{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,8]],"date-time":"2026-07-08T23:43:00Z","timestamp":1783554180906,"version":"3.55.0"},"reference-count":79,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2023,5,27]],"date-time":"2023-05-27T00:00:00Z","timestamp":1685145600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["1948244, 1736209, 2007718, 1846467, and 2221843"],"award-info":[{"award-number":["1948244, 1736209, 2007718, 1846467, and 2221843"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2023,10,31]]},"abstract":"<jats:p>Mobile apps are widely used and often process users\u2019 sensitive data. Many taint analysis tools have been applied to analyze sensitive information flows and report data leaks in apps. These tools require a list of sources (where sensitive data is accessed) as input, and researchers have constructed such lists within the Android platform by identifying Android API methods that allow access to sensitive data. However, app developers may also define methods or use third-party library\u2019s methods for accessing data. It is difficult to collect such source methods, because they are unique to the apps, and there are a large number of third-party libraries available on the market that evolve over time. To address this problem, we propose DAISY, a Dynamic-Analysis-Induced Source discoverY approach for identifying methods that return sensitive information from apps and third-party libraries. Trained on an automatically labeled dataset of methods and their calling context, DAISY identifies sensitive methods in unseen apps. We evaluated DAISY on real-world apps, and the results show that DAISY can achieve an overall precision of 77.9% when reporting the most confident results. Most of the identified sources and leaks cannot be detected by existing technologies.<\/jats:p>","DOI":"10.1145\/3569936","type":"journal-article","created":{"date-parts":[[2022,10,29]],"date-time":"2022-10-29T11:06:32Z","timestamp":1667041592000},"page":"1-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["DAISY: Dynamic-Analysis-Induced Source Discovery for Sensitive Data"],"prefix":"10.1145","volume":"32","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3156-906X","authenticated-orcid":false,"given":"Xueling","family":"Zhang","sequence":"first","affiliation":[{"name":"Rochester Institute of Technology, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4038-4278","authenticated-orcid":false,"given":"John","family":"Heaps","sequence":"additional","affiliation":[{"name":"The University of Texas at San Antonio, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1283-2595","authenticated-orcid":false,"given":"Rocky","family":"Slavin","sequence":"additional","affiliation":[{"name":"The University of Texas at San Antonio, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5667-3285","authenticated-orcid":false,"given":"Jianwei","family":"Niu","sequence":"additional","affiliation":[{"name":"The University of Texas at San Antonio, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7127-8155","authenticated-orcid":false,"given":"Travis","family":"Breaux","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9079-5534","authenticated-orcid":false,"given":"Xiaoyin","family":"Wang","sequence":"additional","affiliation":[{"name":"The University of Texas at San Antonio, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,5,27]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"2018. GDPR definition of personal data. Retrieved from https:\/\/gdpr-info.eu\/art-4-gdpr\/."},{"key":"e_1_3_2_3_2","unstructured":"2018. GDPR online identifiers for profiling and identification. Retrieved from https:\/\/gdpr-info.eu\/recitals\/no-30\/."},{"key":"e_1_3_2_4_2","unstructured":"Consumer Data Protection Act. 2021. The Virginia Consumer Data Protection Act (CDPA). Retrieved from https:\/\/lis.virginia.gov\/cgi-bin\/legp604.exe?211+sum+SB1392."},{"key":"e_1_3_2_5_2","unstructured":"The California Consumer Privacy Act. 2018. The California Consumer Privacy Act of 2018 (CCPA). Retrieved from https:\/\/oag.ca.gov\/privacy\/ccpa."},{"key":"e_1_3_2_6_2","first-page":"8887","article-title":"Unstructured data collection from APK files for malware detection","volume":"975","author":"Agrawal Prerna","year":"2020","unstructured":"Prerna Agrawal and Bhushan Trivedi. 