{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:54:36Z","timestamp":1773154476046,"version":"3.50.1"},"reference-count":71,"publisher":"Informa UK Limited","issue":"5","content-domain":{"domain":["www.tandfonline.com"],"crossmark-restriction":true},"short-container-title":["Information Security Journal: A Global Perspective"],"published-print":{"date-parts":[[2020,9,2]]},"DOI":"10.1080\/19393555.2020.1741743","type":"journal-article","created":{"date-parts":[[2020,4,15]],"date-time":"2020-04-15T06:04:30Z","timestamp":1586930670000},"page":"220-243","update-policy":"https:\/\/doi.org\/10.1080\/tandf_crossmark_01","source":"Crossref","is-referenced-by-count":13,"title":["A modular framework for mobile security analysis"],"prefix":"10.1080","volume":"29","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2567-336X","authenticated-orcid":false,"given":"Francesco","family":"Bergadano","sequence":"first","affiliation":[{"name":"University of Turin, Corso Svizzera 185, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Milena","family":"Boetti","sequence":"additional","affiliation":[{"name":"University of Turin, Corso Svizzera 185, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fabio","family":"Cogno","sequence":"additional","affiliation":[{"name":"Certimeter, Corso Svizzera 185, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Valerio","family":"Costamagna","sequence":"additional","affiliation":[{"name":"University of Turin, Corso Svizzera 185, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mario","family":"Leone","sequence":"additional","affiliation":[{"name":"Certimeter, Corso Svizzera 185, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marco","family":"Evangelisti","sequence":"additional","affiliation":[{"name":"University of Turin, Corso Svizzera 185, Turin, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"301","published-online":{"date-parts":[[2020,4,14]]},"reference":[{"key":"cit0001","doi-asserted-by":"publisher","DOI":"10.1145\/3019612.3019797"},{"key":"cit0002","volume-title":"Journal of Systems and Software","author":"Ahmad, M., Costamagna, V., Crispo, B., Bergadano, F., & Zhauniarovich, Y","year":"2020"},{"key":"cit0003","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.11.006"},{"key":"cit0004","doi-asserted-by":"publisher","DOI":"10.1145\/360018.360025"},{"issue":"10","key":"cit0005","volume":"10","author":"Amin A.","year":"2019","journal-title":"MDPI Information"},{"key":"cit0006","unstructured":"Android.com. (2019a). The activity lifecycle. Retrieved June 07, 2019, from https:\/\/developer.android.com\/guide\/components\/activities\/activity-lifecycle.html"},{"key":"cit0007","unstructured":"Android.com. (2019b). Android class windowmanager.layoutparams. Retrieved June 07 2019, from https:\/\/developer.android.com\/reference\/android\/view\/WindowManager.LayoutParams.html#FLAG_SECURE"},{"key":"cit0008","unstructured":"Android.com. (2019c). Android debug bridge (adb). Retrieved June 07, 2019, from https:\/\/developer.android.com\/studio\/command-line\/adb.html"},{"key":"cit0009","unstructured":"Android.com. (2019d). Android java class edittext. Retrieved June 07, 2019, from https:\/\/developer.android.com\/reference\/android\/widget\/EditText.html"},{"key":"cit0010","unstructured":"Android.com. (2019e). Android java class textview. Retrieved June 07, 2019, from https:\/\/developer.android.com\/reference\/android\/widget\/TextView.html"},{"key":"cit0011","unstructured":"Android.com. (2019f). Android packagemanager. Retrieved June 07, 2019, from https:\/\/developer.android.com\/reference\/android\/content\/pm\/PackageManager.html"},{"key":"cit0012","unstructured":"Android.com. (2019g). Android permissions. Retrieved June 07, 2019, from https:\/\/developer .android.com\/guide\/topics\/permissions\/overview"},{"key":"cit0013","unstructured":"Android.com. (2019h). Android storage options. Retrieved June 07, 2019, from https:\/\/developer.android.com\/reference\/android\/content\/Context.html#MODE_WORLD_WRITEABLE"},{"key":"cit0014","unstructured":"Android.com. (2019i). Auto backup for apps. Retrieved June 07, 2019, from https:\/\/developer.android.com\/guide\/topics\/data\/autobackup.html"},{"key":"cit0015","unstructured":"Android.com. (2019j). Copy and paste. Retrieved June 07, 2019, from