{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T18:19:39Z","timestamp":1775067579304,"version":"3.50.1"},"reference-count":143,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"TENACE PRIN"},{"name":"Italian MIUR"},{"name":"University of Padua"},{"name":"Marie Curie Fellowship","award":["PCIG11-GA-2012-321980"],"award-info":[{"award-number":["PCIG11-GA-2012-321980"]}]},{"name":"European Commission for the PRISM CODE"},{"name":"Department of Information Technology, Government of India"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2015]]},"DOI":"10.1109\/comst.2014.2386139","type":"journal-article","created":{"date-parts":[[2014,12,30]],"date-time":"2014-12-30T19:25:09Z","timestamp":1419967509000},"page":"998-1022","source":"Crossref","is-referenced-by-count":434,"title":["Android Security: A Survey of Issues, Malware Penetration, and Defenses"],"prefix":"10.1109","volume":"17","author":[{"given":"Parvez","family":"Faruki","sequence":"first","affiliation":[]},{"given":"Ammar","family":"Bharmal","sequence":"additional","affiliation":[]},{"given":"Vijay","family":"Laxmi","sequence":"additional","affiliation":[]},{"given":"Vijay","family":"Ganmoor","sequence":"additional","affiliation":[]},{"given":"Manoj Singh","family":"Gaur","sequence":"additional","affiliation":[]},{"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[]},{"given":"Muttukrishnan","family":"Rajarajan","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","author":"oberhide","year":"0","journal-title":"Dissecting the Android Bouncer"},{"key":"ref38","first-page":"289","article-title":"PUMA: Permission Usage to detect Malware in Android","author":"sanz","year":"0","journal-title":"Proc Int Joint Conf CISIS-ICEUTE-SOCO'Spec Sessions"},{"key":"ref33","first-page":"49","article-title":"Defending users against smartphone apps: Techniques and future directions","author":"enck","year":"0","journal-title":"Proc 7th ICISS"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.013012.00028"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.101613.00077"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307663"},{"key":"ref37","year":"0"},{"key":"ref36","year":"0","journal-title":"Android Kernel Features"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.26"},{"key":"ref34","year":"0","journal-title":"Android Security Overview"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420983"},{"key":"ref27","author":"fedler","year":"2013","journal-title":"On the Effectiveness of Malware Protection on Android"},{"key":"ref29","year":"0","journal-title":"Kaspersky Internet Security for Android"},{"key":"ref20","year":"0","journal-title":"VirusTotal"},{"key":"ref22","year":"0","journal-title":"Backdoor AndroidOS Obad a"},{"key":"ref21","year":"0","journal-title":"Android Bgserv?Symantec"},{"key":"ref24","year":"0","journal-title":"Android Hipposms"},{"key":"ref23","year":"0","journal-title":"RageAgainstTheCage"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393600"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2259818"},{"key":"ref100","first-page":"163","article-title":"A study of Android application security","author":"william","year":"0","journal-title":"Proc USENIX"},{"key":"ref25","year":"0","journal-title":"Android\/NotCompatible Looks Like Piece of PC Botnet"},{"key":"ref50","first-page":"95","article-title":"Dissecting android malware: Characterization and evolution","author":"yajin","year":"0","journal-title":"Proc 33rd IEEE Symp Security and Privacy"},{"key":"ref51","year":"0","journal-title":"Security Enhancements in Android 4 3"},{"key":"ref59","year":"0","journal-title":"Android Security Analysis Challenge Tampering Dalvik Bytecode During Runtime"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.39"},{"key":"ref57","author":"bugiel","year":"2011","journal-title":"XManDroid A New Android Evolution to Mitigate Privilege Escalation Attacks"},{"key":"ref56","first-page":"328","article-title":"Apex: Extending android permission model and enforcement with user-defined runtime constraints","author":"nauman","year":"0","journal-title":"Proc ASIACCS"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2204249"},{"key":"ref54","year":"0","journal-title":"Validating Security-Enhanced Linux in Android"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920313"},{"key":"ref52","year":"0","journal-title":"Security Enhancements in Android 4 2"},{"key":"ref40","year":"0","journal-title":"Exercising Our Remote Application Removal Feature"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"},{"key":"ref3","author":"castillo","year":"2012","journal-title":"Android Malware Past Present and Future"},{"key":"ref6","year":"0","journal-title":"Google Bouncer Protecting the Google Play market"},{"key":"ref5","year":"0","journal-title":"Number of applications available on Google Play"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"ref7","year":"0","journal-title":"Android and security Official mobile google blog"},{"key":"ref49","year":"0","journal-title":"zergrush"},{"key":"ref9","year":"0"},{"key":"ref46","year":"0","journal-title":"Android Trickery"},{"key":"ref45","year":"0","journal-title":"z4Root"},{"key":"ref48","year":"0","journal-title":"Ginger"},{"key":"ref47","year":"0","journal-title":"Zimperlich