{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T15:09:15Z","timestamp":1774883355718,"version":"3.50.1"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2026,1,3]],"date-time":"2026-01-03T00:00:00Z","timestamp":1767398400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,3]],"date-time":"2026-01-03T00:00:00Z","timestamp":1767398400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61977020"],"award-info":[{"award-number":["61977020"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key technical projects of ShenZhen","award":["JSGG2021110892802003"],"award-info":[{"award-number":["JSGG2021110892802003"]}]},{"name":"Natural Science Foundation of Hei Longjiang Province","award":["LH2019F046"],"award-info":[{"award-number":["LH2019F046"]}]},{"name":"Harbin science and technology innovation talents research project","award":["2016RAQXJ013"],"award-info":[{"award-number":["2016RAQXJ013"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Empir Software Eng"],"published-print":{"date-parts":[[2026,5]]},"DOI":"10.1007\/s10664-025-10747-6","type":"journal-article","created":{"date-parts":[[2026,1,3]],"date-time":"2026-01-03T08:48:18Z","timestamp":1767430098000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Func: reducing the impact of Android framework evolution on malware detection"],"prefix":"10.1007","volume":"31","author":[{"given":"Hailong","family":"Yu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2958-8066","authenticated-orcid":false,"given":"Tiantian","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lwin Khin","family":"Shar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hanmeng","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Lo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,1,3]]},"reference":[{"key":"10747_CR1","unstructured":"(2024) All android releases. https:\/\/developer.android.com\/about\/versions"},{"key":"10747_CR2","unstructured":"(2024) getdeviceid. https:\/\/developer.android.com\/reference\/android\/telephony\/TelephonyManager#getDeviceId()"},{"key":"10747_CR3","unstructured":"(2024) Mobile android operating system market share worldwide from january 2018 to february 2024, by version. https:\/\/www.statista.com\/statistics\/921152\/mobile-android-version-share-worldwide\/"},{"key":"10747_CR4","unstructured":"(2024) Mobile operating system market share worldwide. https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide"},{"key":"10747_CR5","doi-asserted-by":"crossref","unstructured":"Aafer Y, Du W, Yin H (2013) Droidapiminer: mining api-level features for robust malware detection in android. In: Security and privacy in communication networks: 9th international ICST conference, SecureComm 2013, Sydney, NSW, Australia, September 25\u201328, 2013, Revised Selected Papers 9. Springer, pp 86\u2013103","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"10747_CR6","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1016\/j.future.2020.02.002","volume":"107","author":"M Alazab","year":"2020","unstructured":"Alazab M, Alazab M, Shalaginov A, Mesleh A, Awajan A (2020) Intelligent mobile malware detection using permission requests and api calls. Futur Gener Comput Syst 107:509\u2013521","journal-title":"Futur Gener Comput Syst"},{"key":"10747_CR7","doi-asserted-by":"crossref","unstructured":"Allix K, Bissyand\u00e9 TF, Klein J, Le\u00a0Traon Y (2016) Androzoo: collecting millions of android apps for the research community. In: Proceedings of the 13th international conference on mining software repositories, pp 468\u2013471","DOI":"10.1145\/2901739.2903508"},{"key":"10747_CR8","doi-asserted-by":"crossref","unstructured":"Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C (2014) Drebin: effective and explainable detection of android malware in your pocket. In: Ndss, vol 14, pp 23\u201326","DOI":"10.14722\/ndss.2014.23247"},{"key":"10747_CR9","unstructured":"Arzt S, Rasthofer S, Bodden E (2013) Susi: a tool for the fully automated classification and categorization of android sources and sinks. University of Darmstadt, Tech. Rep. TUDCS-2013-0114"},{"key":"10747_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107639","volume":"184","author":"Y Bai","year":"2021","unstructured":"Bai Y, Xing Z, Ma D, Li X, Feng Z (2021) Comparative analysis of feature representations and machine learning methods in android family classification. Comput Netw 184:107639","journal-title":"Comput Netw"},{"key":"10747_CR11","doi-asserted-by":"crossref","unstructured":"Bang