date-time":"2020-09-15T02:02:29Z","timestamp":1600135349000},"page":"5084-5136","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["Security analysis of permission re-delegation vulnerabilities in Android apps"],"prefix":"10.1007","volume":"25","author":[{"given":"Biniam Fisseha","family":"Demissie","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7325-0316","authenticated-orcid":false,"given":"Mariano","family":"Ceccato","sequence":"additional","affiliation":[]},{"given":"Lwin Khin","family":"Shar","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,15]]},"reference":[{"key":"9879_CR1","doi-asserted-by":"publisher","unstructured":"Al-Subaihin AA, Sarro F, Black S, Capra L, Harman M, Jia Y, Zhang Y (2016) Clustering mobile apps based on mined textual features. In: Proceedings of the 10th ACM\/IEEE international symposium on empirical software engineering and measurement, ESEM \u201916. ACM, New York, pp 38:1\u201338:10. https:\/\/doi.org\/10.1145\/2961111.2962600","DOI":"10.1145\/2961111.2962600"},{"key":"9879_CR2","doi-asserted-by":"publisher","unstructured":"Amalfitano D, Fasolino A, Tramontana P (2011) A GUI crawling-based technique for Android mobile application testing. In: Software testing, verification and validation workshops (ICSTW), 2011 IEEE fourth international conference on, pp 252\u2013261, DOI https:\/\/doi.org\/10.1109\/ICSTW.2011.77, (to appear in print)","DOI":"10.1109\/ICSTW.2011.77"},{"key":"9879_CR3","doi-asserted-by":"publisher","unstructured":"Amalfitano D, Fasolino AR, Tramontana P, De Carmine S, Memon AM (2012) Using GUI ripping for automated testing of Android applications. In: Proceedings of the 27th IEEE\/ACM international conference on automated software engineering, ASE 2012. ACM, New York, pp 258\u2013261. https:\/\/doi.org\/10.1145\/2351676.2351717","DOI":"10.1145\/2351676.2351717"},{"key":"9879_CR4","doi-asserted-by":"publisher","unstructured":"Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation, PLDI \u201914. ACM, New York, pp 259\u2013269. https:\/\/doi.org\/10.1145\/2594291.2594299","DOI":"10.1145\/2594291.2594299"},{"key":"9879_CR5","doi-asserted-by":"crossref","unstructured":"Au KWY, Zhou Y, Huang Z, Lie D (2012) Pscout: analyzing the Android permission specification. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, pp 217\u2013228","DOI":"10.1145\/2382196.2382222"},{"key":"9879_CR6","doi-asserted-by":"crossref","unstructured":"Avancini A, Ceccato M (2013) Security testing of the communication among Android applications. In: Proceedings of the 8th international workshop on automation of software test. IEEE Press, pp 57\u201363","DOI":"10.1109\/IWAST.2013.6595792"},{"key":"9879_CR7","doi-asserted-by":"crossref","unstructured":"Avdiienko V, Kuznetsov K, Gorla A, Zeller A, Arzt S, Rasthofer S, Bodden E (2015) Mining apps for abnormal usage of sensitive data. In: Proceedings of the 37th international conference on software engineering. IEEE Press, pp 426\u2013436","DOI":"10.1109\/ICSE.2015.61"},{"key":"9879_CR8","doi-asserted-by":"publisher","unstructured":"Backes M, Bugiel S, Derr E (2016) Reliable third-party library detection in android and its security applications. In: Proceedings of the 2016 ACM SIGSAC Conference on computer and communications security, CCS \u201916. ACM, New York, pp 356\u2013367. https:\/\/doi.org\/10.1145\/2976749.2978333","DOI":"10.1145\/2976749.2978333"},{"key":"9879_CR9","doi-asserted-by":"publisher","first-page":"866","DOI":"10.1109\/TSE.2015.2419611","volume":"9","author":"H Bagheri","year":"2015","unstructured":"Bagheri H, Sadeghi A, Garcia J, Malek S (2015) Covert: Compositional analysis of android inter-app permission leakage. IEEE Trans Softw Eng 9:866\u2013886","journal-title":"IEEE Trans Softw Eng"},{"key":"9879_CR10","first-page":"993","volume":"3","author":"DM Blei","year":"2003","unstructured":"Blei DM, Ng AY, Jordan MI (2003) Latent dirichlet allocation. J Mach Learn Res 3:993\u20131022","journal-title":"J Mach Learn Res"},{"key":"9879_CR11","doi-asserted-by":"crossref","unstructured":"Bosu A, Liu F, Yao DD, Wang G (2017) Collusive data leak and more: Large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security. ACM, pp 71\u201385","DOI":"10.1145\/3052973.3053004"},{"key":"9879_CR12","unstructured":"Bugiel