2020. Unstructured data collection from APK files for malware detection. Int. J. Comput. Applic. 975 (2020), 8887.","journal-title":"Int. J. Comput. Applic."},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290353"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3098243.3098247"},{"key":"e_1_3_2_9_2","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2594291.2594299","volume-title":"Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation","author":"Arzt Steven","year":"2014","unstructured":"Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation. 259\u2013269."},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_11_2","first-page":"426","volume-title":"Proceedings of the IEEE\/ACM 37th IEEE International Conference on Software Engineering","volume":"1","author":"Avdiienko Vitalii","year":"2015","unstructured":"Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining apps for abnormal usage of sensitive data. In Proceedings of the IEEE\/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. IEEE, 426\u2013436."},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00051"},{"key":"e_1_3_2_13_2","first-page":"71","volume-title":"Proceedings of the ACM Asia Conference on Computer and Communications Security","author":"Bosu Amiangshu","year":"2017","unstructured":"Amiangshu Bosu, Fang Liu, Danfeng Yao, and Gang Wang. 2017. Collusive data leak and more: Large-scale threat analysis of inter-app communications. In Proceedings of the ACM Asia Conference on Computer and Communications Security. 71\u201385."},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10922-005-4443-8"},{"key":"e_1_3_2_15_2","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1109\/QRS.2015.37","volume-title":"Proceedings of the IEEE International Conference on Software Quality, Reliability and Security","author":"Chuang Hsin-Yu","year":"2015","unstructured":"Hsin-Yu Chuang and Sheng-De Wang. 2015. Machine learning based hybrid behavior models for Android malware analysis. In Proceedings of the IEEE International Conference on Software Quality, Reliability and Security. IEEE, 201\u2013206."},{"key":"e_1_3_2_16_2","unstructured":"Federal Trade Commission. 1998. Children\u2019s Online Privacy Protection Act of 1998 (COPPA). Retrieved from https:\/\/www.ftc.gov\/enforcement\/rules\/rulemaking-regulatory-reform-proceedings\/childrens-online-privacy-protection-rule."},{"key":"e_1_3_2_17_2","unstructured":"Anthony Desnos. 2015. Androguard. Retrieved from https:\/\/github.com\/androguard\/androguard."},{"key":"e_1_3_2_18_2","unstructured":"Android Developers. 2012. Ui\/application exerciser Monkey. Retrieved from https:\/\/developer.android.com\/studio\/test\/monkey.html."},{"key":"e_1_3_2_19_2","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin Jacob","year":"2018","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2018. BERT: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018).","journal-title":"arXiv preprint arXiv:1810.04805"},{"key":"e_1_3_2_20_2","first-page":"73","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer & Communications Security","author":"Egele Manuel","year":"2013","unstructured":"Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in Android applications. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security. 73\u201384."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_3_2_22_2","first-page":"62","volume-title":"Proceedings of the Symposium on Security and Privacy.","author":"Feng Henry Hanping","year":"2003","unstructured":"Henry Hanping Feng, Oleg M. Kolesnikov, Prahlad Fogla, Wenke Lee, and Weibo Gong. 2003. Anomaly detection using call stack information. In Proceedings of the Symposium on Security and Privacy. IEEE, 62\u201375."},{"key":"e_1_3_2_23_2","first-page":"61","volume-title":"Proceedings of the 24th International Conference on Engineering of Complex Computer Systems (ICECCS)","author":"Feng Ruitao","year":"2019","unstructured":"Ruitao Feng, Sen Chen, Xiaofei Xie, Lei Ma, Guozhu Meng, Yang Liu, and Shang-Wei Lin. 2019. MobiDroid: A performance-sensitive malware detection system on mobile platform. In Proceedings of the 24th International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE, 61\u201370."