{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T14:24:39Z","timestamp":1774967079145,"version":"3.50.1"},"reference-count":180,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2017,1,13]],"date-time":"2017-01-13T00:00:00Z","timestamp":1484265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"UK EPSRC","award":["EP\/L022710\/1"],"award-info":[{"award-number":["EP\/L022710\/1"]}]},{"name":"Ministry of Science, Technology and Innovation","award":["eScienceFund 01-01-03-SF0914"],"award-info":[{"award-number":["eScienceFund 01-01-03-SF0914"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2017,12,31]]},"abstract":"With the integration of mobile devices into daily life, smartphones are privy to increasing amounts of sensitive information. Sophisticated mobile malware, particularly Android malware, acquire or utilize such data without user consent. It is therefore essential to devise effective techniques to analyze and detect these threats. This article presents a comprehensive survey on leading Android malware analysis and detection techniques, and their effectiveness against evolving malware. This article categorizes systems by methodology and date to evaluate progression and weaknesses. This article also discusses evaluations of industry solutions, malware statistics, and malware evasion techniques and concludes by supporting future research paths.<\/jats:p>","DOI":"10.1145\/3017427","type":"journal-article","created":{"date-parts":[[2017,1,17]],"date-time":"2017-01-17T13:42:08Z","timestamp":1484660528000},"page":"1-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":283,"title":["The Evolution of Android Malware and Android Analysis Techniques"],"prefix":"10.1145","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2840-5715","authenticated-orcid":false,"given":"Kimberly","family":"Tam","sequence":"first","affiliation":[{"name":"Information Security Group, Royal Holloway, University of London"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ali","family":"Feizollah","sequence":"additional","affiliation":[{"name":"Department of Computer System and Technology, University of Malaya"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nor Badrul","family":"Anuar","sequence":"additional","affiliation":[{"name":"Department of Computer System and Technology, University of Malaya"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rosli","family":"Salleh","sequence":"additional","affiliation":[{"name":"Department of Computer System and Technology, University of Malaya"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lorenzo","family":"Cavallaro","sequence":"additional","affiliation":[{"name":"Information Security Group, Royal Holloway, University of London, Egham Hill, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,1,13]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23384"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557571"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461012"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/IWCMC.2013.6583806"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2393596.2393666"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043556.2043574"},{"key":"e_1_2_1_7_1","unstructured":"Apple. 2015. iOS developer library. Retrieved from https:\/\/developer.apple.com\/library\/ios\/navigation\/. Apple. 2015. iOS developer library. Retrieved from https:\/\/developer.apple.com\/library\/ios\/navigation\/."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23247"},{"key":"e_1_2_1_9_1","volume-title":"Damien Octeau, and Patrick McDaniel.","author":"Arzt Steven","year":"2014"},{"key":"e_1_2_1_10_1","volume-title":"Zhen Huang, Phillipa Gill, and David Lie.","author":"Yee Au Kathy Wain","year":"2011"},{"key":"e_1_2_1_11_1","volume-title":"Zhen Huang, and David Lie.","author":"Yee Au Kathy Wain","year":"2012"},{"key":"e_1_2_1_12_1","unstructured":"Schmidt Aubrey-Derrick and A. Sahin. 2008. Malicious Software for Smartphones. Technical Report. Universit\u00e4t Berlin. Schmidt Aubrey-Derrick and A. Sahin. 2008. Malicious Software for Smartphones. Technical Report. Universit\u00e4t Berlin."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2509136.2509549"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664265"},{"key":"e_1_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Michael Backes Sebastian Gerling Christian Hammer Matteo Maffei and Philipp von Styp-Rekowsky. 2013. AppGuard\u2014fine-grained policy enforcement for untrusted Android applications. In Data Privacy Management (DPM). Michael Backes Sebastian Gerling Christian Hammer Matteo Maffei and Philipp von Styp-Rekowsky. 