S, Davi L, Dmitrienko A, Fischer T, Sadeghi A, Shastry B (2012) Towards taming privilege-escalation attacks on android. In: NDSS, vol 17. Citeseer, p 19"},{"key":"9879_CR13","doi-asserted-by":"publisher","unstructured":"Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in Android. In: Proceedings of the 9th international conference on Mobile systems, applications, and services, MobiSys \u201911. https:\/\/doi.org\/10.1145\/1999995.2000018. ACM, New York, pp 239\u2013252","DOI":"10.1145\/1999995.2000018"},{"key":"9879_CR14","doi-asserted-by":"crossref","unstructured":"Coles H, Laurent T, Henard C, Papadakis M, Ventresque A (2016) Pit: a practical mutation testing tool for java. In: Proceedings of the 25th international symposium on software testing and analysis, pp 449\u2013452","DOI":"10.1145\/2931037.2948707"},{"key":"9879_CR15","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1016\/j.cose.2017.04.002","volume":"68","author":"T Dai","year":"2017","unstructured":"Dai T, Li X, Hassanshahi B, Yap RH, Liang Z (2017) Roppdroid: Robust permission re-delegation prevention in android inter-component communication. Comput Secur 68:98\u2013111","journal-title":"Comput Secur"},{"key":"9879_CR16","doi-asserted-by":"crossref","unstructured":"Demissie BF, Ghio D, Ceccato M, Avancini A (2016) Identifying android inter app communication vulnerabilities using static and dynamic analysis. In: Proceedings of the international conference on mobile software engineering and systems. ACM, pp 255\u2013266","DOI":"10.1145\/2897073.2897082"},{"key":"9879_CR17","doi-asserted-by":"crossref","unstructured":"Demissie BF, Ceccato M, Shar LK (2018) Anflo: Detecting anomalous sensitive information flows in android apps. In: Proceedings of the 5th IEEE\/ACM international conference on mobile software engineering and systems. ACM","DOI":"10.1145\/3197231.3197238"},{"key":"9879_CR18","doi-asserted-by":"crossref","unstructured":"Dempster AP, Laird NM, Rubin DB (1977) Maximum likelihood from incomplete data via the em algorithm. J R Stat Soc Series B Methodol 1\u201338","DOI":"10.1111\/j.2517-6161.1977.tb01600.x"},{"key":"9879_CR19","unstructured":"Enck W, Gilbert P, gon Chun B, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: 9Th usenix symposium on operating systems design and implementation"},{"key":"9879_CR20","unstructured":"Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of Android application security. In: Proceedings of the 20th USENIX conference on security, SEC\u201911. http:\/\/dl.acm.org\/citation.cfm?id=2028067.2028088. USENIX Association, Berkeley, pp 21\u201321"},{"key":"9879_CR21","unstructured":"Felt AP, Wang H, Moshchuk A, Hanna S, Chin E (2011) Permission re-delegation: attacks and defenses. In: 20Th usenix security symposium"},{"key":"9879_CR22","doi-asserted-by":"crossref","unstructured":"Fraser G, Arcuri A (2011) Evosuite: Automatic test suite generation for object-oriented software. In: Proceedings of the 19th ACM SIGSOFT symposium and the 13th european conference on foundations of software engineering, ESEC\/FSE \u20191. ACM, pp 416\u2013419","DOI":"10.1145\/2025113.2025179"},{"issue":"2","key":"9879_CR23","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1109\/TSE.2011.93","volume":"38","author":"G Fraser","year":"2011","unstructured":"Fraser G, Zeller A (2011) Mutation-driven generation of unit tests and oracles. IEEE Trans Softw Eng 38(2):278\u2013292","journal-title":"IEEE Trans Softw Eng"},{"key":"9879_CR24","doi-asserted-by":"crossref","unstructured":"Gordon MI, Kim D, Perkins JH, Gilham L, Nguyen N, Rinard MC (2015) Information flow analysis of android applications in droidsafe. In: NDSS, vol 15, p 110","DOI":"10.14722\/ndss.2015.23089"},{"key":"9879_CR25","doi-asserted-by":"crossref","unstructured":"Gorla A, Tavecchia I, Gross F, Zeller A (2014) Checking app behavior against app descriptions. In: Proceedings of the 36th international conference on software engineering. ACM, pp 1025\u20131035","DOI":"10.1145\/2568225.2568276"},{"key":"9879_CR26","doi-asserted-by":"crossref","unstructured":"Gorski S.A. III, Enck W (2019) Arf: identifying re-delegation vulnerabilities in android system services. In: Proceedings of the 12th conference on security and privacy in wireless and mobile networks, pp 