},{"key":"e_1_3_2_24_2","unstructured":"Centers for Medicare & Medicaid Services. 1996. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Retrieved from https:\/\/www.hhs.gov\/hipaa\/for-professionals\/privacy\/laws-regulations\/combined-regulation-text\/index.html."},{"key":"e_1_3_2_25_2","first-page":"377","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP)","author":"Fratantonio Yanick","year":"2016","unstructured":"Yanick Fratantonio, Antonio Bianchi, William Robertson, Engin Kirda, Christopher Kruegel, and Giovanni Vigna. 2016. Triggerscope: Towards detecting logic bombs in Android applications. In Proceedings of the IEEE Symposium on Security and Privacy (SP). IEEE, 377\u2013396."},{"key":"e_1_3_2_26_2","article-title":"SCanDroid: Automated security certification of Android applications","author":"Fuchs Adam P.","year":"2009","unstructured":"Adam P. Fuchs, Avik Chaudhuri, and Jeffrey S. Foster. 2009. SCanDroid: Automated security certification of Android applications. Manuscript. University of Maryland. Retrieved from http:\/\/www.cs.umd.edu\/avik\/projects\/scandroidascaa.","journal-title":"Manuscript. University of Maryland"},{"key":"e_1_3_2_27_2","first-page":"147","volume-title":"Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering","author":"Gabel Mark","year":"2010","unstructured":"Mark Gabel and Zhendong Su. 2010. A study of the uniqueness of source code. In Proceedings of the 18th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 147\u2013156."},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409745"},{"key":"e_1_3_2_29_2","first-page":"71","volume-title":"Proceedings of the IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C)","author":"Ge Xiuting","year":"2019","unstructured":"Xiuting Ge, Ya Pan, Yong Fan, and Chunrong Fang. 2019. AMDroid: Android malware detection using function call graphs. In Proceedings of the IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 71\u201377."},{"key":"e_1_3_2_30_2","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1007\/978-3-642-30921-2_17","volume-title":"Proceedings of the International Conference on Trust and Trustworthy Computing","author":"Gibler Clint","year":"2012","unstructured":"Clint Gibler, Jonathan Crussell, Jeremy Erickson, and Hao Chen. 2012. AndroidLeaks: Automatically detecting potential privacy leaks in Android applications on a large scale. In Proceedings of the International Conference on Trust and Trustworthy Computing. Springer, 291\u2013307."},{"key":"e_1_3_2_31_2","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Gordon Michael I.","year":"2015","unstructured":"Michael I. Gordon, Deokhwan Kim, Jeff H. Perkins, Limei Gilham, Nguyen Nguyen, and Martin C. Rinard. 2015. Information flow analysis of Android applications in DroidSafe. In Proceedings of the Network and Distributed System Security Symposium."},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.03.014"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/3322431.3326329"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/2902362"},{"key":"e_1_3_2_35_2","first-page":"104","volume-title":"Proceedings of the IEEE\/WIC\/ACM International Conference on Web Intelligence Workshops (WIW)","author":"Hou Shifu","year":"2016","unstructured":"Shifu Hou, Aaron Saas, Lifei Chen, and Yanfang Ye. 2016. Deep4MalDroid: A deep learning framework for Android malware detection based on Linux kernel system call graphs. In Proceedings of the IEEE\/WIC\/ACM International Conference on Web Intelligence Workshops (WIW). IEEE, 104\u2013111."},{"key":"e_1_3_2_36_2","first-page":"977","volume-title":"Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915)","author":"Huang Jianjun","year":"2015","unstructured":"Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. 2015. SUPOR: Precise and scalable sensitive user input detection for Android apps. In Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915). 977\u2013992."},{"key":"e_1_3_2_37_2","article-title":"Bag of tricks for efficient text classification","author":"Joulin Armand","year":"2016","unstructured":"Armand Joulin, Edouard Grave, Piotr Bojanowski, and Tomas Mikolov. 