{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T07:57:35Z","timestamp":1780473455693,"version":"3.54.1"},"reference-count":117,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"1","license":[{"start":{"date-parts":[[2021,3,1]],"date-time":"2021-03-01T00:00:00Z","timestamp":1614556800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"Luxembourg National Research Fund","award":["PRIDE15\/10621687\/SPsquared"],"award-info":[{"award-number":["PRIDE15\/10621687\/SPsquared"]}]},{"name":"Luxembourg National Research Fund","award":["C17\/IS\/1169386"],"award-info":[{"award-number":["C17\/IS\/1169386"]}]},{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"publisher","award":["DE200100016"],"award-info":[{"award-number":["DE200100016"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"publisher","award":["DP200100020"],"award-info":[{"award-number":["DP200100020"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Oceania Cyber Security Centre"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Rel."],"published-print":{"date-parts":[[2021,3]]},"DOI":"10.1109\/tr.2019.2956690","type":"journal-article","created":{"date-parts":[[2019,12,19]],"date-time":"2019-12-19T20:43:50Z","timestamp":1576788230000},"page":"212-230","source":"Crossref","is-referenced-by-count":43,"title":["Understanding the Evolution of Android App Vulnerabilities"],"prefix":"10.1109","volume":"70","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3864-5926","authenticated-orcid":false,"given":"Jun","family":"Gao","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2990-1614","authenticated-orcid":false,"given":"Li","family":"Li","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4479-0775","authenticated-orcid":false,"given":"Pingfan","family":"Kong","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7270-9869","authenticated-orcid":false,"given":"Tegawende F.","family":"Bissyande","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4052-475X","authenticated-orcid":false,"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26096-9_13"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45741-3_27"},{"key":"ref33","article-title":"Androbugs framework: An android application security vulnerability scanner","author":"lin","year":"0","journal-title":"Proc BlackHat Eur"},{"key":"ref32","year":"2017"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.21236\/ADA619331"},{"key":"ref30","first-page":"426","article-title":"Mining apps for abnormal usage of sensitive data","author":"avdiienko","year":"2015","journal-title":"Proceedings of the International Conference on Software Engineering ICSE'94"},{"key":"ref37","first-page":"1067","article-title":"Analysis of security vulnerabilities for mobile health applications","author":"cifuentes","year":"0","journal-title":"Proc 7th Int Conf Mobile Comput Netw"},{"key":"ref36","article-title":"A view to a kill: Webview exploitation","author":"neugschwandtner","year":"0","journal-title":"Proc USENIX Workshop Large-Scale Exploits Emergent Threats"},{"key":"ref35","article-title":"Hall of fame","year":"2017"},{"key":"ref34","year":"2017"},{"key":"ref28","year":"2017"},{"key":"ref27","first-page":"468","article-title":"AndroZoo: Collecting Millions of Android Apps for the Research Community","author":"allix","year":"2016","journal-title":"2016 IEEE\/ACM 13th Conference on Mining Software Repositories (MSR)"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2015.32"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884863"},{"key":"ref22","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/978-3-319-24177-7_15","article-title":"Dexhunter: Toward extracting hidden code from packed Android applications","author":"zhang","year":"2015","journal-title":"Computer Security—ESORICS 2015"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.40"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.64"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978422"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985828"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052990"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227096"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2016.35"},{"key":"ref50","article-title":"Mobile top 10 2014-m2: Insecure data storage","year":"2017"},{"key":"ref51","first-page":"808","article-title":"Improving the security of Android inter-component communication","author":"cozzette","year":"0","journal-title":"Proc IFIP\/IEEE Int Symp Integr Netw Manage"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"ref57","article-title":"App id.","year":"2017"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/MOBILESoft.2017.37"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-4154-9_34"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653691"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1147\/JRD.2013.2284403"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076781"},{"key":"ref4","article-title":"All your droid are belong to us: A survey of current Android attacks","author":"vidas","year":"0","journal-title":"Proc 5th USENIX Conf Offensive Technol"},{"key":"ref3","article-title":"Permission re-delegation: Attacks and defenses","volume":"30","author":"felt","year":"0","journal-title":"Proc Usenix Secur Symp"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382223"},{"key":"ref5","first-page":"19","article-title":"Systematic detection of capability leaks in stock Android smartphones","volume":"14","author":"grace","year":"0","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714583"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-5906-5_324"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.41"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/2622630"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644896"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_12"},{"key":"ref42","article-title":"Intent spoofing on Android","author":"cozzette","year":"2017"},{"key":"ref41","article-title":"Android collapses into fragments","author":"hay","year":"2013","journal-title":"IBM Security Systems"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.27"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/MOBILESoft.2017.2"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.31"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1109\/HPCSim.2014.6903792"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.23"},{"key":"ref70","first-page":"1","article-title":"The unfortunate