151\u2013161","DOI":"10.1145\/3317549.3319725"},{"key":"9879_CR27","unstructured":"Grace MC, Zhou Y, Wang Z, Jiang X (2012) Systematic detection of capability leaks in stock Android smartphones. In: NDSS. http:\/\/dblp.uni-trier.de\/db\/conf\/ndss\/ndss2012.html. The Internet Society"},{"issue":"1","key":"9879_CR28","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M Hall","year":"2009","unstructured":"Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The weka data mining software: an update. ACM SIGKDD Explor Newslett 11(1):10\u201318","journal-title":"ACM SIGKDD Explor Newslett"},{"issue":"2","key":"9879_CR29","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1023\/B:AIRE.0000045502.10941.a9","volume":"22","author":"VJ Hodge","year":"2004","unstructured":"Hodge VJ, Austin J (2004) A survey of outlier detection methodologies. Artif Intell Rev 22(2):85\u2013126","journal-title":"Artif Intell Rev"},{"key":"9879_CR30","volume-title":"Adaptation in natural and artificial systems. an introductory analysis with application to biology, control, and artificial intelligence","author":"JH Holland","year":"1975","unstructured":"Holland JH (1975) Adaptation in natural and artificial systems. an introductory analysis with application to biology, control, and artificial intelligence. University of Michigan Press, Ann Arbor"},{"key":"9879_CR31","doi-asserted-by":"publisher","unstructured":"Hu C, Neamtiu I (2011) Automating GUI testing for Android applications. In: Proceedings of the 6th international workshop on automation of software test, AST \u201911. ACM, New York, pp 77\u201383. https:\/\/doi.org\/10.1145\/1982595.1982612","DOI":"10.1145\/1982595.1982612"},{"key":"9879_CR32","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.cose.2016.01.008","volume":"59","author":"M Junaid","year":"2016","unstructured":"Junaid M, Liu D, Kung D (2016) Dexteroid:, Detecting malicious behaviors in android apps using reverse-engineered life cycle models. Comput Secur 59:92\u2013117","journal-title":"Comput Secur"},{"key":"9879_CR33","doi-asserted-by":"crossref","unstructured":"Just R (2014) The Major mutation framework: efficient and scalable mutation analysis for Java. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA), San Jose, CA, USA, pp 433\u2013436","DOI":"10.1145\/2610384.2628053"},{"key":"9879_CR34","doi-asserted-by":"publisher","unstructured":"Klieber W, Flynn L, Bhosale A, Jia L, Bauer L (2014) Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN international workshop on the state of the art in java program analysis, SOAP \u201914. ACM, New York, pp 1\u20136. https:\/\/doi.org\/10.1145\/2614628.2614633","DOI":"10.1145\/2614628.2614633"},{"key":"9879_CR35","unstructured":"Laurikkala J, Juhola M, Kentala E, Lavrac N, Miksch S, Kavsek B (2000) Informal identification of outliers in medical data. In: Fifth international workshop on intelligent data analysis in medicine and pharmacology, vol 1, pp 20\u201324"},{"key":"9879_CR36","doi-asserted-by":"publisher","unstructured":"Lee YK, Bang JY, Safi G, Shahbazian A, Zhao Y, Medvidovic N (2017) A sealant for inter-app security holes in android. In: Proceedings of the 39th international conference on software engineering, ICSE \u201917. IEEE Press, Piscataway, pp 312\u2013323. https:\/\/doi.org\/10.1109\/ICSE.2017.36","DOI":"10.1109\/ICSE.2017.36"},{"key":"9879_CR37","doi-asserted-by":"crossref","unstructured":"Li L, Bartel A, Bissyand\u00e9 T. F., Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, Mcdaniel P (2015) IccTA: Detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th international conference on software engineering (ICSE 2015), pp 280\u2013291","DOI":"10.1109\/ICSE.2015.48"},{"key":"9879_CR38","doi-asserted-by":"publisher","unstructured":"Lu L, Li Z, Wu Z, Lee W, Jiang G (2012) Chex: Statically vetting Android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on computer and communications security, CCS \u201912. ACM, New York, pp 229\u2013240. https:\/\/doi.org\/10.1145\/2382196.2382223","DOI":"10.1145\/2382196.2382223"},{"key":"9879_CR39","doi-asserted-by":"crossref","unstructured":"Lu K, Li Z, Kemerlis VP, Wu Z, Lu L, Zheng C, Qian Z, Lee W, Jiang G (2015) Checking more and alerting less: Detecting privacy leakages via enhanced data-flow analysis