2016. Bag of tricks for efficient text classification. arXiv preprint arXiv:1607.01759 (2016).","journal-title":"arXiv preprint arXiv:1607.01759"},{"key":"e_1_3_2_38_2","first-page":"427","volume-title":"Proceedings of the IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER)","author":"Karim Md Yasser","year":"2016","unstructured":"Md Yasser Karim, Huzefa Kagdi, and Massimiliano Di Penta. 2016. Mining Android apps to recommend permissions. In Proceedings of the IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER). IEEE, 427\u2013437."},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/2614628.2614633"},{"key":"e_1_3_2_40_2","first-page":"1","volume-title":"Proceedings of the Technologies for Smart-City Energy Security and Power (ICSESP)","author":"Koli J. D.","year":"2018","unstructured":"J. D. Koli. 2018. RanDroid: Android malware detection using random machine learning classifiers. In Proceedings of the Technologies for Smart-City Energy Security and Power (ICSESP). IEEE, 1\u20136."},{"issue":"2","key":"e_1_3_2_41_2","first-page":"1","article-title":"ANCHOR: Locating Android framework-specific crashing faults","volume":"28","author":"Kong Pingfan","year":"2021","unstructured":"Pingfan Kong, Li Li, Jun Gao, Timoth\u00e9e Riom, Yanjie Zhao, Tegawend\u00e9 F. Bissyand\u00e9, and Jacques Klein. 2021. ANCHOR: Locating Android framework-specific crashing faults. Autom. Softw. Eng. 28, 2 (2021), 1\u201331.","journal-title":"Autom. Softw. Eng."},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.5555\/2820518.2820603"},{"key":"e_1_3_2_43_2","first-page":"365","volume-title":"Proceedings of the Internet Measurement Conference","author":"Leung Christophe","year":"2016","unstructured":"Christophe Leung, Jingjing Ren, David Choffnes, and Christo Wilson. 2016. Should you use the app for that? Comparing the privacy implications of app- and web-based online services. In Proceedings of the Internet Measurement Conference. 365\u2013372."},{"key":"e_1_3_2_44_2","first-page":"280","volume-title":"Proceedings of the IEEE\/ACM 37th IEEE International Conference on Software Engineering","author":"Li Li","year":"2015","unstructured":"Li Li, Alexandre Bartel, Tegawend\u00e9 F. Bissyand\u00e9, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. ICCTA: Detecting inter-component privacy leaks in Android apps. In Proceedings of the IEEE\/ACM 37th IEEE International Conference on Software Engineering. IEEE, 280\u2013291."},{"key":"e_1_3_2_45_2","first-page":"388","volume-title":"Proceedings of the IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications","author":"Li Li","year":"2014","unstructured":"Li Li, Alexandre Bartel, Jacques Klein, and Yves Le Traon. 2014. Automatically exploiting potential component leaks in Android applications. In Proceedings of the IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 388\u2013397."},{"key":"e_1_3_2_46_2","first-page":"229","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security","author":"Lu Long","year":"2012","unstructured":"Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. 2012. CHEX: Statically vetting Android apps for component hijacking vulnerabilities. In Proceedings of the ACM Conference on Computer and Communications Security. 229\u2013240."},{"key":"e_1_3_2_47_2","first-page":"229","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security","author":"Lu Long","year":"2012","unstructured":"Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. 2012. CHEX: Statically vetting Android apps for component hijacking vulnerabilities. In Proceedings of the ACM Conference on Computer and Communications Security. 229\u2013240."},{"key":"e_1_3_2_48_2","first-page":"1517","volume-title":"Proceedings of the 29th USENIX Security Symposium (USENIX Security\u201920)","author":"Mahmud Samin Yaseer","year":"2020","unstructured":"Samin Yaseer Mahmud, Akhil Acharya, Benjamin Andow, William Enck, and Bradley Reaves. 2020. Cardpliance:PCIDSS compliance of Android applications. In Proceedings of the 29th USENIX Security Symposium (USENIX Security\u201920). 1517\u20131533."