reality of insecure libraries","author":"williams","year":"2012"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"ref77","first-page":"21","article-title":"A study of Android application security","volume":"2","author":"enck","year":"0","journal-title":"Proc Usenix Secur Symp"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213873"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/3136560.3136595"},{"key":"ref78","article-title":"Your apps could be leaking private info","author":"lemos","year":"2017"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.52"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2018.00031"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2386139"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1145\/3017427"},{"key":"ref63","first-page":"58:1","article-title":"Securing Android: A survey, taxonomy, and challenges","volume":"47","author":"tan","year":"2015","journal-title":"ACM Comput Surveys"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2630689"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2615307"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2663716.2663755"},{"key":"ref67","article-title":"Stagefright: Scary code in the heart of android","author":"drake","year":"0","journal-title":"Proc BlackHat USA"},{"key":"ref68","article-title":"Millions of Android devices vulnerable to new stagefright exploit","author":"burgess","year":"2017"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2322867"},{"key":"ref69","first-page":"289","article-title":"Malton: Towards on-device non-invasive mobile malware analysis for art","author":"xue","year":"0","journal-title":"Proc 26th USENIX Conf Secur Symp"},{"key":"ref1","author":"smith","year":"2017","journal-title":"75 Amazing Android Statistics and Facts"},{"key":"ref109","doi-asserted-by":"publisher","DOI":"10.1145\/2808117.2808118"},{"key":"ref95","first-page":"18","article-title":"Finding security vulnerabilities in java applications with static analysis","volume":"14","author":"livshits","year":"0","journal-title":"Proc Usenix Secur Symp"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.60"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2015.611"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2016.34"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2000.821514"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818033"},{"key":"ref92","article-title":"Software vulnerability analysis","author":"krsul","year":"1998"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978342"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2015.238"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813606"},{"key":"ref90","first-page":"461","article-title":"On the effectiveness of dynamic taint analysis for protecting against private information leaks on Android-based devices","author":"sarwar","year":"0","journal-title":"Proc Int Conf Secur Cryptography"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1007\/s00165-017-0445-z"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23255"},{"key":"ref111","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2003.1201192"},{"key":"ref112","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985815"},{"key":"ref110","doi-asserted-by":"publisher","DOI":"10.1145\/3127005.3127010"},{"key":"ref98","first-page":"36","article-title":"Detection of javascript vulnerability at client agent","volume":"1","author":"jain","year":"2012","journal-title":"Int J Sci Technol Res"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070521"},{"key":"ref96","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.39"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134089"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"ref11","article-title":"Detecting passive content leaks and pollution in Android applications","author":"xuxian","year":"0","journal-title":"Proc 20th Netw Distrib Syst Secur Symp"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23205"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"ref14","first-page":"280","article-title":"IccTA: detecting inter-component privacy leaks in Android apps","author":"li","year":"2015","journal-title":"Proceedings of the International Conference on Software Engineering ICSE'94"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.30"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2015.25"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_8"},{"key":"ref117","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2013.18"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2013.134"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381948"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2017.57"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2963145"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1145\/2808769.2808780"},{"key":"ref114","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-76440-3_1"},{"key":"ref113","doi-asserted-by":"crossref","first-page":"1060","DOI":"10.1109\/PROC.1980.11805","article-title":"Programs, life cycles, and laws of software evolution","volume":"68","author":"lehman","year":"0","journal-title":"Proc IEEE"},{"key":"ref116","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2869227"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1988.10478639"},{"key":"ref115","first-page":"131","article-title":"Evolution in open source software: A case study","author":"tu","year":"0","journal-title":"Proc IEEE Int Conf Softw Maintenance"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435379"},{"key":"ref85","article-title":"Igexin advertising network put user privacy at risk","author":"bauser","year":"2017"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-13257-0_20"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-05149-9_9"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771800"}],"container-title":["IEEE Transactions on Reliability"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/24\/9367048\/08936901.pdf?arnumber=8936901","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:05:18Z","timestamp":1642003518000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8936901\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3]]},"references-count":117,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.1109\/tr.2019.2956690","relation":{},"ISSN":["0018-9529","1558-1721"],"issn-type":[{"value":"0018-9529","type":"print"},{"value":"1558-1721","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3]]}}}