2013. AppGuard\u2014fine-grained policy enforcement for untrusted Android applications. In Data Privacy Management (DPM).","DOI":"10.1007\/978-3-642-54568-9_14"},{"key":"e_1_2_1_16_1","unstructured":"Ulrich Bayer Imam Habibi Davide Balzarotti Engin Kirda and Christopher Kruegel. 2009. A view on current malware behaviors. In USENIX Large-scale Exploits and Emergent Threats (LEET). Ulrich Bayer Imam Habibi Davide Balzarotti Engin Kirda and Christopher Kruegel. 2009. A view on current malware behaviors. In USENIX Large-scale Exploits and Emergent Threats (LEET)."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.29"},{"key":"e_1_2_1_18_1","volume-title":"Freiling","author":"Becher Michael","year":"2008"},{"key":"e_1_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Alastair R. Beresford Andrew Rice Nicholas Skehin and Ripduman Sohan. 2011. MockDroid: Trading privacy for application functionality on smartphones. In Mobile Computing Systems and Applications (HotMobile). Alastair R. Beresford Andrew Rice Nicholas Skehin and Ripduman Sohan. 2011. MockDroid: Trading privacy for application functionality on smartphones. In Mobile Computing Systems and Applications (HotMobile).","DOI":"10.1145\/2184489.2184500"},{"key":"e_1_2_1_21_1","unstructured":"BlackBerry. 2013. Architecture and data flow overview. Retrieved from https:\/\/help.blackberry.com\/en\/bes10\/10.2\/. BlackBerry. 2013. Architecture and data flow overview. Retrieved from https:\/\/help.blackberry.com\/en\/bes10\/10.2\/."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665792"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1378600.1378626"},{"key":"e_1_2_1_24_1","unstructured":"Rodrigo Branco Gabriel Barbosa and Pedro Neto. 2012. Scientific but not academical overview of malware anti-debuggin anti-disassembly and anti-VM technologies. Blackhat USA. Rodrigo Branco Gabriel Barbosa and Pedro Neto. 2012. Scientific but not academical overview of malware anti-debuggin anti-disassembly and anti-VM technologies. Blackhat USA."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2008.319"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046624"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046619"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462096.2462100"},{"key":"e_1_2_1_29_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Chen Kevin Zhijie","year":"2013"},{"key":"e_1_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Jerry Cheng Starsky H. Y. Wong Hao Yang and Songwu Lu. 2007. SmartSiren: Virus detection and alert for smartphones. In ACM Mobile Systems Applications and Services (MobiSys). Jerry Cheng Starsky H. Y. Wong Hao Yang and Songwu Lu. 2007. SmartSiren: Virus detection and alert for smartphones. In ACM Mobile Systems Applications and Services (MobiSys).","DOI":"10.1145\/1247660.1247690"},{"key":"e_1_2_1_31_1","unstructured":"Christian Collberg Clark Thomborson and Douglas Low. 1997. A taxonomy of obfuscating transformations. http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.38.9852. Christian Collberg Clark Thomborson and Douglas Low. 1997. A taxonomy of obfuscating transformations. http:\/\/citeseerx.ist.psu.edu\/viewdoc\/summary?doi=10.1.1.38.9852."},{"key":"e_1_2_1_32_1","unstructured":"Contagio. 2014. Contagio. Retrieved from http:\/\/contagiodump.blogspot.com\/. Contagio. 2014. Contagio. Retrieved from http:\/\/contagiodump.blogspot.com\/."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33167-1_3"},{"key":"e_1_2_1_34_1","unstructured":"B. Davis B. Sanders A. Khodaverdian and H. Chen. 2012. I-ARM-Droid: A rewriting framework for in-app reference monitors for Android applications. In IEEE Mobile Security Technologies (MoST). B. Davis B. Sanders A. Khodaverdian and H. Chen. 2012. I-ARM-Droid: A rewriting framework for in-app reference monitors for Android applications. In IEEE Mobile Security Technologies (MoST)."},{"key":"e_1_2_1_35_1","volume-title":"Android: From reversing to decompilation. In Black Hat Abu Dhabi.","author":"Desnosi Anthony","year":"2012"},{"key":"e_1_2_1_36_1","volume-title":"QUIRE: Lightweight provenance for smart phone operating systems. In USENIX Security (SEC).","author":"Dietz Michael","year":"2011"},{"key":"e_1_2_1_37_1","unstructured":"Daniel Eran Dilger. 2014. New Android RAT infects Google play apps. Retrieved from http:\/\/appleinsider.com\/articles\/14\/03\/07\/new-android-rat-infe cts-google-play-apps-turning-phones-into-spyware-zombies. Daniel Eran Dilger. 2014. New Android RAT infects Google play apps. Retrieved from http:\/\/appleinsider.com\/articles\/14\/03\/07\/new-android-rat-infe cts-google-play-apps-turning-phones-into-spyware-zombies."