and peer voting. In: NDSS","DOI":"10.14722\/ndss.2015.23287"},{"issue":"2","key":"9879_CR40","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1002\/stvr.308","volume":"15","author":"Y Ma","year":"2005","unstructured":"Ma Y, Offutt J, Kwon YR (2005) Mujava: an automated class mutation system. Softw Test Verif Reliab 15(2):97\u2013133","journal-title":"Softw Test Verif Reliab"},{"key":"9879_CR41","doi-asserted-by":"publisher","unstructured":"Ma Z, Wang H, Guo Y, Chen X (2016) Libradar: Fast and accurate detection of third-party libraries in android apps. In: Proceedings of the 38th international conference on software engineering companion, ICSE \u201916. ACM, New York, pp 653\u2013656. https:\/\/doi.org\/10.1145\/2889160.2889178","DOI":"10.1145\/2889160.2889178"},{"key":"9879_CR42","doi-asserted-by":"crossref","unstructured":"Mahmood R, Esfahani N, Kacem T, Mirzaei N, Malek S, Stavrou A (2012) A whitebox approach for automated security testing of Android applications on the cloud. In: Proceedings of the 7th international workshop on Automation of Software Test (AST), pp 22\u201328","DOI":"10.1109\/IWAST.2012.6228986"},{"key":"9879_CR43","doi-asserted-by":"crossref","unstructured":"Mahmood R, Mirzaei N, Malek S (2014) Evodroid: Segmented evolutionary testing of android apps. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering. ACM, pp 599\u2013609","DOI":"10.1145\/2635868.2635896"},{"key":"9879_CR44","doi-asserted-by":"crossref","unstructured":"Mann C, Starostin A (2012) A framework for static detection of privacy leaks in Android applications. In: 27Th Symposium on Applied Computing (SAC): computer security track, pp 1457\u20131462","DOI":"10.1145\/2245276.2232009"},{"key":"9879_CR45","doi-asserted-by":"crossref","unstructured":"Mao K, Harman M, Jia Y (2016) Sapienz: multi-objective automated testing for android applications. In: Proceedings of the 25th international symposium on software testing and analysis. ACM, pp 94\u2013105","DOI":"10.1145\/2931037.2931054"},{"key":"9879_CR46","unstructured":"McCallum AK (2002) Mallet: A machine learning for language toolkit"},{"key":"9879_CR47","doi-asserted-by":"crossref","unstructured":"Moran K, Tufano M, Bernal-C\u00e1rdenas C., Linares-V\u00e1squez M., Bavota G, Vendome C, Di Penta M, Poshyvanyk D (2018) Mdroid+: a mutation testing framework for android. In: 2018 IEEE\/ACM 40Th international conference on software engineering: companion (ICSE-companion). IEEE, pp 33\u201336","DOI":"10.1145\/3183440.3183492"},{"key":"9879_CR48","unstructured":"Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Le Traon Y (2013) Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In: Proceedings of the 22Nd USENIX conference on security, SEC\u201913. USENIX Association, Berkeley, pp 543\u2013558. http:\/\/dl.acm.org\/citation.cfm?id=2534766.2534813"},{"key":"9879_CR49","doi-asserted-by":"crossref","unstructured":"Octeau D, Luchaup D, Dering M, Jha S, McDaniel P (2015) Composite constant propagation: application to android inter-component communication analysis. In: Proceedings of the 37th International Conference on Software Engineering (ICSE). http:\/\/siis.cse.psu.edu\/pubs\/octeau-icse15.pdf","DOI":"10.1109\/ICSE.2015.30"},{"key":"9879_CR50","unstructured":"OWASP (2015) OWASP mobile security project top 10. https:\/\/www.owasp.org\/index.php\/Projects\/OWASP_Mobile_Security_Project_-2015_Scratchpad"},{"key":"9879_CR51","first-page":"313","volume-title":"Readings in information retrieval\/ An algorithm for suffix stripping","author":"MF Porter","year":"1997","unstructured":"Porter MF (1997) Readings in information retrieval\/ An algorithm for suffix stripping. Morgan Kaufmann Publishers Inc., San Francisco, pp 313\u2013316. http:\/\/dl.acm.org\/citation.cfm?id=275537.275705"},{"key":"9879_CR52","doi-asserted-by":"crossref","unstructured":"Rasthofer S, Arzt S, Triller S, Pradel M (2017) Making malory behave maliciously: targeted fuzzing of android execution environments. In: Proceedings of the 39th international conference on software engineering, ICSE \u201917. IEEE Press, pp 300\u2013311","DOI":"10.1109\/ICSE.2017.35"},{"key":"9879_CR53","doi-asserted-by":"crossref","unstructured":"Reps T, Horwitz S, Sagiv M (1995) Precise interprocedural dataflow analysis via graph