{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T21:37:26Z","timestamp":1780090646512,"version":"3.54.0"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,6,25]],"date-time":"2012-06-25T00:00:00Z","timestamp":1340582400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,6,25]]},"DOI":"10.1145\/2307636.2307663","type":"proceedings-article","created":{"date-parts":[[2012,6,27]],"date-time":"2012-06-27T13:31:21Z","timestamp":1340803881000},"page":"281-294","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":437,"title":["RiskRanker"],"prefix":"10.1145","author":[{"given":"Michael","family":"Grace","sequence":"first","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA &amp; NQ Mobile Security Research Center, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Qiang","family":"Zhang","sequence":"additional","affiliation":[{"name":"NQ Mobile Security Research Center, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shihong","family":"Zou","sequence":"additional","affiliation":[{"name":"NQ Mobile Security Research Center, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[{"name":"North Carolina State University, Raleigh, NC, USA &amp; NQ Mobile Security Research Center, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2012,6,25]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"260 000 Android users infected with malware. http:\/\/www.infosecurity-magazine.com\/view\/16526\/260000-android-users-infected-with-malware\/.  260 000 Android users infected with malware. http:\/\/www.infosecurity-magazine.com\/view\/16526\/260000-android-users-infected-with-malware\/."},{"key":"e_1_3_2_1_2_1","unstructured":"adb trickery#2. http:\/\/c-skills.blogspot.com\/2011\/01\/adb-trickery-again.html.  adb trickery#2. http:\/\/c-skills.blogspot.com\/2011\/01\/adb-trickery-again.html."},{"key":"e_1_3_2_1_3_1","unstructured":"Adobe AIR 3. http:\/\/www.adobe.com\/products\/air.html.  Adobe AIR 3. http:\/\/www.adobe.com\/products\/air.html."},{"key":"e_1_3_2_1_4_1","unstructured":"AdTouch. http:\/\/www.adtouchnetwork.com\/adtouch\/sdk\/SDK.html.  AdTouch. http:\/\/www.adtouchnetwork.com\/adtouch\/sdk\/SDK.html."},{"key":"e_1_3_2_1_5_1","unstructured":"An Analysis of the AnserverBot Trojan. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/pubs\/AnserverBot_Analysis.pdf.  An Analysis of the AnserverBot Trojan. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/pubs\/AnserverBot_Analysis.pdf."},{"key":"e_1_3_2_1_6_1","unstructured":"Android and Security. http:\/\/googlemobile.blogspot.com\/2012\/02\/android-and-security.html.  Android and Security. http:\/\/googlemobile.blogspot.com\/2012\/02\/android-and-security.html."},{"key":"e_1_3_2_1_7_1","unstructured":"Android Market Statistic. http:\/\/www.androlib.com\/appstats.aspx.  Android Market Statistic. http:\/\/www.androlib.com\/appstats.aspx."},{"key":"e_1_3_2_1_8_1","unstructured":"android trickery. http:\/\/c-skills.blogspot.com\/2010\/07\/android-trickery.html.  android trickery. http:\/\/c-skills.blogspot.com\/2010\/07\/android-trickery.html."},{"key":"e_1_3_2_1_9_1","unstructured":"Asroot. http:\/\/milw0rm.com\/sploits\/android-root-20090816.tar.gz.  Asroot. http:\/\/milw0rm.com\/sploits\/android-root-20090816.tar.gz."},{"key":"e_1_3_2_1_10_1","unstructured":"Contagio mobile malware mini dump. http:\/\/contagiominidump.blogspot.com\/.  Contagio mobile malware mini dump. http:\/\/contagiominidump.blogspot.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"DexClassLoader. http:\/\/developer.android.com\/reference\/dalvik\/system\/DexClassLoader.html.  DexClassLoader. http:\/\/developer.android.com\/reference\/dalvik\/system\/DexClassLoader.html."},{"key":"e_1_3_2_1_12_1","unstructured":"Droid2. http:\/\/c-skills.blogspot.com\/2010\/08\/droid2.html.  Droid2. http:\/\/c-skills.blogspot.com\/2010\/08\/droid2.html."},{"key":"e_1_3_2_1_13_1","unstructured":"Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent. http:\/\/www.gartner.com\/it\/page.jsp?id=1848514.  Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent. http:\/\/www.gartner.com\/it\/page.jsp?id=1848514."