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33704-8_21"},{"key":"e_1_2_1_39_1","unstructured":"Toralv Dirro. 2011. Straight from the anti-malware labs. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-mobile-security-consumer-trends.pdf. Toralv Dirro. 2011. Straight from the anti-malware labs. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-mobile-security-consumer-trends.pdf."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852696"},{"key":"e_1_2_1_41_1","volume-title":"Stephen A. Ridley, and Georg Wicherski.","author":"Drake Joshua","year":"2014"},{"key":"e_1_2_1_42_1","unstructured":"Ken Dunham. 2009. Mobile Malware Attacks 8 Defense. Syngress. Ken Dunham. 2009. Mobile Malware Attacks 8 Defense. Syngress."},{"key":"e_1_2_1_43_1","volume-title":"Defending users against smartphone apps: Techniques and future directions","author":"Enck William"},{"key":"e_1_2_1_44_1","volume-title":"Sheth","author":"Enck William","year":"2010"},{"key":"e_1_2_1_45_1","unstructured":"William Enck Damien Octeau Patrick McDaniel and Swarat Chaudhuri. 2011. A study of Android application security. In USENIX Security (SEC). William Enck Damien Octeau Patrick McDaniel and Swarat Chaudhuri. 2011. A study of Android application security. In USENIX Security (SEC)."},{"key":"e_1_2_1_46_1","volume-title":"Android accounted for 79% of all mobile malware","year":"2012"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2014.2386139"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2516760.2516765"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046779"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381943"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046614.2046618"},{"key":"e_1_2_1_52_1","volume-title":"Apposcopy: Semantics-based detection of Android malware. In ACM Foundations of Software Engineering (FSE).","author":"Feng Yu","year":"2014"},{"key":"e_1_2_1_53_1","volume-title":"OSADL Real-Time Linux Workshop (RTLWS).","author":"Frenzel Torsten","year":"2010"},{"key":"e_1_2_1_54_1","volume-title":"Proc. Network and Distributed Systems Security Symposium. 191--206","author":"Garfinkel Tal"},{"key":"e_1_2_1_55_1","unstructured":"Gartner. 2015. Devices by operating system and user type. Retrieved from http:\/\/www.gartner.com\/newsroom\/id\/3010017. Gartner. 2015. Devices by operating system and user type. Retrieved from http:\/\/www.gartner.com\/newsroom\/id\/3010017."},{"key":"e_1_2_1_56_1","unstructured":"Andrea Gianazza Federico Maggi Aristide Fattori Lorenzo Cavallaro and Stefano Zanero. 2014. PuppetDroid: A user-centric UI exerciser for automatic dynamic analysis of similar Android applications. ACM CoRR. abs\/1402.4826. http:\/\/arxiv.org\/abs\/1402.4826. Andrea Gianazza Federico Maggi Aristide Fattori Lorenzo Cavallaro and Stefano Zanero. 2014. PuppetDroid: A user-centric UI exerciser for automatic dynamic analysis of similar Android applications. ACM CoRR. abs\/1402.4826. http:\/\/arxiv.org\/abs\/1402.4826."},{"key":"e_1_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Clint Gibler Jonathan Crussell Jeremy Erickson and Hao Chen. 2012. AndroidLeaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Trust and Trustworthy Computing (TRUST). Clint Gibler Jonathan Crussell Jeremy Erickson and Hao Chen. 2012. AndroidLeaks: Automatically detecting potential privacy leaks in android applications on a large scale. In Trust and Trustworthy Computing (TRUST).","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2013.6606553"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_2_1_60_1","unstructured":"Alexander Gostev and Denis Maslennikov. 2009. Mobile malware evolution: An overview. Retrieved from http:\/\/www.viruslist.com\/en\/analysis?pubid=204792080. Alexander Gostev and Denis Maslennikov. 2009. Mobile malware evolution: An overview. Retrieved from http:\/\/www.viruslist.com\/en\/analysis?pubid=204792080."},{"key":"e_1_2_1_61_1","doi-asserted-by":"crossref","unstructured":"Michael Grace Yajin Zhou Qiang Zhang Shihong Zou and Xuxian Jiang. 2012. RiskRanker: Scalable and accurate zero-day android malware detection. In ACM Mobile Systems Applications and Services (MobiSys). Michael Grace Yajin Zhou Qiang Zhang Shihong Zou and Xuxian Jiang. 2012. RiskRanker: Scalable and accurate zero-day android malware detection. In ACM Mobile Systems Applications and Services (MobiSys).","DOI":"10.1145\/2307636.2307663"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_4"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/1435458.1435461"},{"key":"e_1_2_1_64_1","unstructured":"Dharmdasani Hitesh. 2014. Android.HeHe: Malware disconnects phone calls. Retrieved from http:\/\/www.fireeye.com\/blog\/technical\/2014\/01\/Android-shehe-malware-now-disconnects-phone-calls.html. Dharmdasani Hitesh. 