Sources"},{"key":"ref42","author":"andre","year":"2013","journal-title":"Boxer SMS Trojan"},{"key":"ref41","year":"0"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.32"},{"key":"ref43","year":"0","journal-title":"Android Version History"},{"key":"ref127","year":"2012"},{"key":"ref126","year":"2012","journal-title":"Google Bouncer Bad guys may have an app for that"},{"key":"ref125","first-page":"27","article-title":"Aurasium: Practical policy enforcement for Android applications","author":"xu","year":"0","journal-title":"Proc 21st USENIX Conf Security Symp"},{"key":"ref124","year":"0","journal-title":"ded Decompiling Android Applications"},{"key":"ref73","first-page":"329","article-title":"Droidchameleon: Evaluating Android anti-malware against transformation attacks","author":"rastogi","year":"0","journal-title":"Proc 8th ACM SIGSAC Symp Inf Comput Commun Security"},{"key":"ref72","year":"0","journal-title":"Remote Access Tool Takes Aim with Android APK Binder"},{"key":"ref71","year":"0","journal-title":"Class to Dex Conversion with Dx"},{"key":"ref129","year":"0","journal-title":"Drozer—A Comprehensive Security and Attack Framework for Android"},{"key":"ref70","year":"0","journal-title":"APKTool Reverse Engineering with ApkTool"},{"key":"ref128","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.015"},{"key":"ref76","year":"0","journal-title":"DexGuard"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2014.54"},{"key":"ref130","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_5"},{"key":"ref75","year":"0","journal-title":"Proguard"},{"key":"ref133","first-page":"1","article-title":"Android Platform Invariant Sandbox for Analyzing Malware and Resource Hogger apps","author":"faruki","year":"0","journal-title":"Proc 10th IEEE Int Conf SecureComm"},{"key":"ref134","first-page":"183","article-title":"Detecting targeted smartphone malware with behavior-triggering stochastic models","author":"suarez-tangil","year":"0","journal-title":"Proc Eur Symp Res Comput Security"},{"key":"ref78","year":"0","journal-title":"Dalvik Bytecode Obfuscation on Android"},{"key":"ref131","doi-asserted-by":"publisher","DOI":"10.1109\/ISSNIP.2014.6827639"},{"key":"ref79","year":"0","journal-title":"Reverse Engineering with Androguard"},{"key":"ref132","doi-asserted-by":"publisher","DOI":"10.4018\/ijehmc.2014010104"},{"key":"ref136","article-title":"Enter sandbox: Android sandbox comparison","author":"neuner","year":"0","journal-title":"Proc IEEE MoST"},{"key":"ref135","year":"0","journal-title":"Dendroid malware can take over your camera record audio sneak into Google Play"},{"key":"ref138","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592796"},{"key":"ref137","first-page":"1","article-title":"A systematic security evaluation of android's multi-user framework","author":"ratazzi","year":"0","journal-title":"Proc IEEE MoST"},{"key":"ref60","year":"2012","journal-title":"State of Mobile Security"},{"key":"ref139","author":"lindorfer","year":"0","journal-title":"Andrubis A Tool for Analyzing Unknown Android Applications"},{"key":"ref62","first-page":"1","article-title":"The core of the matter: Analyzing malicious traffic in cellular carriers","volume":"13","author":"lever","year":"0","journal-title":"Proc NDSS"},{"key":"ref61","year":"2013","journal-title":"Current world of mobile threats"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/2566486.2568046"},{"key":"ref64","year":"0","journal-title":"Carat Collaborative Energy Diagnosis"},{"key":"ref65","year":"0"},{"key":"ref140","first-page":"1","article-title":"Andrubis—1,000,000 apps later: A view on current Android malware behaviors","author":"lindorfer","year":"0","journal-title":"Proc 3rd Int Workshop BADGERS"},{"key":"ref66","author":"shahzad","year":"0","journal-title":"A survey on recent advances in malicious applications analysis and detection techniques for smartphones"},{"key":"ref141","author":"weichselbaum","year":"2014","journal-title":"Andrubis Android Malware under the Magnifying Glass"},{"key":"ref67","year":"0","journal-title":"Spitmo vs Zitmo Banking Trojans Target Android"},{"key":"ref142","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665792"},{"key":"ref68","year":"0","journal-title":"Fakedefender B—Android Fake Antivirus"},{"key":"ref143","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381950"},{"key":"ref69","year":"0","journal-title":"avast! Free Mobile Security"},{"key":"ref2","year":"0"},{"key":"ref1","year":"2013","journal-title":"Android Smartphone Sales Report"},{"key":"ref95","year":"0","journal-title":"JAD JAD Java Decompiler"},{"key":"ref109","article-title":"TaintDroid: An information flow tracking system for realtime privacy monitoring on smartphones","author":"william","year":"0","journal-title":"Proc USENIX"},{"key":"ref94","year":"0"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592797"},{"key":"ref93","first-page":"163","article-title":"DroidAnalytics: A signature based analytic system to collect, extract, analyze and associate android malware","author":"zheng","year":"0","journal-title":"Proc 12th IEEE Int Conf TrustCom"},{"key":"ref107","article-title":"A system