},{"key":"e_1_3_2_1_14_1","unstructured":"GingerMaster: First Android Malware Utilizing a Root Exploit on Android 2.3 (Gingerbread). http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/GingerMaster\/.  GingerMaster: First Android Malware Utilizing a Root Exploit on Android 2.3 (Gingerbread). http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/GingerMaster\/."},{"key":"e_1_3_2_1_15_1","unstructured":"iBuildApp. http:\/\/ibuildapp.com\/.  iBuildApp. http:\/\/ibuildapp.com\/."},{"key":"e_1_3_2_1_16_1","unstructured":"LeNa (Legacy Native) Teardown_Lookout Mobile Security. http:\/\/blog.mylookout.com\/wp-content\/uploads\/2011\/10\/LeNa-Legacy-Native-Teardown_Lookout-Mobile-Security1.pdf.  LeNa (Legacy Native) Teardown_Lookout Mobile Security. http:\/\/blog.mylookout.com\/wp-content\/uploads\/2011\/10\/LeNa-Legacy-Native-Teardown_Lookout-Mobile-Security1.pdf."},{"key":"e_1_3_2_1_17_1","unstructured":"Manifest.permission_group definitions. http:\/\/developer.android.com\/reference\/android\/Manifest.permission_group.html.  Manifest.permission_group definitions. http:\/\/developer.android.com\/reference\/android\/Manifest.permission_group.html."},{"key":"e_1_3_2_1_18_1","unstructured":"New DroidKungFu Variant - DroidKungFuSapp - Emerges! http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFuSapp\/.  New DroidKungFu Variant - DroidKungFuSapp - Emerges! http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFuSapp\/."},{"key":"e_1_3_2_1_19_1","unstructured":"ProGuard. http:\/\/developer.android.com\/guide\/developing\/tools\/proguard.html.  ProGuard. http:\/\/developer.android.com\/guide\/developing\/tools\/proguard.html."},{"key":"e_1_3_2_1_20_1","unstructured":"Revolutionary - zergRush local root 2.2\/2.3. http:\/\/forum.xda-developers.com\/showthread.php?t=1296916.  Revolutionary - zergRush local root 2.2\/2.3. http:\/\/forum.xda-developers.com\/showthread.php?t=1296916."},{"key":"e_1_3_2_1_21_1","unstructured":"Security Alert: AnserverBot New Sophisticated Android Bot Found in Alternative Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/AnserverBot\/.  Security Alert: AnserverBot New Sophisticated Android Bot Found in Alternative Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/AnserverBot\/."},{"key":"e_1_3_2_1_22_1","unstructured":"Security Alert: Geinimi Sophisticated New Android Trojan Found in Wild. http:\/\/blog.mylookout.com\/2010\/12\/geinimi_trojan\/.  Security Alert: Geinimi Sophisticated New Android Trojan Found in Wild. http:\/\/blog.mylookout.com\/2010\/12\/geinimi_trojan\/."},{"key":"e_1_3_2_1_23_1","unstructured":"Security Alert: New Android Malware - DroidCoupon - Found in Alternative Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidCoupon\/.  Security Alert: New Android Malware - DroidCoupon - Found in Alternative Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidCoupon\/."},{"key":"e_1_3_2_1_24_1","unstructured":"Security Alert: New DroidKungFu Variant - AGAIN! - Found in Alternative Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFu3\/.  Security Alert: New DroidKungFu Variant - AGAIN! - Found in Alternative Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFu3\/."},{"key":"e_1_3_2_1_25_1","unstructured":"Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFu2\/.  Security Alert: New DroidKungFu Variants Found in Alternative Chinese Android Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFu2\/."},{"key":"e_1_3_2_1_26_1","unstructured":"Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFu.html.  Security Alert: New Sophisticated Android Malware DroidKungFu Found in Alternative Chinese App Markets. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/DroidKungFu.html."},{"key":"e_1_3_2_1_27_1","unstructured":"Security Alert: New Stealthy Android Spyware - Plankton - Found in Official Android Market. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/Plankton\/.  Security Alert: New Stealthy Android Spyware - Plankton - Found in Official Android Market. http:\/\/www.csc.ncsu.edu\/faculty\/jiang\/Plankton\/."},{"key":"e_1_3_2_1_28_1","unstructured":"Smartphone shipments tripled since '08. Dumb phones are flat. http:\/\/tech.fortune.cnn.com\/2011\/11\/01\/smartphone-shipments-tripled-since-08-dumb-phones-are-flat\/.  