2014. Android.HeHe: Malware disconnects phone calls. Retrieved from http:\/\/www.fireeye.com\/blog\/technical\/2014\/01\/Android-shehe-malware-now-disconnects-phone-calls.html."},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2480362.2480706"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568301"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771803"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/ccnc08.2007.64"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICTC.2013.6675404"},{"key":"e_1_2_1_70_1","unstructured":"InformationWeek. 2014. Cybercrime black markets grow up. Retrieved from http:\/\/www.informationweek.com\/cybercrime-black-markets-grow-up\/d\/d-id\/1127911. InformationWeek. 2014. Cybercrime black markets grow up. Retrieved from http:\/\/www.informationweek.com\/cybercrime-black-markets-grow-up\/d\/d-id\/1127911."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2004.1378409"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1002\/9780470377888"},{"key":"e_1_2_1_73_1","unstructured":"Xuxian Jiang. 2012. An evaluation of the application (\u201capp\u201d) verification service in Android 4.2. Retrieved from http:\/\/www.cs.ncsu.edu\/faculty\/jiang\/appverify\/. Xuxian Jiang. 2012. An evaluation of the application (\u201capp\u201d) verification service in Android 4.2. Retrieved from http:\/\/www.cs.ncsu.edu\/faculty\/jiang\/appverify\/."},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/GREE.2013.24"},{"key":"e_1_2_1_75_1","doi-asserted-by":"crossref","unstructured":"Yiming Jing Gail-Joon Ahn Ziming Zhao and Hongxin Hu. 2014. RiskMon: Continuous and automated risk assessment of mobile applications. In ACM Data and Application Security and Privacy (CODASPY). Yiming Jing Gail-Joon Ahn Ziming Zhao and Hongxin Hu. 2014. RiskMon: Continuous and automated risk assessment of mobile applications. In ACM Data and Application Security and Privacy (CODASPY).","DOI":"10.1145\/2557547.2557549"},{"key":"e_1_2_1_76_1","volume-title":"Networks 3rd annual mobile threats report","year":"2012"},{"key":"e_1_2_1_77_1","volume-title":"Network and distributed system security symposium, (NDSS)","author":"Kang Min"},{"key":"e_1_2_1_78_1","volume-title":"Morpheus: Benchmarking computational diversity in mobile malware. In Hardware 8 Architectural Support for Security 8 Privacy (HASP).","author":"Kazdagli Mikhail","year":"2014"},{"key":"e_1_2_1_79_1","volume-title":"Shin","author":"Kim Hahnsang","year":"2008"},{"key":"e_1_2_1_80_1","volume-title":"ScanDal: Static analyzer for detecting privacy leaks in Android applications","author":"Kim Jinyung"},{"key":"e_1_2_1_81_1","unstructured":"Mudge Kingpin. 2001. Security analysis of the palm operating system and its weaknesses against malicious code threats. In USENIX Security. Mudge Kingpin. 2001. Security analysis of the palm operating system and its weaknesses against malicious code threats. In USENIX Security."},{"key":"e_1_2_1_82_1","unstructured":"Tero Kuittenin. 2013. Google play app revenue rockets to more than half of iOS. Retrieved from http:\/\/bgr.com\/2013\/09\/20\/google-play-app-revenue-ios-august\/. Tero Kuittenin. 2013. Google play app revenue rockets to more than half of iOS. Retrieved from http:\/\/bgr.com\/2013\/09\/20\/google-play-app-revenue-ios-august\/."},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660331"},{"key":"e_1_2_1_84_1","doi-asserted-by":"crossref","unstructured":"M. La Polla F. Martinelli and D. Sgandurra. 2013. A survey on security for mobile devices. IEEE Communications Surveys Tutorials (COMST). M. La Polla F. Martinelli and D. Sgandurra. 2013. A survey on security for mobile devices. IEEE Communications Surveys Tutorials (COMST).","DOI":"10.1109\/SURV.2012.013012.00028"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2014.36"},{"key":"e_1_2_1_86_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Lever Charles","year":"2013"},{"key":"e_1_2_1_87_1","unstructured":"Juanru Li Wenbo Yang Junliang Shu Yuanyuan Zhang and Dawu Gu. 2014. InDroid: An automated online analysis framework for Android applications. In Crisis Intervention Team (CIT). Juanru Li Wenbo Yang Junliang Shu Yuanyuan Zhang and Dawu Gu. 2014. InDroid: An automated online analysis framework for Android applications. In Crisis Intervention Team (CIT)."},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"e_1_2_1_89_1","unstructured":"Tung Liam. 2014. Modded firmware may harbour worlds first Android bootkit. Retrieved from http:\/\/www.zdnet.com\/modded-firmware-may-harbour-worlds-first-android-bootkit-7000025665\/. Tung Liam. 2014. Modded firmware may harbour worlds first Android bootkit. Retrieved from http:\/\/www.zdnet.com\/modded-firmware-may-harbour-worlds-first-android-bootkit-7000025665\/."