Y, Cahyawijaya S, Lee N, Dai W, Su D, Wilie B, Lovenia H, Ji Z, Yu T, Chung W et\u00a0al (2023) A multitask, multilingual, multimodal evaluation of chatgpt on reasoning, hallucination, and interactivity. In: Proceedings of the 13th international joint conference on natural language processing and the 3rd conference of the Asia-Pacific chapter of the association for computational linguistics (Volume 1: Long Papers), pp 675\u2013718","DOI":"10.18653\/v1\/2023.ijcnlp-main.45"},{"key":"10747_CR12","doi-asserted-by":"crossref","unstructured":"Belzner L, Gabor T, Wirsing M (2023) Large language model assisted software engineering: prospects, challenges, and a case study. In: International conference on bridging the gap between AI and reality. Springer, pp 355\u2013374","DOI":"10.1007\/978-3-031-46002-9_23"},{"key":"10747_CR13","first-page":"645","volume":"2","author":"CM Bishop","year":"2006","unstructured":"Bishop CM (2006) Pattern recognition and machine learning. Springer Google Schola 2:645\u2013678","journal-title":"Springer Google Schola"},{"key":"10747_CR14","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1016\/j.cose.2017.11.007","volume":"73","author":"S Chen","year":"2018","unstructured":"Chen S, Xue M, Fan L, Hao S, Xu L, Zhu H, Li B (2018) Automated poisoning attacks and defenses in malware detection systems: an adversarial machine learning approach. Comput Secur 73:326\u2013344","journal-title":"Comput Secur"},{"key":"10747_CR15","doi-asserted-by":"crossref","unstructured":"Chen S, Xue M, Tang Z, Xu L, Zhu H (2016) Stormdroid: a streaminglized machine learning-based system for detecting android malware. In: Proceedings of the 11th ACM on Asia conference on computer and communications security, pp 377\u2013388","DOI":"10.1145\/2897845.2897860"},{"key":"10747_CR16","unstructured":"Feng K, Ding K, Ma K, Wang Z, Zhang Q, Chen H (2024) Sample-efficient human evaluation of large language models via maximum discrepancy competition. arXiv:2404.08008"},{"key":"10747_CR17","doi-asserted-by":"crossref","unstructured":"Gao C, Huang G, Li H, Wu B, Wu Y, Yuan W (2024) A comprehensive study of learning-based android malware detectors under challenging environments. In: Proceedings of the 46th IEEE\/ACM international conference on software engineering, pp 1\u201313","DOI":"10.1145\/3597503.3623320"},{"issue":"3","key":"10747_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3162625","volume":"26","author":"J Garcia","year":"2018","unstructured":"Garcia J, Hammad M, Malek S (2018) Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans Softw Eng Methodology (TOSEM) 26(3):1\u201329","journal-title":"ACM Trans Softw Eng Methodology (TOSEM)"},{"key":"10747_CR19","doi-asserted-by":"crossref","unstructured":"Gong J, Niu W, Li S, Zhang M, Zhang X (2024) Sensitive behavioral chain-focused android malware detection fused with ast semantics. IEEE Trans Inf Forensics Secur","DOI":"10.1109\/TIFS.2024.3468891"},{"key":"10747_CR20","doi-asserted-by":"publisher","first-page":"103807","DOI":"10.1016\/j.cose.2024.103807","volume":"140","author":"J Gu","year":"2024","unstructured":"Gu J, Zhu H, Han Z, Li X, Zhao J (2024) Gsedroid: gnn-based android malware detection framework using lightweight semantic embedding. Comput Secur 140:103807","journal-title":"Comput Secur"},{"key":"10747_CR21","doi-asserted-by":"crossref","unstructured":"He Y, Liu Y, Wu L, Yang Z, Ren K, Qin Z (2022) Msdroid: identifying malicious snippets for android malware detection. IEEE Trans Depend Secure Comput","DOI":"10.1109\/TDSC.2022.3168285"},{"key":"10747_CR22","doi-asserted-by":"crossref","unstructured":"Hoffer E, Ailon N (2015) Deep metric learning using triplet network. In: Similarity-based pattern recognition: third international workshop, SIMBAD 2015, Copenhagen, Denmark, October 12\u201314, 2015. Proceedings 3. Springer, pp 84\u201392","DOI":"10.1007\/978-3-319-24261-3_7"},{"key":"10747_CR23","doi-asserted-by":"crossref","unstructured":"Hurier M, Suarez-Tangil G, Dash SK, Bissyand\u00e9 TF, Le\u00a0Traon Y, Klein J, Cavallaro L (2017) Euphony: harmonious unification of cacophonous anti-virus vendor labels for android malware. In: 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR). IEEE, pp 425\u2013435","DOI":"10.1109\/MSR.2017.57"},{"key":"10747_CR24","unstructured":"Jordaney R, Sharad K, Dash SK, Wang Z, Papini D, Nouretdinov I, Cavallaro L (2017) Transcend: detecting concept drift in malware