{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T16:19:54Z","timestamp":1779293994338,"version":"3.51.4"},"reference-count":71,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"12","license":[{"start":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T00:00:00Z","timestamp":1733011200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T00:00:00Z","timestamp":1733011200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,12,1]],"date-time":"2024-12-01T00:00:00Z","timestamp":1733011200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62472309"],"award-info":[{"award-number":["62472309"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62102283"],"award-info":[{"award-number":["62102283"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006606","name":"Natural Science Foundation of Tianjin","doi-asserted-by":"publisher","award":["22JCYBJC01010"],"award-info":[{"award-number":["22JCYBJC01010"]}],"id":[{"id":"10.13039\/501100006606","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IIEEE Trans. Software Eng."],"published-print":{"date-parts":[[2024,12]]},"DOI":"10.1109\/tse.2024.3488041","type":"journal-article","created":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T17:51:04Z","timestamp":1730310664000},"page":"3385-3402","source":"Crossref","is-referenced-by-count":8,"title":["A Comprehensive Study on Static Application Security Testing (SAST) Tools for Android"],"prefix":"10.1109","volume":"50","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-5919-6552","authenticated-orcid":false,"given":"Jingyun","family":"Zhu","sequence":"first","affiliation":[{"name":"College of Intelligence and Computing, Tianjin University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3517-353X","authenticated-orcid":false,"given":"Kaixuan","family":"Li","sequence":"additional","affiliation":[{"name":"East China Normal University, Shanghai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9477-4100","authenticated-orcid":false,"given":"Sen","family":"Chen","sequence":"additional","affiliation":[{"name":"College of Intelligence and Computing, Tianjin University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2428-9297","authenticated-orcid":false,"given":"Lingling","family":"Fan","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-3847-6760","authenticated-orcid":false,"given":"Junjie","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Intelligence and Computing, Tianjin University, Tianjin, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1288-6502","authenticated-orcid":false,"given":"Xiaofei","family":"Xie","sequence":"additional","affiliation":[{"name":"Singapore Management University, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3183575"},{"key":"ref4","doi-asserted-by":"crossref","first-page":"1310","DOI":"10.1145\/3377811.3380417","article-title":"An empirical assessment of security risks of global Android banking apps","volume-title":"Proc. ACM\/IEEE 42nd Int. Conf. Softw. Eng. (ICSE)","author":"Chen","year":"2020"},{"key":"ref5","article-title":"CVE - CVE-2019\u20133568"},{"key":"ref6","article-title":"AndroBugs\/AndroBugs_framework","author":"Yucheng","year":"2015"},{"key":"ref7","article-title":"linkedin\/QARK","year":"2023"},{"key":"ref8","article-title":"SUPERA ndroidAnalyzer\/super","author":"Moraza","year":"2018"},{"key":"ref9","article-title":"SPRITZ-Research-Group\/SPECK","author":"Group","year":"2023"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3559524"},{"key":"ref11","article-title":"flankerhqd\/JAADS","year":"2023"},{"key":"ref12","article-title":"MobSF\/Mobile-Security-Framework-MobSF","year":"2023"},{"key":"ref13","article-title":"programa-stic\/Marvin-static-Analyzer","author":"J","year":"2016"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3109563"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09749-y"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3556974"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2019.00020"},{"key":"ref18","article-title":"secure-it-i \/ Android-app-vulnerability-benchmarks \u2014 bitbucket","year":"2023"},{"key":"ref19","article-title":"OWASP\/MASTG-hacking-playground","year":"2023"},{"key":"ref20","article-title":"HTBridge\/pivaa","year":"2023"},{"key":"ref21","article-title":"android-app-SAST\/VulsTotal: A unified platform for evaluating and benchmarking SAST tools for Android","year":"2023"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3114381"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2601248.2601268"},{"key":"ref24","article-title":"Guidelines for performing systematic literature reviews in software engineering","author":"Keele","year":"2007"},{"key":"ref25","article-title":"ACM Digital Library","year":"2024"},{"key":"ref26","article-title":"IEEE Xplore Digital Library","year":"2024"},{"key":"ref27","article-title":"ScienceDirect.com\u2014Science, health and medical journals, full text articles and books","year":"2024"},{"key":"ref28","article-title":"Home \u2014 SpringerLink","year":"2024"},{"key":"ref29","article-title":"dblp: computer science bibliography","year":"2024"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/2996358"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236029"},{"key":"ref32","article-title":"Open source android vulnerability detection tools: A survey","author":"Kulkarni","year":"2018"},{"key":"ref33","article-title":"Source code security analyzers","year":"2023"},{"key":"ref34","article-title":"Best mobile app security testing tools reviews 2023\u2014Gartner peer insights","year":"2023"},{"key":"ref35","article-title":"Mobile app scan\u2014Mobile app shielding for Android and iOS","author":"Group","year":"2023"},{"key":"ref36","article-title":"ImmuniWeb AI Platform Use Cases","year":"2023"},{"key":"ref37","article-title":"SAST","author":"Yehuda","year":"2023"},{"key":"ref38","article-title":"Truejasonfans\/Wechecker: Wechecker: Check the escalation attack","year":"2023"},{"key":"ref39","article-title":"srl\/droidlegacy","year":"2023"},{"key":"ref40","article-title":"noveogroup\/android-check: Static code analysis plugin for Android project. (checkstyle, pmd)","year":"2023"},{"key":"ref41","article-title":"Find security bugs","year":"2023"},{"key":"ref42","article-title":"stefan2200\/aparoid: Static and dynamic Android application security analysis","year":"2023"},{"key":"ref43","first-page":"1","article-title":"SMV-HUNTER: Large scale, automated detection of ssl\/tls man-in-the-middle vulnerabilities in Android apps","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Greenwood","year":"2014"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2948910"},{"key":"ref45","article-title":"Cyber-buddy\/apkhunt","year":"2023"},{"key":"ref46","article-title":"clviper\/droidstatx","year":"2023"},{"key":"ref47","article-title":"alterakey\/trueseeing: Non-decompiling Android vulnerability scanner (DC25 demo lab, CB17)","year":"2023"},{"key":"ref48","article-title":"Androguard\/androguard: Reverse engineering and pentesting for Android applications","year":"2023"},{"key":"ref49","article-title":"soot-oss\/soot: Soot - a Java optimization framework","year":"2023"},{"key":"ref50","article-title":"GitHub - soot-oss\/heros: IFDS\/IDE Solver for Soot and other frameworks","year":"2023"},{"key":"ref51","article-title":"GitHub - SAAF-Developers\/saaf: The Static Android Analysis Framework","year":"2023"},{"key":"ref52","article-title":"GitHub - secure-software-engineering\/FlowDroid: FlowDroid Static Data Flow Tracker","year":"2023"},{"key":"ref53","article-title":"OWASP Mobile Top 10 \u2014 OWASP Foundation","year":"2023"},{"key":"ref54","article-title":"Highly precise taint analysis for Android applications","author":"Fritz","year":"2013"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3127005.3127010"},{"key":"ref56","article-title":"High-tech bridge SA\u2014Information security solutions","year":"2023"},{"key":"ref57","article-title":"CVE","year":"2023"},{"key":"ref58","article-title":"skylot\/jadx: Dex to Java decompiler","year":"2023"},{"key":"ref59","article-title":"CVE - CVE-2021\u201343512","year":"2021"},{"key":"ref60","article-title":"apkpure.com","year":"2024"},{"key":"ref61","article-title":"Download Android app APKs free","year":"2023"},{"key":"ref62","article-title":"Android Apps on Google Play","year":"2024"},{"key":"ref63","doi-asserted-by":"crossref","first-page":"468","DOI":"10.1145\/2901739.2903508","article-title":"AndroZoo: Collecting millions of Android apps for the research community","volume-title":"Proc. 13th Int. Conf. Mining Softw. Repositories","author":"Allix","year":"2016"},{"key":"ref64","article-title":"Long tail - Wikipedia","year":"2023"},{"key":"ref65","article-title":"The real-world benchmark of Android app vulnerability from CVE","year":"2024"},{"key":"ref66","article-title":"What is undersampling? \u2014 Master\u2019s in data science","year":"2024"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3616262"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534380"},{"key":"ref69","article-title":"dabeaz\/ply: Python lex-yacc","year":"2023"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351685"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2023.3286301"}],"container-title":["IEEE Transactions on Software Engineering"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/32\/10794440\/10738442.pdf?arnumber=10738442","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T20:49:41Z","timestamp":1734036581000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10738442\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12]]},"references-count":71,"journal-issue":{"issue":"12"},"URL":"https:\/\/doi.org\/10.1109\/tse.2024.3488041","relation":{},"ISSN":["0098-5589","1939-3520","2326-3881"],"issn-type":[{"value":"0098-5589","type":"print"},{"value":"1939-3520","type":"electronic"},{"value":"2326-3881","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12]]}}}