},{"key":"e_1_2_1_90_1","doi-asserted-by":"crossref","unstructured":"Martina Lindorfer Matthias Neugschwandtner Lukas Weichselbaum Yanick Fratantonio Victor van der Veen and Christian Platzer. 2014. ANDRUBIS-1 000 000 apps later: A view on current Android malware behaviors. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). Martina Lindorfer Matthias Neugschwandtner Lukas Weichselbaum Yanick Fratantonio Victor van der Veen and Christian Platzer. 2014. ANDRUBIS-1 000 000 apps later: A view on current Android malware behaviors. In Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS).","DOI":"10.1109\/BADGERS.2014.7"},{"key":"e_1_2_1_91_1","unstructured":"Lookout. 2010. Security alert: Geinimi sophisticated new Android trojan found in wild. Retrieved from https:\/\/blog.lookout.com\/blog\/2010\/12\/29\/geinimi_trojan\/. Lookout. 2010. Security alert: Geinimi sophisticated new Android trojan found in wild. Retrieved from https:\/\/blog.lookout.com\/blog\/2010\/12\/29\/geinimi_trojan\/."},{"key":"e_1_2_1_92_1","volume-title":"Dynodroid: An input generation system for Android apps. In ACM Foundations of Software Engineering (FSE).","author":"Machiry Aravind","year":"2013"},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/2516760.2516768"},{"key":"e_1_2_1_94_1","doi-asserted-by":"crossref","unstructured":"Riyadh Mahmood Nariman Mirzaei and Sam Malek. 2014. EvoDroid: Segmented evolutionary testing of android apps. In Foundations of Software Engineering (FSE). Riyadh Mahmood Nariman Mirzaei and Sam Malek. 2014. EvoDroid: Segmented evolutionary testing of android apps. In Foundations of Software Engineering (FSE).","DOI":"10.1145\/2635868.2635896"},{"key":"e_1_2_1_95_1","volume-title":"Divide-and-conquer: Why Android malware cannot be stopped. In Availability, Reliability and Security (ARES).","author":"Maier Dominik","year":"2014"},{"key":"e_1_2_1_96_1","doi-asserted-by":"crossref","unstructured":"Davide Maiorca Davide Ariu Igino Corona Marco Aresu and Giorgio Giacinto. 2015. Stealth attacks: An extended insight into the obfuscation effects on Android malware. In Computers 8 Security (JCS). Davide Maiorca Davide Ariu Igino Corona Marco Aresu and Giorgio Giacinto. 2015. Stealth attacks: An extended insight into the obfuscation effects on Android malware. In Computers 8 Security (JCS).","DOI":"10.1016\/j.cose.2015.02.007"},{"key":"e_1_2_1_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420958"},{"key":"e_1_2_1_98_1","unstructured":"McAfee. 2013. Threats report. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-quarterly-threat-q1-2013.pdf. McAfee. 2013. Threats report. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-quarterly-threat-q1-2013.pdf."},{"key":"e_1_2_1_99_1","unstructured":"McAfee. 2014. Mobile security report. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-mobile-security-consumer-trends.pdf. McAfee. 2014. Mobile security report. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-mobile-security-consumer-trends.pdf."},{"key":"e_1_2_1_100_1","unstructured":"McAfee. 2015. Labs threats report. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-quarterly-threat-q1-2015.pdf. McAfee. 2015. Labs threats report. Retrieved from http:\/\/www.mcafee.com\/uk\/resources\/reports\/rp-quarterly-threat-q1-2015.pdf."},{"key":"e_1_2_1_101_1","unstructured":"Joseph Menn. 2011. Smartphone shipments surpass PCs. Retrieved from http:\/\/www.ft.com\/cms\/s\/2\/d96e3bd8-33ca-11e0-b1ed-00144feabdc0.html. Joseph Menn. 2011. Smartphone shipments surpass PCs. Retrieved from http:\/\/www.ft.com\/cms\/s\/2\/d96e3bd8-33ca-11e0-b1ed-00144feabdc0.html."},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2006.192"},{"key":"e_1_2_1_103_1","volume-title":"Christof Stoermann, Siemens Ag, and Chris Cooke Vodafone.","author":"Moreau Yves","year":"1996"},{"key":"e_1_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"e_1_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590335"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1109\/PERCOMW.2005.86"},{"key":"e_1_2_1_107_1","unstructured":"Damien Octeau Patrick McDaniel Somesh Jha Alexandre Bartel Eric Bodden Jacques Klein and Yves Le Traon. 2013. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In USENIX Security (SEC). Damien Octeau Patrick McDaniel Somesh Jha Alexandre Bartel Eric Bodden Jacques Klein and Yves Le Traon. 2013. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In USENIX Security (SEC)."