https:\/\/developer.android.com\/guide\/topics\/text\/copy-paste.html"},{"key":"cit0016","unstructured":"Android.com. (2019k). Declaration of the application. Retrieved June 07, 2019, from https:\/\/developer.android.com\/guide\/topics\/manifest\/application-element.html"},{"key":"cit0017","unstructured":"Android.com. (2019l). Motioneevent. Retrieved June 07, 2019, from https:\/\/developer.android.com\/reference\/android\/view\/MotionEvent.html"},{"key":"cit0018","unstructured":"Android.com. (2019m). UI\/application exerciser monkey (monkey tool). Retrieved June 07, 2019, from https:\/\/developer.android.com\/studio\/test\/monkey.html"},{"key":"cit0019","unstructured":"Apktool. (2019). Apktool: Tool for reverse engineering android apk files. Retrieved June 07, 2019, from https:\/\/ibotpeaches.github.io\/Apktool\/"},{"key":"cit0020","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"cit0021","doi-asserted-by":"publisher","DOI":"10.5220\/0006642503790385"},{"key":"cit0022","unstructured":"CapFuzz. (n.d.). Capfuzz - capture, intercept, fuzz. Retrieved June 07, 2019, from https:\/\/github .com\/MobSF\/CapFuzz, note"},{"key":"cit0023","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"cit0024","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23465"},{"issue":"3","key":"cit0025","first-page":"39","volume":"8","author":"Costamagna V.","year":"2016","journal-title":"Int J. on Inf. Tech. and Security"},{"key":"cit0026","unstructured":"Desnos, A. & Lantz, P. (2014). Droidbox: An android application sandbox for dynamic analysis (2011). https:\/\/code. google. com\/p\/droidbox"},{"key":"cit0027","unstructured":"Dolby, J., Fink, S. J. & Sridharan, M. (2015). Tj watson libraries for analysis (wala). http:\/\/wala. sf. net"},{"key":"cit0028","volume-title":"Pios: Detecting privacy leaks in ios applications","author":"Egele M.","year":"2011"},{"key":"cit0029","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"cit0030","doi-asserted-by":"publisher","DOI":"10.1145\/857076.857078"},{"key":"cit0031","doi-asserted-by":"publisher","DOI":"10.1145\/356674.356676"},{"key":"cit0032","unstructured":"Frida.re. (2019). FRIDA dynamic instrumentation toolkit. Retrieved June 07, 2019, from https:\/\/www.frida.re\/"},{"key":"cit0033","unstructured":"Fridump. (2019). Fridump open source memory dumping tool. Retrieved June 07, 2019, from https:\/\/github.com\/Nightbringer21\/fridump"},{"key":"cit0034","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2019.1628325"},{"key":"cit0035","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"cit0036","unstructured":"Github.com\/androguard. (2011). Androguard. Retrieved June 07, 2019, from https:\/\/github.com\/androguard\/androguardgithub.com\/"},{"key":"cit0037","unstructured":"Github.com\/OWASP. (2019). Owasp mobile application security verification standard. Retrieved June 07, 2019, from https:\/\/github.com\/OWASP\/owasp-masvs"},{"key":"cit0038","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"cit0039","doi-asserted-by":"publisher","DOI":"10.1145\/2480362.2480706"},{"key":"cit0040","unstructured":"JAADAS. (2019). Joint advanced application defect assessment for android application. Retrieved June 07, 2019, from https:\/\/github.com\/flankerhqd\/JAADAS"},{"key":"cit0041","first-page":"35","volume-title":"Cetus users and compiler infrastructure workshop (cetus 2011), Purdue University,","volume":"15","author":"Lam P.","year":"2011"},{"key":"cit0042","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"cit0043","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"cit0044","unstructured":"Lin, Y.C. (2015). Androbugs framework: An android application security vulnerability scanner. UBM Tech, Blackhat Europe 2015."