{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:47:55Z","timestamp":1772041675079,"version":"3.50.1"},"reference-count":72,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T00:00:00Z","timestamp":1619136000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Discovery Project","award":["DP200100020"],"award-info":[{"award-number":["DP200100020"]}]},{"name":"Discovery Early Career Researcher Award","award":["DE200100016"],"award-info":[{"award-number":["DE200100016"]}]},{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"crossref","award":["FL190100035"],"award-info":[{"award-number":["FL190100035"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Luxembourg National Research Fund","award":["C17\/IS\/11693861"],"award-info":[{"award-number":["C17\/IS\/11693861"]}]},{"name":"European Union\u2019s Horizon 2020 research and innovation program","award":["830892"],"award-info":[{"award-number":["830892"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2021,7,31]]},"abstract":"<jats:p>Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls, which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are incomplete, given the measures taken by malware writers to elude static detection. We propose a new instrumentation-based approach to address this issue in a non-invasive way. Specifically, we introduce to the community a prototype tool called DroidRA, which reduces the resolution of reflective calls to a composite constant propagation problem and then leverages the COAL solver to infer the values of reflection targets. After that, it automatically instruments the app to replace reflective calls with their corresponding Java calls in a traditional paradigm. Our approach augments an app so that it can be more effectively statically analyzable, including by such static analyzers that are not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and we demonstrate that it can indeed infer the target values of reflective calls and subsequently allow state-of-the-art tools to provide more sound and complete analysis results.<\/jats:p>","DOI":"10.1145\/3440033","type":"journal-article","created":{"date-parts":[[2021,4,23]],"date-time":"2021-04-23T10:32:50Z","timestamp":1619173970000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Taming Reflection"],"prefix":"10.1145","volume":"30","author":[{"given":"Xiaoyu","family":"Sun","sequence":"first","affiliation":[{"name":"Monash University, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2990-1614","authenticated-orcid":false,"given":"Li","family":"Li","sequence":"additional","affiliation":[{"name":"Monash University, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7270-9869","authenticated-orcid":false,"given":"Tegawend\u00e9 F.","family":"Bissyand\u00e9","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[{"name":"University of Luxembourg, Luxembourg"}]},{"given":"Damien","family":"Octeau","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, USA"}]},{"given":"John","family":"Grundy","sequence":"additional","affiliation":[{"name":"Monash University, Australia"}]}],"member":"320","published-online":{"date-parts":[[2021,4,23]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Google. 2019. Android Permission Element. Retrieved from http:\/\/developer.android.com\/guide\/topics\/manifest\/permission-element.html."},{"key":"e_1_2_1_2_1","unstructured":"Google. 2009. Backward Compatibility for Android Applications. Retrieved from http:\/\/android-developers.blogspot.com\/2009\/04\/backward-compatibility-for-android.html."},{"key":"e_1_2_1_3_1","volume-title":"Steven Arzt and Siegfried Rasthofer","author":"Fritz Christian","year":"2016","unstructured":"Christian Fritz, Steven Arzt and Siegfried Rasthofer. 2016. DroidBench. Retrieved from https:\/\/github.com\/secure-software-engineering\/DroidBench\/tree\/develop."},{"key":"e_1_2_1_4_1","unstructured":"Xiaoyu Sun Li Li Tegawend\u00e9 F. Bissyand\u00e9 Damien Octeau Jacques Klein and John Grundy. 2020. Retrieved from https:\/\/github.com\/MobileSE\/DroidRA."},{"key":"e_1_2_1_5_1","unstructured":"Ciaran Gultnieks. 2020. F-Droid. Retrieved from https:\/\/f-droid.org."},{"key":"e_1_2_1_6_1","unstructured":"Google. 2020. Android Monkey. Retrieved from http:\/\/developer.android.com\/tools\/help\/monkey.html."},{"key":"e_1_2_1_7_1","unstructured":"Google. 2020. Google Play Developer Program Policies. Retrieved from https:\/\/play.google.com\/about\/developer-content-policy.html."},{"key":"e_1_2_1_8_1","unstructured":"Yu Feng. 2020. Missing Call Edges (For Spark Not CHA). Retrieved from https:\/\/www.marc.info\/?l=soot-list&m=142350513016832."},{"key":"e_1_2_1_9_1","unstructured":"Oracle. 2020. Varargs. Retrieved from http:\/\/docs.oracle.com\/javase\/7\/docs\/technotes\/guides\/language\/varargs.html."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.2976556"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_2_1_12_1","unstructured":"Axelle Apvrille and Ruchna Nigam. 2014. Obfuscation in Android malware and how to fight back. Virus Bull. (2014). Retrieved from https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2014\/07\/vb201407-Android-obfuscation."},{"key":"e_1_2_1_13_1","volume-title":"Runtime Verification","author":"Arzt Steven","unstructured":"Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2013. Instrumenting Android and Java applications as easy as abc. In Runtime Verification. Springer, 364--381."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2594291.2594299"},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the ACM conference on Computer and communications security (CCS\u201912)","author":"Yee Au Kathy Wain","year":"2012","unstructured":"Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: Analyzing the Android permission specification. In Proceedings of the ACM conference on Computer and communications security (CCS\u201912). ACM, New York, NY, 217--228. DOI:https:\/\/doi.org\/10.1145\/2382196.2382222"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.61"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering (ASE\u201915)","author":"Barros Paulo","unstructured":"Paulo Barros, Ren\u00e9 Just, Suzanne Millstein, Paul Vines, Werner Dietl, Marcelo d\u2019Armorim, and Michael D. Ernst. 2015. Static analysis of implicit control flow: Resolving Java reflection and Android intents. In Proceedings of the IEEE\/ACM International Conference on Automated Software Engineering (ASE\u201915). Lincoln, Nebraska."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2259051.2259056"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2011.6112328"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985827"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/328691.328693"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330564"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23140"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/646153.679523"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the ACM Computer and Communications Security Conference (CCS\u201914)","author":"Ernst Michael D.","unstructured":"Michael D. Ernst, Ren\u00e9 Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, and Edward X. Wu. 2014. Collaborative verification of information flow for a high-assurance app store. In Proceedings of the ACM Computer and Communications Security Conference (CCS\u201914). 