classification models. In: 26th USENIX security symposium (USENIX security 17), pp 625\u2013642"},{"key":"10747_CR25","doi-asserted-by":"crossref","unstructured":"Karbab EB, Debbabi M, Derhab A, Mouheb D (2016) Cypider: building community-based cyber-defense infrastructure for android malware detection. In: Proceedings of the 32nd annual conference on computer security applications, pp 348\u2013362","DOI":"10.1145\/2991079.2991124"},{"key":"10747_CR26","doi-asserted-by":"publisher","first-page":"2058","DOI":"10.1007\/s10664-019-09764-z","volume":"25","author":"L Li","year":"2020","unstructured":"Li L, Gao J, Bissyand\u00e9 TF, Ma L, Xia X, Klein J (2020) Cda: characterising deprecated android apis. Empir Softw Eng 25:2058\u20132098","journal-title":"Empir Softw Eng"},{"key":"10747_CR27","doi-asserted-by":"crossref","unstructured":"Liu Y, Le-Cong T, Widyasari R, Tantithamthavorn C, Li L, Le X-BD, Lo D (2023) Refining chatgpt-generated code: characterizing and mitigating code quality issues. ACM Trans Softw Eng Methodology","DOI":"10.1145\/3643674"},{"key":"10747_CR28","doi-asserted-by":"crossref","unstructured":"Liu Z, Zhang LF, Tang Y (2023) Enhancing malware detection for android apps: detecting fine-granularity malicious components. In: 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, pp 1212\u20131224","DOI":"10.1109\/ASE56229.2023.00074"},{"key":"10747_CR29","doi-asserted-by":"crossref","unstructured":"Li Y, Yuan D, Zhang T, Cai H, Lo D, Gao C, Luo X, Jiang H (2024) Meta-learning for multi-family android malware classification. ACM Trans Softw Eng Methodology","DOI":"10.1145\/3664806"},{"key":"10747_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s10922-021-09634-4","volume":"30","author":"S Mahdavifar","year":"2022","unstructured":"Mahdavifar S, Alhadidi D, Ghorbani AA (2022) Effective and efficient hybrid android malware classification using pseudo-label stacked auto-encoder. J Netw Syst Manage 30:1\u201334","journal-title":"J Netw Syst Manage"},{"key":"10747_CR31","doi-asserted-by":"crossref","unstructured":"Mahdavifar S, Kadir AFA, Fatemi R, Alhadidi D, Ghorbani AA (2020) Dynamic android malware category classification using semi-supervised deep learning. In: 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech). IEEE, pp 515\u2013522","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094"},{"key":"10747_CR32","doi-asserted-by":"publisher","first-page":"101573","DOI":"10.1016\/j.cose.2019.101573","volume":"87","author":"L Nguyen-Vu","year":"2019","unstructured":"Nguyen-Vu L, Ahn J, Jung S (2019) Android fragmentation in malware detection. Comput Secur 87:101573","journal-title":"Comput Secur"},{"issue":"2","key":"10747_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3313391","volume":"22","author":"L Onwuzurike","year":"2019","unstructured":"Onwuzurike L, Mariconti E, Andriotis P, Cristofaro ED, Ross G, Stringhini G (2019) Mamadroid: detecting android malware by building markov chains of behavioral models (extended version). ACM Trans Privacy Security (TOPS) 22(2):1\u201334","journal-title":"ACM Trans Privacy Security (TOPS)"},{"key":"10747_CR34","unstructured":"Pendlebury F, Pierazzi F, Jordaney R, Kinder J, Cavallaro L (2019) TESSERACT: eliminating experimental bias in malware classification across space and time. In: 28th USENIX Security Symposium (USENIX Security 19). Santa Clara, CA: USENIX Association, pp 729\u2013746. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/pendlebury"},{"key":"10747_CR35","doi-asserted-by":"crossref","unstructured":"Qiao M, Sung AH, Liu Q (2016) Merging permission and api features for android malware detection. In: 2016 5th IIAI international congress on advanced applied informatics (IIAI-AAI). IEEE, pp 566\u2013571","DOI":"10.1109\/IIAI-AAI.2016.237"},{"key":"10747_CR36","unstructured":"Ramos J et\u00a0al (2003) Using tf-idf to determine word relevance in document queries. In: Proceedings of the first instructional conference on machine learning, vol 242, no\u00a01. Citeseer, pp 29\u201348"},{"issue":"6","key":"10747_CR37","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/s10664-023-10375-y","volume":"28","author":"LK Shar","year":"2023","unstructured":"Shar LK, Demissie BF, Ceccato M, Tun YN, Lo D, Jiang L, Bienert C (2023) Experimental comparison of features, analyses, and classifiers for android malware detection. Empir Softw Eng 28(6):130","journal-title":"Empir Softw Eng"},{"key":"10747_CR38","first-page":"102483","volume":"54","author":"R