},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232009"},{"key":"e_1_3_2_50_2","article-title":"Efficient estimation of word representations in vector space","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013).","journal-title":"arXiv preprint arXiv:1301.3781"},{"key":"e_1_3_2_51_2","first-page":"993","volume-title":"Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915)","author":"Nan Yuhong","year":"2015","unstructured":"Yuhong Nan, Min Yang, Zhemin Yang, Shunfan Zhou, Guofei Gu, and XiaoFeng Wang. 2015. UiPicker: User-input privacy identification in mobile applications. In Proceedings of the 24th USENIX Security Symposium (USENIX Security\u201915). 993\u20131008."},{"key":"e_1_3_2_52_2","first-page":"520","volume-title":"Proceedings of the 3rd International Conference on Systems and Informatics (ICSAI)","author":"Niu Haofei","year":"2016","unstructured":"Haofei Niu, Tianchang Yang, and Shaozhang Niu. 2016. Clone analysis and detection in Android applications. In Proceedings of the 3rd International Conference on Systems and Informatics (ICSAI). IEEE, 520\u2013525."},{"key":"e_1_3_2_53_2","unstructured":"European Parliament and the Council of the European Union. 2016. General Data Protection Regulation (GDPR). Retrieved from https:\/\/gdpr-info.eu\/."},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330556"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23039"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/199448.199462"},{"key":"e_1_3_2_57_2","unstructured":"A. Rountev D. Yan S. Yang H. Wu Y. Wang and H. Zhang. 2017. GATOR: Program analysis toolkit for Android. Retrieved from http:\/\/web.cse.ohio-state.edu\/presto\/software\/gator\/."},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2018.00120"},{"key":"e_1_3_2_59_2","first-page":"141","volume-title":"Proceedings of the European Intelligence and Security Informatics Conference","author":"Sahs Justin","year":"2012","unstructured":"Justin Sahs and Latifur Khan. 2012. A machine learning approach to Android malware detection. In Proceedings of the European Intelligence and Security Informatics Conference. IEEE, 141\u2013147."},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884855"},{"key":"e_1_3_2_61_2","first-page":"331","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security","author":"Sun Mingshen","year":"2016","unstructured":"Mingshen Sun, Tao Wei, and John Lui. 2016. TaintART: A practical multi-level information-flow tracking system for Android runtime. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM, 331\u2013342."},{"key":"e_1_3_2_62_2","first-page":"498","volume-title":"Proceedings of the IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)","author":"Sun Xiaoyu","year":"2021","unstructured":"Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen, Li Li, and John Grundy. 2021. Characterizing sensor leaks in Android apps. In Proceedings of the IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE). IEEE, 498\u2013509."},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/3440033"},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23145"},{"key":"e_1_3_2_65_2","first-page":"683","volume-title":"Proceedings of the 11th Joint Meeting on Foundations of Software Engineering","author":"Vasilescu Bogdan","year":"2017","unstructured":"Bogdan Vasilescu, Casey Casalnuovo, and Premkumar Devanbu. 2017. Recovering clear, natural identifiers from obfuscated JS names. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering. 683\u2013693."},{"key":"e_1_3_2_66_2","first-page":"221","volume-title":"Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems","author":"Viennot Nicolas","year":"2014","unstructured":"Nicolas Viennot, Edward Garcia, and Jason Nieh. 2014. A measurement study of Google Play. In Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems. 221\u2013233."},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3240465"},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3418905"},{"key":"e_1_3_2_69_2","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1145\/3180155.3180196","volume-title":"Proceedings of the 40th International Conference on Software Engineering","author":"Wang Xiaoyin","year":"2018","unstructured":"Xiaoyin Wang, Xue Qin, Mitra Bokaei Hosseini, Rocky Slavin, Travis D. Breaux, and Jianwei Niu. 2018. GUILeak: Tracing privacy policy claims on user input data for Android applications. In Proceedings of the 40th International Conference on Software Engineering. 