1092--1104."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635869"},{"key":"e_1_2_1_27_1","volume-title":"Forman and Nate Forman","author":"Ira","year":"2004","unstructured":"Ira R. Forman and Nate Forman. 2004. Java Reflection in Action (In Action Series). Manning Publications, Greenwich, CT."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2956690"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"e_1_2_1_30_1","first-page":"110","article-title":"Informationflow analysis of android applications in droidsafe","volume":"15","author":"Gordon Michael I.","year":"2015","unstructured":"Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilham, Nguyen Nguyen, and Martin Rinard. 2015. Informationflow analysis of android applications in droidsafe. In NDSS, Vol. 15. 110.","journal-title":"NDSS"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1216374.1216379"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2957091"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568301"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2611765.2611767"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2018.2865733"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the Cetus Users and Compiler Infastructure Workshop (CETUS\u201911)","author":"Lam Patrick","year":"2011","unstructured":"Patrick Lam, Eric Bodden, Ondrej Lhot\u00e1k, and Laurie Hendren. 2011. The soot framework for Java program analysis: A retrospective. In Proceedings of the Cetus Users and Compiler Infastructure Workshop (CETUS\u201911)."},{"key":"e_1_2_1_37_1","volume-title":"Compiler Construction","author":"Lhot\u00e1k Ond\u0159ej","unstructured":"Ond\u0159ej Lhot\u00e1k and Laurie Hendren. 2003. Scaling Java points-to analysis using Spark. In Compiler Construction. Springer, 153--169."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889258"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.49"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS.2015.36"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom.2014.50"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2018.00031"},{"key":"e_1_2_1_44_1","volume-title":"Rebooting research on detecting repackaged Android apps: Literature review and benchmark","author":"Li Li","year":"2019","unstructured":"Li Li, Tegawend\u00e9 F Bissyand\u00e9, and Jacques Klein. 2019. Rebooting research on detecting repackaged Android apps: Literature review and benchmark. IEEE Trans. Softw. Eng. (2019), 1--1."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.52"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2016.35"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213857"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2656460"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44202-9_2"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48288-9_10"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3295739"},{"key":"e_1_2_1_53_1","volume-title":"2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS'14)","author":"Lindorfer Martina","unstructured":"Martina Lindorfer, Matthias Neugschw, Lukas Weichselbaum, Yanick Fratantonio, Victor Van Der Veen, and Christian Platzer. Andrubis--1,000,000 apps later: A view on current Android malware behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS'14). IEEE, 3--17."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380242"},{"key":"e_1_2_1_55_1","volume-title":"Lam","author":"Livshits Benjamin","year":"2005","unstructured":"Benjamin Livshits, John Whaley, and Monica S. Lam. 2005. Reflection analysis for Java. In Programming Languages and Systems. Springer, 139--160."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837614.2837661"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.30"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23328"},{"key":"e_1_2_1_59_1","doi-asserted-by":"crossref","unstructured":"Siegfried Rasthofer Steven Arzt Marc Miltenberger and Eric Bodden. 2016. Harvesting runtime values in Android applications that feature anti-analysis techniques. In NDSS.","DOI":"10.14722\/ndss.2016.23066"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.35"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2484313.2484355"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2689702.2689705"},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom\u201914)","author":"Schutte Julian","unstructured":"Julian Schutte, Dennis Titze, and J. M. De Fuentes. 2014. AppCaulk: Data leak prevention by injecting targeted taint tracking into android apps. In Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom\u201914). IEEE, 370--379."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26529-2_26"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.31"},{"key":"e_1_2_1_67_1","volume-title":"Proceedings of the International Conference on Software Engineering (ICSE\u201915)","author":"Yang Wei","year":"2015","unstructured":"Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, and William Enck. 2015. AppContext: Differentiating malicious and benign Mobile app behavior under contexts. In Proceedings of the International Conference on Software Engineering (ICSE\u201915)."},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2019.00029"},{"key":"e_1_2_1_69_1","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer & Communications Security. ACM, 1043--1054","author":"Yang Zhemin","unstructured":"Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X. Sean Wang. 2013. Appintent: Analyzing sensitive data transmission in android for privacy leakage detection. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security. ACM, 1043--1054."},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23255"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590312"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1002\/spe.2577"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/2699026.2699105"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3440033","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3440033","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:17Z","timestamp":1750197737000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3440033"}},"subtitle":["An Essential Step Toward Whole-program Analysis of Android Apps"],"short-title":[],"issued":{"date-parts":[[2021,4,23]]},"references-count":72,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,7,31]]}},"alternative-id":["10.1145\/3440033"],"URL":"https:\/\/doi.org\/10.1145\/3440033","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,23]]},"assertion":[{"value":"2020-04-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-04-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}