},{"key":"e_1_2_1_108_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.39"},{"key":"e_1_2_1_109_1","volume-title":"WHYPER: Towards automating risk assessment of mobile applications. In USENIX Security (SEC).","author":"Pandita Rahul","year":"2013"},{"key":"e_1_2_1_110_1","unstructured":"Bogdan Petrovan. 2015. Google is now manually reviewing apps. Retrieved from http:\/\/www.androidauthority.com\/google-now-manually-reviewing-apps-submitted-to-play-store-594879\/. Bogdan Petrovan. 2015. Google is now manually reviewing apps. Retrieved from http:\/\/www.androidauthority.com\/google-now-manually-reviewing-apps-submitted-to-play-store-594879\/."},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592796"},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23328"},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.013012.00028"},{"key":"e_1_2_1_114_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23039"},{"key":"e_1_2_1_115_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23066"},{"key":"e_1_2_1_116_1","doi-asserted-by":"crossref","volume-title":"DroidChameleon: Evaluating Android anti-malware against transformation attacks","author":"Rastogi Vaibhav","DOI":"10.1145\/2484313.2484355"},{"key":"e_1_2_1_117_1","unstructured":"Lenin Ravindranath Jitendra Padhye Sharad Agarwal Ratul Mahajan Ian Obermiller and Shahin Shayandeh. 2012. AppInsight: Mobile app performance monitoring in the wild. In Operating Systems Design and Implementation (OSDI). Lenin Ravindranath Jitendra Padhye Sharad Agarwal Ratul Mahajan Ian Obermiller and Shahin Shayandeh. 2012. AppInsight: Mobile app performance monitoring in the wild. In Operating Systems Design and Implementation (OSDI)."},{"key":"e_1_2_1_118_1","unstructured":"The Register. 2013. Earn 8 000 a month with bogus apps from Russian malware factories. Retrieved from http:\/\/www.theregister.co.uk\/2013\/08\/05\/mobile_malware_lookout\/. The Register. 2013. Earn 8 000 a month with bogus apps from Russian malware factories. Retrieved from http:\/\/www.theregister.co.uk\/2013\/08\/05\/mobile_malware_lookout\/."},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435380"},{"key":"e_1_2_1_120_1","unstructured":"Ethan Rudd Andras Rozsa Manuel Gunther and Terrance Boult. 2016. A survey of stealth malware: Attacks mitigation measures and steps toward autonomous open world solutions. CoRR. abs\/1603.06028. http:\/\/arxiv.org\/abs\/1603.06028. Ethan Rudd Andras Rozsa Manuel Gunther and Terrance Boult. 2016. A survey of stealth malware: Attacks mitigation measures and steps toward autonomous open world solutions. CoRR. abs\/1603.06028. http:\/\/arxiv.org\/abs\/1603.06028."},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1109\/49.622919"},{"key":"e_1_2_1_122_1","volume-title":"ACM Workshop on Rapid Malcode (WORM).","author":"Sandeep Sarat Andreas Terzis","year":"2007"},{"key":"e_1_2_1_123_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-23204-1_13"},{"key":"e_1_2_1_124_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295141"},{"key":"e_1_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2009.5199486"},{"key":"e_1_2_1_126_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403024"},{"key":"e_1_2_1_127_1","volume-title":"Mobile malware evolution","year":"2013"},{"key":"e_1_2_1_128_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17758-3_17"},{"key":"e_1_2_1_129_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10844-010-0148-x"},{"key":"e_1_2_1_130_1","unstructured":"SlideME. 2013. SlideME Android apps market: Download free 8 paid Android application. Retrieved from http:\/\/slideme.org\/. SlideME. 2013. SlideME Android apps market: Download free 8 paid Android application. Retrieved from http:\/\/slideme.org\/."},{"key":"e_1_2_1_131_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD.2013.71"},{"key":"e_1_2_1_132_1","unstructured":"Sophos. 2012. Angry birds malware\u2014Firm fined 50 000 for profiting from fake Android apps. Retrieved from http:\/\/nakedsecurity.sophos.com\/2012\/05\/24\/angry-birds-malware-fine\/. Sophos. 2012. Angry birds malware\u2014Firm fined 50 000 for profiting from fake Android apps. Retrieved from http:\/\/nakedsecurity.sophos.com\/2012\/05\/24\/angry-birds-malware-fine\/."},{"key":"e_1_2_1_133_1","unstructured":"Sophos. 2014. Feejar-B. Retrieved from http:\/\/www.sophos.com\/en-us\/threat-center\/threat-analyses\/viruses-and-spyware\/Andr Feejar-B.aspx. Sophos. 2014. Feejar-B. Retrieved from http:\/\/www.sophos.com\/en-us\/threat-center\/threat-analyses\/viruses-and-spyware\/Andr Feejar-B.aspx."},{"key":"e_1_2_1_134_1","doi-asserted-by":"publisher","DOI":"10.1145\/2480362.2480701"},{"key":"e_1_2_1_135_1","unstructured":"Tim Strazzere. 