Smartphone shipments tripled since '08. Dumb phones are flat. http:\/\/tech.fortune.cnn.com\/2011\/11\/01\/smartphone-shipments-tripled-since-08-dumb-phones-are-flat\/."},{"key":"e_1_3_2_1_29_1","unstructured":"yummy yummy GingerBreak! http:\/\/c-skills.blogspot.com\/2011\/04\/yummy-yummy-gingerbreak.html.  yummy yummy GingerBreak! http:\/\/c-skills.blogspot.com\/2011\/04\/yummy-yummy-gingerbreak.html."},{"key":"e_1_3_2_1_30_1","unstructured":"Zimperlich sources. http:\/\/c-skills.blogspot.com\/2011\/02\/zimperlich-sources.html.  Zimperlich sources. http:\/\/c-skills.blogspot.com\/2011\/02\/zimperlich-sources.html."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043574"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2184489.2184500"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12.","author":"Bugiel S.","unstructured":"Bugiel , S. , Davi , L. , Dmitrienko , A. , Fischer , T. , Sadeghi , A.-R. , and Shastry , B . Towards Taming Privilege-Escalation Attacks on Android . In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12. Bugiel, S., Davi, L., Dmitrienko, A., Fischer, T., Sadeghi, A.-R., and Shastry, B. Towards Taming Privilege-Escalation Attacks on Android. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_3_2_1_35_1","volume-title":"Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12.","author":"Davi L.","unstructured":"Davi , L. , Dmitrienko , A. , Egele , M. , Fischer , T. , Holz , T. , Hund , R. , Nurnberger , S. , and Sadeghi , A . -R. MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones . In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12. Davi, L., Dmitrienko, A., Egele, M., Fischer, T., Holz, T., Hund, R., Nurnberger, S., and Sadeghi, A.-R. MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12."},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the 20th USENIX Security Symposium","author":"Dietz M.","year":"2011","unstructured":"Dietz , M. , Shekhar , S. , Pisetsky , Y. , Shu , A. , and Wallach , D. S . QUIRE: Lightweight Provenance for Smart Phone Operating Systems . In Proceedings of the 20th USENIX Security Symposium ( 2011 ), USENIX Security '11. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. QUIRE: Lightweight Provenance for Smart Phone Operating Systems. In Proceedings of the 20th USENIX Security Symposium (2011), USENIX Security '11."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 18th Annual Symposium on Network and Distributed System Security (2011), NDSS '11.","author":"Egele M.","unstructured":"Egele , M. , Kruegel , C. , Kirda , E. , and Vigna , G . PiOS: Detecting Privacy Leaks in iOS Applications . In Proceedings of the 18th Annual Symposium on Network and Distributed System Security (2011), NDSS '11. Egele, M., Kruegel, C., Kirda, E., and Vigna, G. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the 18th Annual Symposium on Network and Distributed System Security (2011), NDSS '11."},{"key":"e_1_3_2_1_38_1","volume-title":"Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation","author":"Enck W.","year":"2010","unstructured":"Enck , W. , Gilbert , P. , Chun , B.-G. , Cox , L. P. , Jung , J. , McDaniel , P. , and Sheth , A. N . TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones . In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation ( 2010 ), USENIX OSDI '10. Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (2010), USENIX OSDI '10."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028088"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653691"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 20th USENIX Security Symposium","author":"Felt A. P.","year":"2011","unstructured":"Felt , A. P. , Wang , H. J. , Moshchuk , A. , Hanna , S. , and Chin , E . Permission Re-Delegation: Attacks and Defenses . In Proceedings of the 20th USENIX Security Symposium ( 2011 ), USENIX Security '11. Felt, A. P., Wang, H. J., Moshchuk, A., Hanna, S., and Chin, E. Permission Re-Delegation: Attacks and Defenses. In Proceedings of the 20th USENIX Security Symposium (2011), USENIX Security '11."