Surendran","year":"2020","unstructured":"Surendran R, Thomas T, Emmanuel S (2020) A tan based hybrid model for android malware detection. J Inf Secur Appl 54:102483","journal-title":"J Inf Secur Appl"},{"key":"10747_CR39","doi-asserted-by":"crossref","unstructured":"Wang J, Huang Y, Chen C, Liu Z, Wang S, Wang Q (2024) Software testing with large language models: survey, landscape, and vision. IEEE Trans Softw Eng","DOI":"10.1109\/TSE.2024.3368208"},{"issue":"2","key":"10747_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3423096","volume":"30","author":"B Wu","year":"2021","unstructured":"Wu B, Chen S, Gao C, Fan L, Liu Y, Wen W, Lyu MR (2021) Why an android app is classified as malware: toward malware classification interpretation. ACM Trans Softw Eng Methodology (TOSEM) 30(2):1\u201329","journal-title":"ACM Trans Softw Eng Methodology (TOSEM)"},{"key":"10747_CR41","doi-asserted-by":"publisher","first-page":"103126","DOI":"10.1016\/j.cose.2023.103126","volume":"128","author":"Y Wu","year":"2023","unstructured":"Wu Y, Li M, Zeng Q, Yang T, Wang J, Fang Z, Cheng L (2023) Droidrl: feature selection for android malware detection with reinforcement learning. Comput Secur 128:103126","journal-title":"Comput Secur"},{"key":"10747_CR42","doi-asserted-by":"crossref","unstructured":"Wu Y, Li X, Zou D, Yang W, Zhang X, Jin H (2019) Malscan: fast market-wide mobile malware scanning by social-network centrality analysis. In: 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE, pp 139\u2013150","DOI":"10.1109\/ASE.2019.00023"},{"key":"10747_CR43","doi-asserted-by":"crossref","unstructured":"Xu K, Li Y, Deng R, Chen K, Xu J (2019) Droidevolver: self-evolving android malware detection system. In: 2019 IEEE European symposium on security and privacy (Euros&P). IEEE, pp 47\u201362","DOI":"10.1109\/EuroSP.2019.00014"},{"key":"10747_CR44","unstructured":"Yang C, Liu J, Xu B, Treude C, Lyu Y, Li M, Lo D (2023) Apidocbooster: an extract-then-abstract framework leveraging large language models for augmenting api documentation. arXiv:2312.10934"},{"key":"10747_CR45","unstructured":"Yao X (2017) Attention-based bilstm neural networks for sentiment classification of short texts. In: Proceedings of the International Conference on Information Science and Cloud Computing, pp 110\u2013117"},{"key":"10747_CR46","doi-asserted-by":"crossref","unstructured":"Zhang X, Zhang Y, Zhong M, Ding D, Cao Y, Zhang v, Zhang M, Yang M (2020) Enhancing state-of-the-art classifiers with api semantics to detect evolved android malware. In: Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, pp 757\u2013770","DOI":"10.1145\/3372297.3417291"},{"key":"10747_CR47","doi-asserted-by":"publisher","first-page":"104027","DOI":"10.1016\/j.cose.2024.104027","volume":"146","author":"F Zhou","year":"2024","unstructured":"Zhou F, Wang D, Xiong Y, Sun K, Wang W (2024) Famcf: a few-shot android malware family classification framework. Comput Secur 146:104027","journal-title":"Comput Secur"}],"container-title":["Empirical Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10747-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10664-025-10747-6","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10664-025-10747-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,30]],"date-time":"2026-03-30T14:38:31Z","timestamp":1774881511000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10664-025-10747-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,3]]},"references-count":47,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2026,5]]}},"alternative-id":["10747"],"URL":"https:\/\/doi.org\/10.1007\/s10664-025-10747-6","relation":{},"ISSN":["1382-3256","1573-7616"],"issn-type":[{"value":"1382-3256","type":"print"},{"value":"1573-7616","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,3]]},"assertion":[{"value":"19 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 October 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"David Lo is a member of the Editorial Board of the EMSE. All co-authors have seen and agree with the contents of the manuscript and there is no financial interest.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Informed Consent"}},{"value":"All authors declare that there is no conflict of interest.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}},{"value":"Not applicable.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Clinical Trial Number"}}],"article-number":"56"}}