2014. The new NotCompatible. Retrieved from https:\/\/blog.lookout.com\/blog\/2014\/11\/19\/notcompatible\/. Tim Strazzere. 2014. The new NotCompatible. Retrieved from https:\/\/blog.lookout.com\/blog\/2014\/11\/19\/notcompatible\/."},{"key":"e_1_2_1_136_1","unstructured":"G. Suarez J. E. Tapiador P. Peris-Lopez and A. Ribagorda. 2014. Evolution detection and analysis of malware for smart devices. IEEE Communications Surveys Tutorials (COMST). G. Suarez J. E. Tapiador P. Peris-Lopez and A. Ribagorda. 2014. Evolution detection and analysis of malware for smart devices. IEEE Communications Surveys Tutorials (COMST)."},{"key":"e_1_2_1_137_1","volume-title":"Thing","author":"Tan Darell J. J.","year":"2015"},{"key":"e_1_2_1_138_1","unstructured":"Symantec. 2013. Mobile adware and malware analysis. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/madware_and_malware_analysis.pdf. Symantec. 2013. Mobile adware and malware analysis. Retrieved from http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/madware_and_malware_analysis.pdf."},{"key":"e_1_2_1_139_1","unstructured":"Symantec. 2014. The future of mobile malware. Retrieved from http:\/\/www.symantec.com\/connect\/blogs\/future-mobile-malware. Symantec. 2014. The future of mobile malware. Retrieved from http:\/\/www.symantec.com\/connect\/blogs\/future-mobile-malware."},{"key":"e_1_2_1_140_1","volume-title":"Engineering Secure Software and Systems (ESSoS) Doctoral Symposium.","author":"Tam Kimberly","year":"2015"},{"key":"e_1_2_1_141_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Tam Kimberly","year":"2015"},{"key":"e_1_2_1_142_1","unstructured":"Techcrunch. 2013. Android accounted for 79 alone says f-secure. Retrieved from http:\/\/techcrunch.com\/2013\/03\/07\/f-secure-android-accounted-for-79-of-all-mobile-malware-in-2012-96-in-q4-alone\/. Techcrunch. 2013. Android accounted for 79 alone says f-secure. Retrieved from http:\/\/techcrunch.com\/2013\/03\/07\/f-secure-android-accounted-for-79-of-all-mobile-malware-in-2012-96-in-q4-alone\/."},{"key":"e_1_2_1_143_1","article-title":"Malware detection by applying knowledge discovery processes to application metadata on the Android market (Google play)","author":"Teufl Peter","year":"2014","journal-title":"Journal Security and Communication Networks (SCN)."},{"key":"e_1_2_1_144_1","doi-asserted-by":"crossref","unstructured":"Hien Thi Thu Truong Eemil Lagerspetz Petteri Nurmi Adam J. Oliner Sasu Tarkoma N. Asokan and Sourav Bhattacharya. 2013. The company you keep: Mobile malware infection rates and inexpensive risk indicators. ACM Computing Research Repository (CoRR). Hien Thi Thu Truong Eemil Lagerspetz Petteri Nurmi Adam J. Oliner Sasu Tarkoma N. Asokan and Sourav Bhattacharya. 2013. The company you keep: Mobile malware infection rates and inexpensive risk indicators. ACM Computing Research Repository (CoRR).","DOI":"10.1145\/2566486.2568046"},{"key":"e_1_2_1_145_1","unstructured":"Roman Unuchek. 2013. The most sophisticated Android trojan. Retrieved from http:\/\/www.securelist.com\/en\/blog\/8106\/The_most_sophisticated_Android_Trojan. Roman Unuchek. 2013. The most sophisticated Android trojan. Retrieved from http:\/\/www.securelist.com\/en\/blog\/8106\/The_most_sophisticated_Android_Trojan."},{"key":"e_1_2_1_146_1","volume-title":"\u201cInternet of Things","author":"Vance Ashlee","year":"2013"},{"key":"e_1_2_1_147_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103799.2103813"},{"key":"e_1_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435378"},{"key":"e_1_2_1_149_1","volume-title":"ACM Conference on Data and Application Security and Privacy (CODASPY).","author":"Vidas Timothy","year":"2014"},{"key":"e_1_2_1_150_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666620.2666630"},{"key":"e_1_2_1_151_1","volume-title":"USENIX Conference on Offensive Technologies (WOOT).","author":"Vidas Timothy","year":"2011"},{"key":"e_1_2_1_152_1","unstructured":"Marko Vitas. 2013. ART vs Dalvik. Retrieved from http:\/\/www.infinum.co\/the-capsized-eight\/articles\/art-vs-dalvik-introducing-the-new-android-runtime-in-kit-kat. (2013). Marko Vitas. 2013. ART vs Dalvik. Retrieved from http:\/\/www.infinum.co\/the-capsized-eight\/articles\/art-vs-dalvik-introducing-the-new-android-runtime-in-kit-kat. (2013)."},{"key":"e_1_2_1_153_1","unstructured":"Fengguo Wei Sankardas Roy Xinming Ou and Robby. 2014. AmAndroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. Computer 8 Communications Security (CCS). Fengguo Wei Sankardas Roy Xinming Ou and Robby. 2014. AmAndroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps. Computer 8 Communications Security (CCS)."