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2185448.2185464"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12.","author":"Grace M.","unstructured":"Grace , M. , Zhou , Y. , Wang , Z. , and Jiang , X . Systematic Detection of Capability Leaks in Stock Android Smartphones . In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12. Grace, M., Zhou, Y., Wang, Z., and Jiang, X. Systematic Detection of Capability Leaks in Stock Android Smartphones. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12."},{"key":"e_1_3_2_1_45_1","volume":"22","author":"Hardy N.","year":"1998","unstructured":"Hardy , N. The Confused Deputy : (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review 22 ( October 1998 ). Hardy, N. The Confused Deputy: (or why capabilities might have been invented). ACM SIGOPS Operating Systems Review 22 (October 1998).","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046780"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046623"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755732"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.39"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046618"},{"key":"e_1_3_2_1_51_1","volume-title":"Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12.","author":"Schrittwieser S.","unstructured":"Schrittwieser , S. , Fruhwirt , P. , Kieseberg , P. , Leithner , M. , Mulazzani , M. , Huber , M. , and Weippl , E . Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications . In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12. Schrittwieser, S., Fruhwirt, P., Kieseberg, P., Leithner, M., Mulazzani, M., Huber, M., and Weippl, E. Guess Who's Texting You? Evaluating the Security of Smartphone Messaging Applications. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015489"},{"key":"e_1_3_2_1_53_1","volume-title":"Proceedings of the 14th European Symposium on Research in Computer Security (September 2009), ESORICS '09.","author":"Wang Z.","unstructured":"Wang , Z. , Jiang , X. , Cui , W. , Wang , X. , and Grace , M . ReFormat: Automatic Reverse Engineering of Encrypted Messages . In Proceedings of the 14th European Symposium on Research in Computer Security (September 2009), ESORICS '09. Wang, Z., Jiang, X., Cui, W., Wang, X., and Grace, M. ReFormat: Automatic Reverse Engineering of Encrypted Messages. In Proceedings of the 14th European Symposium on Research in Computer Security (September 2009), ESORICS '09."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.16"},{"key":"e_1_3_2_1_56_1","volume-title":"Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12.","author":"Zhou Y.","unstructured":"Zhou , Y. , Wang , Z. , Zhou , W. , and Jiang , X . Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets . In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12. Zhou, Y., Wang, Z., Zhou, W., and Jiang, X. Hey, You, Get off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security (2012), NDSS '12."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.5555\/2022245.2022255"}],"event":{"name":"MobiSys'12: The 10th International Conference on Mobile Systems, Applications, and Services","location":"Low Wood Bay Lake District UK","acronym":"MobiSys'12","sponsor":["SIGMOBILE ACM Special Interest Group on Mobility of Systems, Users, Data and Computing","SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 10th international conference on Mobile systems, applications, and services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2307636.2307663","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2307636.2307663","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:48:51Z","timestamp":1750236531000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2307636.2307663"}},"subtitle":["scalable and accurate zero-day android malware detection"],"short-title":[],"issued":{"date-parts":[[2012,6,25]]},"references-count":57,"alternative-id":["10.1145\/2307636.2307663","10.1145\/2307636"],"URL":"https:\/\/doi.org\/10.1145\/2307636.2307663","relation":{},"subject":[],"published":{"date-parts":[[2012,6,25]]},"assertion":[{"value":"2012-06-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}