{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,21]],"date-time":"2025-11-21T17:59:49Z","timestamp":1763747989171,"version":"3.37.3"},"reference-count":68,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"12","license":[{"start":{"date-parts":[[2020,12,1]],"date-time":"2020-12-01T00:00:00Z","timestamp":1606780800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,12,1]],"date-time":"2020-12-01T00:00:00Z","timestamp":1606780800000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2020,12,1]],"date-time":"2020-12-01T00:00:00Z","timestamp":1606780800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2020,12,1]],"date-time":"2020-12-01T00:00:00Z","timestamp":1606780800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1850278","CNS-1815144","CNS-1856380","CNS-1505664","CNS-1814679"],"award-info":[{"award-number":["CNS-1850278","CNS-1815144","CNS-1856380","CNS-1505664","CNS-1814679"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100008899","name":"University of South Carolina","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100008899","id-type":"DOI","asserted-by":"publisher"}]},{"name":"ARO","award":["W911NF-13-1-0421","W911NF-15-1-0576"],"award-info":[{"award-number":["W911NF-13-1-0421","W911NF-15-1-0576"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1536106","61100226"],"award-info":[{"award-number":["U1536106","61100226"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012492","name":"Youth Innovation Promotion Association","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100012492","id-type":"DOI","asserted-by":"publisher"}]},{"name":"strategic priority research program of CAS","award":["XDA06010701"],"award-info":[{"award-number":["XDA06010701"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61572481"],"award-info":[{"award-number":["61572481"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Program on Key Basic Research","award":["2015CB358800"],"award-info":[{"award-number":["2015CB358800"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1636204"],"award-info":[{"award-number":["U1636204"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. on Mobile Comput."],"published-print":{"date-parts":[[2020,12,1]]},"DOI":"10.1109\/tmc.2019.2936561","type":"journal-article","created":{"date-parts":[[2019,8,22]],"date-time":"2019-08-22T19:38:24Z","timestamp":1566502704000},"page":"2946-2964","source":"Crossref","is-referenced-by-count":12,"title":["Tainting-Assisted and Context-Migrated Symbolic Execution of Android Framework for Vulnerability Discovery and Exploit Generation"],"prefix":"10.1109","volume":"19","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2476-7831","authenticated-orcid":false,"given":"Lannan","family":"Luo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiang","family":"Zeng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chen","family":"Cao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5624-2987","authenticated-orcid":false,"given":"Kai","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7557-8347","authenticated-orcid":false,"given":"Jian","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5091-8464","authenticated-orcid":false,"given":"Limin","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Neng","family":"Gao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9714-5545","authenticated-orcid":false,"given":"Min","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36577-X_40"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884856"},{"year":"0","key":"ref33"},{"year":"0","key":"ref32"},{"year":"0","key":"ref31"},{"year":"0","key":"ref30","article-title":"App manifest"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2483760.2483777"},{"year":"0","key":"ref36","article-title":"Smartphone OS market share, 2016"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2017.16"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813606"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022920129859"},{"key":"ref62","first-page":"29","article-title":"DroidScope: Seamlessly reconstructing OS and Dalvik semantic views for dynamic Android malware analysis","author":"yan","year":"2012","journal-title":"Proc 21st USENIX Conf Security Symp"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978342"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23236"},{"key":"ref28","first-page":"151","article-title":"Automated whitebox fuzz testing","author":"godefroid","year":"2008","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516676"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"year":"0","key":"ref29","article-title":"Android interfaces and architecture"},{"key":"ref67","first-page":"50","article-title":"Hey, you, get off of my market: Detecting malicious apps in official and alternative android markets","volume":"25","author":"zhou","year":"2012","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052609"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393666"},{"year":"0","key":"ref20","article-title":"CVE-2016&#x2013;3759"},{"key":"ref22","first-page":"463","article-title":"FIE on firmware: Finding vulnerabilities in embedded systems using symbolic execution","author":"davidson","year":"2013","journal-title":"Proc 22nd USENIX Conf Security"},{"key":"ref21","first-page":"346","article-title":"Privilege escalation attacks on android","author":"davi","year":"2010","journal-title":"Proc Int Conf Inf Commun Security"},{"key":"ref24","first-page":"393","article-title":"TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones","author":"enck","year":"2010","journal-title":"Proc 9th USENIX Conf Operating Syst Des Implementation"},{"article-title":"Binder","year":"0","author":"documentation","key":"ref23"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653691"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-013-0122-2"},{"key":"ref51","first-page":"49","article-title":"Under-constrained symbolic execution: Correctness checking for real code","author":"ramos","year":"2015","journal-title":"Proc 24th USENIX Conf Security Symp"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1145\/2830719.2830727"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978343"},{"year":"0","key":"ref57"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23046"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/2632362.2632363"},{"key":"ref54","first-page":"945","article-title":"Towards discovering and understanding task hijacking in Android","author":"ren","year":"2015","journal-title":"Proc 24th USENIX Conf Security Symp"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.35"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818033"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23140"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568286"},{"key":"ref13","first-page":"659","article-title":"Finding unknown malice in 10 seconds: Mass vetting for new threats at the Google-play scale","author":"chen","year":"2015","journal-title":"Proc 24th USENIX Conf Security Symp"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294274"},{"year":"0","key":"ref17","article-title":"CVE-2015&#x2013;6628"},{"year":"0","key":"ref18","article-title":"CVE-2016&#x2013;2496"},{"year":"0","key":"ref19","article-title":"CVE-2016&#x2013;3750"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382222"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2322867"},{"key":"ref5","first-page":"1101","article-title":"On demystifying the android application framework: Re-visiting android permission specification analysis","author":"backes","year":"2016","journal-title":"Proc 25th Usenix Security Symp"},{"key":"ref8","first-page":"209","article-title":"KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs","author":"cadar","year":"2008","journal-title":"Proc 8th USENIX Conf Operating Syst Des Implementation"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.17"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390635"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2015.7381839"},{"article-title":"Google has 2 billion users on Android, 500M on Google photos","year":"0","author":"matney","key":"ref45"},{"key":"ref48","first-page":"543","article-title":"Effective inter-component communication mapping in Android: An essential step towards holistic security analysis","author":"octeau","year":"2013","journal-title":"Proc 22nd USENIX Conf Security"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/2382756.2382798"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"ref41","first-page":"280","article-title":"IccTA: detecting inter-component privacy leaks in Android apps","author":"li","year":"2015","journal-title":"Proceedings of the International Conference on Software Engineering ICSE'94"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081361"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635900"}],"container-title":["IEEE Transactions on Mobile Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/7755\/9247624\/8807272-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7755\/9247624\/08807272.pdf?arnumber=8807272","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T16:36:59Z","timestamp":1651077419000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8807272\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,1]]},"references-count":68,"journal-issue":{"issue":"12"},"URL":"https:\/\/doi.org\/10.1109\/tmc.2019.2936561","relation":{},"ISSN":["1536-1233","1558-0660","2161-9875"],"issn-type":[{"type":"print","value":"1536-1233"},{"type":"electronic","value":"1558-0660"},{"type":"electronic","value":"2161-9875"}],"subject":[],"published":{"date-parts":[[2020,12,1]]}}}