call-centric analysis and stimulation technique to automatically reconstruct Android malware behaviors","author":"reina","year":"0","journal-title":"Proc of EUROSEC"},{"key":"ref92","first-page":"86","article-title":"DroidAPIminer: Mining API-level features for robust malware detection in Android","volume":"127","author":"aafer","year":"0","journal-title":"Proc Securecomm"},{"key":"ref106","first-page":"447","article-title":"Evading android runtime analysis via sandbox detection","author":"vidas","year":"0","journal-title":"Proc 9th ACM ASIA CCS"},{"key":"ref91","first-page":"1","article-title":"Study, formalisation, analysis of Dalvik bytecode","author":"karlsen","year":"0","journal-title":"Proc 7th Workshop BYTECODE"},{"key":"ref105","year":"0"},{"key":"ref90","article-title":"ScanDal: Static analyzer for detecting privacy leaks in Android applications","author":"kim","year":"0","journal-title":"Proc Workshop MoST"},{"key":"ref104","year":"0","journal-title":"Android Decompiling with Dex2jar"},{"key":"ref103","first-page":"291","article-title":"Androidleaks: Automatically detecting potential privacy leaks in Android applications on a large scale","author":"gibler","year":"0","journal-title":"Proc Trust Trustworthy Comput"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1145\/2259051.2259056"},{"key":"ref111","article-title":"User-centric dependence analysis for identifying malicious mobile apps","author":"elish","year":"0","journal-title":"Proc Workshop MoST"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568301"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"ref98","year":"0"},{"key":"ref99","year":"0","journal-title":"Fortify static code analyzer"},{"key":"ref96","author":"van vliet","year":"0","journal-title":"Mocha the java decompiler"},{"key":"ref97","year":"0","journal-title":"SOOT Soot A Java optimization framework"},{"key":"ref10","year":"0"},{"key":"ref11","year":"0"},{"key":"ref12","year":"0"},{"key":"ref13","year":"0"},{"key":"ref14","year":"0","journal-title":"ESET—Trends for 2013"},{"key":"ref15","year":"0","journal-title":"Overall statistics for 2013"},{"key":"ref82","first-page":"1","article-title":"Apposcopy: Semantics-based detection of android malware","author":"feng","year":"0","journal-title":"Proc SIGSOFT FSE"},{"key":"ref118","year":"0","journal-title":"Similarities for Fun & Profit"},{"key":"ref16","year":"0","journal-title":"McAfee Labs Threats Report Third Quarter 2013"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1007\/s10844-010-0148-x"},{"key":"ref117","year":"0"},{"key":"ref17","year":"0","journal-title":"F-Secure Mobile Threat Report Q1 2013"},{"key":"ref84","author":"fuchs","year":"0","journal-title":"SCanDroid Automated security certification of Android applications Manuscript"},{"key":"ref18","year":"0","journal-title":"F-Secure Mobile Threat Report Q3 2013"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/2523514.2523539"},{"key":"ref119","first-page":"207","article-title":"Data fingerprinting with similarity hashes, advances in digital forensics","author":"roussev","year":"0","journal-title":"Proc Int Conf Digital Forensics"},{"key":"ref19","year":"0","journal-title":"F-Secure Mobile Threat Report H1 2013"},{"key":"ref114","year":"0","journal-title":"Reverse Engineering with Smali\/Baksmali"},{"key":"ref113","first-page":"29","article-title":"DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis","author":"yan","year":"0","journal-title":"Proc 21st USENIX Security Symp"},{"key":"ref80","first-page":"1","article-title":"Hey, you get off my market: Detecting malicious apps in official and third party android markets","author":"zhou","year":"0","journal-title":"Proc Annu NDSS"},{"key":"ref116","year":"0"},{"key":"ref115","year":"0","journal-title":"DARE Dalvik Retargeting"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653691"},{"key":"ref120","first-page":"1","article-title":"Building a better similarity trap with statistically improbable features","author":"roussev","year":"0","journal-title":"Proc 42nd HICSS"},{"key":"ref121","year":"2012"},{"key":"ref122","article-title":"Droidbox: An android application sandbox for dynamic analysis (2011)","author":"desnos","year":"0"},{"key":"ref123","year":"2013"},{"key":"ref85","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295141"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866317"},{"key":"ref88","first-page":"111","article-title":"Performance evaluation on permission-based detection for android malware","volume":"2","author":"huang","year":"0","journal-title":"Proc Adv Intell Syst Appl -Vol 2"}],"container-title":["IEEE Communications Surveys & Tutorials"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/7110413\/06999911.pdf?arnumber=6999911","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:30:08Z","timestamp":1642005008000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/6999911\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"references-count":143,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/comst.2014.2386139","relation":{},"ISSN":["1553-877X","2373-745X"],"issn-type":[{"value":"1553-877X","type":"electronic"},{"value":"2373-745X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}