reachability. In: Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL \u201995. ACM, pp 49\u201361","DOI":"10.1145\/199448.199462"},{"key":"9879_CR54","doi-asserted-by":"crossref","unstructured":"Sadeghi A, Esfahani N, Malek S (2014) Mining the categorized software repositories to improve the analysis of security vulnerabilities. In: International conference on fundamental approaches to software engineering. Springer, pp 155\u2013169","DOI":"10.1007\/978-3-642-54804-8_11"},{"issue":"6","key":"9879_CR55","doi-asserted-by":"publisher","first-page":"10:1","DOI":"10.1147\/JRD.2013.2284403","volume":"57","author":"D Sb\u00eerlea","year":"2013","unstructured":"Sb\u00eerlea D, Burke MG, Guarnieri S, Pistoia M, Sarkar V (2013) Automatic detection of inter-application permission leaks in android applications. IBM J Res Dev 57(6):10:1\u201310:12. https:\/\/doi.org\/10.1147\/JRD.2013.2284403","journal-title":"IBM J Res Dev"},{"issue":"2","key":"9879_CR56","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1109\/TSE.2018.2844343","volume":"46","author":"J Thome","year":"2020","unstructured":"Thome J, Shar LK, Bianculli D, Briand L (2020) An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving. IEEE Trans Softw Eng 46(2):163\u2013195","journal-title":"IEEE Trans Softw Eng"},{"key":"9879_CR57","doi-asserted-by":"publisher","unstructured":"Tsutano Y, Bachala S, Srisa-an W, Rothermel G, Dinh J (2017) An efficient, robust, and scalable approach for analyzing interacting android apps. In: Proceedings of the 39th international conference on software engineering, ICSE \u201917. https:\/\/doi.org\/10.1109\/ICSE.2017.37. IEEE Press, Piscataway, pp 324\u2013334","DOI":"10.1109\/ICSE.2017.37"},{"key":"9879_CR58","doi-asserted-by":"publisher","unstructured":"Wegener J, Baresel A, Sthamer H (2001) Evolutionary test environment for automatic structural testing, vol 43, pp 841\u2013854. https:\/\/doi.org\/10.1016\/S0950-5849(01)00190-2. http:\/\/www.sciencedirect.com\/science\/article\/pii\/S0950584901001902","DOI":"10.1016\/S0950-5849(01)00190-2"},{"key":"9879_CR59","doi-asserted-by":"publisher","unstructured":"Wei F, Roy S, Ou X, Robby (2014) AmAndroid: a precise and general inter-component data flow analysis framework for security vetting of Android apps. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, CCS \u201914. ACM, New York, pp 1329\u20131341. https:\/\/doi.org\/10.1145\/2660267.2660357","DOI":"10.1145\/2660267.2660357"},{"key":"9879_CR60","volume-title":"Data mining: practical machine learning tools and techniques","author":"IH Witten","year":"2011","unstructured":"Witten IH, Frank E, Hall MA (2011) Data mining: practical machine learning tools and techniques. Morgan Kaufmann, San Mateo"},{"key":"9879_CR61","doi-asserted-by":"crossref","unstructured":"Xu M, Ma Y, Liu X, Lin FX, Liu Y (2017) Appholmes: detecting and characterizing app collusion among third-party android markets. In: Proceedings of the 26th international conference on World Wide Web, pp 143\u2013152","DOI":"10.1145\/3038912.3052645"},{"key":"9879_CR62","doi-asserted-by":"crossref","unstructured":"Zhang M, Yin H (2014) Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in Android applications","DOI":"10.14722\/ndss.2014.23255"},{"key":"9879_CR63","doi-asserted-by":"crossref","unstructured":"Zhong J, Huang J, Liang B (2012) Android permission re-delegation detection and test case generation. In: 2012 International conference on computer science and service system, pp 871\u2013874","DOI":"10.1109\/CSSS.2012.222"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-020-09879-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-020-09879-8\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-020-09879-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,15]],"date-time":"2021-09-15T00:58:57Z","timestamp":1631667537000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-020-09879-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,9,15]]},"references-count":63,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2020,11]]}},"alternative-id":["9879"],"URL":"https:\/\/doi.org\/10.1007\/s10664-020-09879-8","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,9,15]]},"assertion":[{"value":"15 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}