},{"key":"cit0045","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"cit0046","unstructured":"Menezes, A. (2019). A screen capture via UI overlays in mediaprojection. Retrieved June 07, 2019, from https:\/\/labs.mwrinfosecurity.com\/advisories\/screencapture-via-ui-overlays-in-mediaprojection\/"},{"key":"cit0047","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-58469-0_36"},{"key":"cit0048","unstructured":"Mitm. (2019). Mitmproxy. Retrieved June 07, 2019, from https:\/\/mitmproxy.org\/"},{"key":"cit0049","unstructured":"MobSF. (2019). Mobile security framework (MobSF). Retrieved June 07, 2019, from https:\/\/github.com\/MobSF\/Mobile-Security-Framework-MobSF"},{"key":"cit0050","unstructured":"MwrLabs. (2019a). Drozer. Retrieved June 07, 2019, from https:\/\/github.com\/mwrlabs\/drozer"},{"key":"cit0051","unstructured":"MwrLabs. (2019b). Needle. Retrieved June 07, 2019, from https:\/\/github.com\/mwrlabs\/needle"},{"key":"cit0052","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2550446"},{"key":"cit0053","unstructured":"OWASP. (2017). Owasp mobile security testing guide. Retrieved June 07, 2019, from https:\/\/github.com\/OWASP\/owasp-mstg"},{"key":"cit0054","unstructured":"Owasp.org. (2019). Owasp mobile top 10 2016. Retrieved June 07, 2019, from https:\/\/www.owasp.org\/index.php\/Mobile_Top_10_2016-Top_10"},{"key":"cit0055","unstructured":"Pocoo.org. (2019). Flask, web development, one drop at a time. Retrieved June 07, 2019, from http:\/\/flask.pocoo.org\/"},{"key":"cit0056","unstructured":"Qark. (2019). Tool to look for several security related android application vulnerabilities. Retrieved June 07, 2019, from https:\/\/github.com\/linkedin\/qark"},{"key":"cit0057","unstructured":"Ravnas, O. A. V. (2019). Javascript API. Retrieved June 07, 2019, from https:\/\/www.frida.re\/docs\/javascript-api\/"},{"key":"cit0058","unstructured":"Redis.io. (2019). Redis. Retrieved June 07, 2019, from https:\/\/redis.io\/"},{"key":"cit0059","unstructured":"Schmich, C. P. & Huene, P. C. (2012, June 28). Dynamic instrumentation of software code. Google Patents. (US Patent App. 12\/975,363)."},{"key":"cit0060","doi-asserted-by":"publisher","DOI":"10.1080\/19393555.2019.1691293"},{"key":"cit0061","unstructured":"Smalisca. (2019). Static analysis of smali files. Retrieved June 07, 2019, from https:\/\/github.com\/dorneanu\/smalisca"},{"key":"cit0062","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23205"},{"key":"cit0063","unstructured":"Statista.com. (2019). Average number of new android app releases per day from 3rd quarter 2016 to 1st quarter 2018. Retrieved June 07, 2019, from https:\/\/www.statista.com\/statistics\/276703\/android-app-releases-worldwide\/"},{"key":"cit0064","unstructured":"Tornadoweb.org. (2019). Tornado.Retrieved June 07, 2019, from http:\/\/www.tornadoweb.org\/en\/stable\/index.html"},{"key":"cit0065","unstructured":"Websocket.org. (2019). Websocket. Retrieved June 07, 2019, from http:\/\/www.websocket.org\/index.html"},{"key":"cit0066","first-page":"439","volume-title":"Proceedings of the 5th international conference on software engineering","author":"Weiser M.","year":"1981"},{"key":"cit0067","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.60"},{"issue":"4","key":"cit0068","volume":"2019","author":"Yerima S.","year":"2019","journal-title":"EURASIP Journal on Information Security"},{"key":"cit0069","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_5"},{"key":"cit0070","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699105"},{"key":"cit0071","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS.2017.8343028"}],"container-title":["Information Security Journal: A Global Perspective"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.1080\/19393555.2020.1741743","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,26]],"date-time":"2021-05-26T03:27:24Z","timestamp":1621999644000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/19393555.2020.1741743"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,14]]},"references-count":71,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,9,2]]}},"alternative-id":["10.1080\/19393555.2020.1741743"],"URL":"https:\/\/doi.org\/10.1080\/19393555.2020.1741743","relation":{},"ISSN":["1939-3555","1939-3547"],"issn-type":[{"value":"1939-3555","type":"print"},{"value":"1939-3547","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4,14]]},"assertion":[{"value":"The publishing and review policy for this title is described in its Aims & Scope.","order":1,"name":"peerreview_statement","label":"Peer Review Statement"},{"value":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","URL":"http:\/\/www.tandfonline.com\/action\/journalInformation?show=aimsScope&journalCode=uiss20","order":2,"name":"aims_and_scope_url","label":"Aim & Scope"},{"value":"2020-04-14","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}