37\u201347."},{"key":"e_1_3_2_70_2","first-page":"727","volume-title":"Proceedings of the IEEE Conference on Communications and Network Security (CNS)","author":"Wang Zhaoguo","year":"2015","unstructured":"Zhaoguo Wang, Chenglong Li, Yi Guan, and Yibo Xue. 2015. DroidChain: A novel malware detection method for Android based on behavior chain. In Proceedings of the IEEE Conference on Communications and Network Security (CNS). IEEE, 727\u2013728."},{"key":"e_1_3_2_71_2","doi-asserted-by":"publisher","DOI":"10.1145\/3183575"},{"key":"e_1_3_2_72_2","unstructured":"R. Winsniewski. 2012. Android\u2013apktool: A tool for reverse engineering Android apk files. (2012)."},{"issue":"1","key":"e_1_3_2_73_2","first-page":"215","article-title":"A visual analytics framework for the detection of anomalous call stack trees in high performance computing applications","volume":"25","author":"Xie Cong","year":"2018","unstructured":"Cong Xie, Wei Xu, and Klaus Mueller. 2018. A visual analytics framework for the detection of anomalous call stack trees in high performance computing applications. IEEE Trans. Visualiz. Comput. Graph. 25, 1 (2018), 215\u2013224.","journal-title":"IEEE Trans. Visualiz. Comput. Graph."},{"key":"e_1_3_2_74_2","first-page":"101","volume-title":"Proceedings of the 3rd World Congress on Software Engineering","author":"Yang Zhemin","year":"2012","unstructured":"Zhemin Yang and Min Yang. 2012. LeakMiner: Detect information leakage on Android with static taint analysis. In Proceedings of the 3rd World Congress on Software Engineering. IEEE, 101\u2013104."},{"key":"e_1_3_2_75_2","first-page":"101","volume-title":"Proceedings of the 3rd World Congress on Software Engineering","author":"Yang Zhemin","year":"2012","unstructured":"Zhemin Yang and Min Yang. 2012. LeakMiner: Detect information leakage on Android with static taint analysis. In Proceedings of the 3rd World Congress on Software Engineering. 101\u2013104."},{"key":"e_1_3_2_76_2","first-page":"3320","volume-title":"Proceedings of the International Conference on Advances in Neural Information Processing Systems","author":"Yosinski Jason","year":"2014","unstructured":"Jason Yosinski, Jeff Clune, Yoshua Bengio, and Hod Lipson. 2014. How transferable are features in deep neural networks? In Proceedings of the International Conference on Advances in Neural Information Processing Systems. 3320\u20133328."},{"key":"e_1_3_2_77_2","article-title":"TaintMan: An ART-compatible dynamic taint analysis framework on unmodified and non-rooted Android devices","author":"You Wei","year":"2017","unstructured":"Wei You, Bin Liang, Wenchang Shi, Peng Wang, and Xiangyu Zhang. 2017. TaintMan: An ART-compatible dynamic taint analysis framework on unmodified and non-rooted Android devices. IEEE Trans. Depend. Secure Comput. (2017).","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"e_1_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1145\/2627393.2627395"},{"key":"e_1_3_2_79_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380401"},{"key":"e_1_3_2_80_2","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy","author":"Zhang Xueling","year":"2021","unstructured":"Xueling Zhang, Xiaoyin Wang, Rocky Slavin, and Jianwei Niu. 2021. ConDySTA: Context-aware dynamic supplement to static taint analysis. In Proceedings of the IEEE Symposium on Security and Privacy."}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3569936","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3569936","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:07:51Z","timestamp":1750183671000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3569936"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,27]]},"references-count":79,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,10,31]]}},"alternative-id":["10.1145\/3569936"],"URL":"https:\/\/doi.org\/10.1145\/3569936","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,5,27]]},"assertion":[{"value":"2022-04-17","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-09-22","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-05-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}