},{"key":"e_1_2_1_154_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420956"},{"key":"e_1_2_1_155_1","unstructured":"Xuetao Wei Lorenzo Gomez Iulian Neamtiu and Michalis Faloutsos. 2012b. ProfileDroid: Multi-layer profiling of android applications. In ACM Mobile Computing and Networking (MobiCom). Xuetao Wei Lorenzo Gomez Iulian Neamtiu and Michalis Faloutsos. 2012b. ProfileDroid: Multi-layer profiling of android applications. In ACM Mobile Computing and Networking (MobiCom)."},{"key":"e_1_2_1_156_1","volume-title":"Andrubis: A tool for analyzing unknown android applications.","author":"Weichselbaum Lukas","year":"2012"},{"key":"e_1_2_1_157_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32298-3_1"},{"key":"e_1_2_1_158_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Wong Michelle","year":"2016"},{"key":"e_1_2_1_159_1","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"e_1_2_1_160_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Xiang Cui","year":"2014"},{"key":"e_1_2_1_161_1","doi-asserted-by":"publisher","DOI":"10.1145\/2963145"},{"key":"e_1_2_1_162_1","volume-title":"Aurasium: Practical policy enforcement for Android applications. In USENIX Security (SEC).","author":"Xu Rubin","year":"2012"},{"key":"e_1_2_1_163_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Yajin Zhou Xuxian Jiang","year":"2013"},{"key":"e_1_2_1_164_1","unstructured":"Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In USENIX Security (SEC). Lok Kwong Yan and Heng Yin. 2012. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In USENIX Security (SEC)."},{"key":"e_1_2_1_165_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.50"},{"key":"e_1_2_1_166_1","doi-asserted-by":"crossref","unstructured":"Zhemin Yang Min Yang Yuan Zhang Guofei Gu Peng Ning and X. Sean Wang. 2013. AppIntent: Analyzing sensitive data transmission in Android for privacy leakage detection. In ACM Computer and Communications Security (CCS). Zhemin Yang Min Yang Yuan Zhang Guofei Gu Peng Ning and X. Sean Wang. 2013. AppIntent: Analyzing sensitive data transmission in Android for privacy leakage detection. In ACM Computer and Communications Security (CCS).","DOI":"10.1145\/2508859.2516676"},{"key":"e_1_2_1_167_1","doi-asserted-by":"crossref","unstructured":"Suleiman Y. Yerima Sakir Sezer and Gavin McWilliams. 2014. Analysis of Bayesian classification-based approaches for Android malware detection. IET Information Security (IETIS). Suleiman Y. Yerima Sakir Sezer and Gavin McWilliams. 2014. Analysis of Bayesian classification-based approaches for Android malware detection. IET Information Security (IETIS).","DOI":"10.1049\/iet-ifs.2013.0095"},{"key":"e_1_2_1_168_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714604"},{"key":"e_1_2_1_169_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"e_1_2_1_170_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"},{"key":"e_1_2_1_171_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Zhang Mu","year":"2013"},{"key":"e_1_2_1_172_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516689"},{"key":"e_1_2_1_173_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381950"},{"key":"e_1_2_1_174_1","volume-title":"Lui","author":"Zheng Min","year":"2013"},{"key":"e_1_2_1_175_1","volume-title":"Lui","author":"Zheng Min","year":"2013"},{"key":"e_1_2_1_176_1","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557558"},{"key":"e_1_2_1_177_1","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435377"},{"key":"e_1_2_1_178_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133640"},{"key":"e_1_2_1_179_1","unstructured":"Yajin Zhou and Xuxian Jiang. 2012a. Android malware genome project. Retrieved from http:\/\/www.malgenomeproject.org\/. Yajin Zhou and Xuxian Jiang. 2012a. Android malware genome project. Retrieved from http:\/\/www.malgenomeproject.org\/."},{"key":"e_1_2_1_180_1","volume-title":"Dissecting Android malware: Characterization and evolution","author":"Zhou Yajin"},{"key":"e_1_2_1_181_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Zhou Yajin","year":"2012"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3017427","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3017427","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:05:23Z","timestamp":1750273523000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3017427"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,1,13]]},"references-count":180,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,12,31]]}},"alternative-id":["10.1145\/3017427"],"URL":"https:\/\/doi.org\/10.1145\/3017427","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,1,13]]},"assertion":[{"value":"2015-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-01-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}