{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T19:01:30Z","timestamp":1754161290296,"version":"3.41.2"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","funder":[{"name":"Fonds national de la Recherche Luxembourg","award":["16344458","18154263"],"award-info":[{"award-number":["16344458","18154263"]}]},{"name":"German Federal Ministry of Education"},{"name":"Research and the Hessian Ministry of Higher Education, Research, Science and the Arts"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,23]]},"DOI":"10.1145\/3696630.3728495","type":"proceedings-article","created":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T19:10:43Z","timestamp":1753729843000},"page":"540-544","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Do you have 5 min? Improving Call Graph Analysis with Runtime Information"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6052-6184","authenticated-orcid":false,"given":"Jordan","family":"Samhi","sequence":"first","affiliation":[{"name":"SnT, University of Luxembourg, Luxembourg, Luxembourg"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3806-0522","authenticated-orcid":false,"given":"Marc","family":"Miltenberger","sequence":"additional","affiliation":[{"name":"Fraunhofer SIT | ATHENE - National Research Center for Applied Cybersecurity, Darmstadt, Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5963-4599","authenticated-orcid":false,"given":"Marco","family":"Alecci","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg, Luxembourg, Luxembourg"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5807-9431","authenticated-orcid":false,"given":"Steven","family":"Arzt","sequence":"additional","affiliation":[{"name":"Fraunhofer SIT, Darmstadt, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7270-9869","authenticated-orcid":false,"given":"Tegawend\u00e9","family":"Bissyand\u00e9","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg, Luxembourg, Luxembourg"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4052-475X","authenticated-orcid":false,"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg, Luxembourg, Luxembourg"}]}],"member":"320","published-online":{"date-parts":[[2025,7,28]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Proceedings of the 13th International Conference on Mining Software Repositories","author":"Allix Kevin","year":"2016","unstructured":"Kevin Allix, Tegawend\u00e9 F. Bissyand\u00e9, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proceedings of the 13th International Conference on Mining Software Repositories (Austin, Texas) (MSR '16). ACM, New York, NY, USA, 468\u2013471. 10.1145\/2901739.2903508"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 33rd International Conference on Software Engineering (Waikiki","author":"Bodden Eric","year":"2011","unstructured":"Eric Bodden, Andreas Sewe, Jan Sinschek, Hela Oueslati, and Mira Mezini. 2011. Taming Reflection: Aiding Static Analysis in the Presence of Reflection and Custom Class Loaders. In Proceedings of the 33rd International Conference on Software Engineering (Waikiki, Honolulu, HI, USA) (ICSE '11). Association for Computing Machinery, New York, NY, USA, 241\u2013250. 10.1145\/1985793.1985827"},{"key":"e_1_3_2_1_4_1","volume-title":"2020 IEEE Conference on Communications and Network Security (CNS). 1\u20139. 10","author":"Chaulagain Dewan","year":"2020","unstructured":"Dewan Chaulagain, Prabesh Poudel, Prabesh Pathak, Sankardas Roy, Doina Caragea, Guojun Liu, and Xinming Ou. 2020. Hybrid Analysis of Android Apps for Security Vetting using Deep Learning. In 2020 IEEE Conference on Communications and Network Security (CNS). 1\u20139. 10.1109\/CNS48642.2020.9162341"},{"key":"e_1_3_2_1_5_1","volume-title":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 143\u2013145","author":"Cheng Zhichao","year":"2017","unstructured":"Zhichao Cheng, Fanping Zeng, Xingqiu Zhong, Mingsong Zhou, Chengcheng Lv, and Shuli Guo. 2017. Resolving reflection methods in Android applications. In 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). 143\u2013145. 10.1109\/ISI.2017.8004892"},{"key":"e_1_3_2_1_6_1","volume-title":"Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In ECOOP'95 \u2014 Object-Oriented Programming, 9th European Conference, \u00c5arhus, Denmark, August 7\u201311","author":"Dean Jeffrey","year":"1995","unstructured":"Jeffrey Dean, David Grove, and Craig Chambers. 1995. Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In ECOOP'95 \u2014 Object-Oriented Programming, 9th European Conference, \u00c5arhus, Denmark, August 7\u201311, 1995, Mario Tokoro and Remo Pareschi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 77\u2013101."},{"key":"e_1_3_2_1_7_1","unstructured":"Michael D. Ernst. [n. d.]. Static and dynamic analysis: Synergy and duality. 24\u201327."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101688"},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/developer.android.com\/studio\/test\/monkey. Accessed","author":"Monkey Android","year":"2023","unstructured":"Google. 2023. Android Monkey, https:\/\/developer.android.com\/studio\/test\/monkey. Accessed July 2023."},{"key":"e_1_3_2_1_10_1","first-page":"110","article-title":"Information flow analysis of android applications in droidsafe","volume":"15","author":"Gordon Michael I","year":"2015","unstructured":"Michael I Gordon, Deokhwan Kim, Jeff H Perkins, Limei Gilham, Nguyen Nguyen, and Martin C Rinard. 2015. Information flow analysis of android applications in droidsafe.. In NDSS, Vol. 15. 110.","journal-title":"NDSS"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3652114"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 12th International Conference on Compiler Construction","author":"Lhot\u00e1k Ond\u0159ej","year":"2003","unstructured":"Ond\u0159ej Lhot\u00e1k and Laurie Hendren. 2003. Scaling Java Points-to Analysis Using SPARK. In Proceedings of the 12th International Conference on Compiler Construction (Warsaw, Poland) (CC'03). Springer-Verlag, Berlin, Heidelberg, 153\u2013169."},{"key":"e_1_3_2_1_13_1","volume-title":"Proceedings of the 37th International Conference on Software Engineering -","volume":"1","author":"Li Li","year":"2015","unstructured":"Li Li, Alexandre Bartel, Tegawend\u00e9 F. Bissyand\u00e9, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. IccTA: Detecting Inter-Component Privacy Leaks in Android Apps. In Proceedings of the 37th International Conference on Software Engineering - Volume 1 (Florence, Italy) (ICSE '15). IEEE Press, 280\u2013291."},{"key":"e_1_3_2_1_14_1","volume-title":"Proceedings of the 25th International Symposium on Software Testing and Analysis","author":"Li Li","year":"2016","unstructured":"Li Li, Tegawend\u00e9 F. Bissyand\u00e9, Damien Octeau, and Jacques Klein. 2016. DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps. In Proceedings of the 25th International Symposium on Software Testing and Analysis (Saarbr\u00fccken, Germany) (ISSTA 2016). Association for Computing Machinery, New York, NY, USA, 318\u2013329. 10.1145\/2931037.2931044"},{"key":"e_1_3_2_1_15_1","volume-title":"Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering","author":"Li Li","year":"2016","unstructured":"Li Li, Tegawend\u00e9 F. Bissyand\u00e9, Damien Octeau, and Jacques Klein. 2016. Reflection-aware static analysis of Android apps. In Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering (Singapore, Singapore) (ASE '16). Association for Computing Machinery, New York, NY, USA, 756\u2013761. 10.1145\/2970276.2970277"},{"key":"e_1_3_2_1_16_1","volume-title":"2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 3\u201317","author":"Lindorfer Martina","year":"2014","unstructured":"Martina Lindorfer, Matthias Neugschwandtner, Lukas Weichselbaum, Yanick Fratantonio, Victor van der Veen, and Christian Platzer. 2014. ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors. In 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). 3\u201317. 10.1109\/BADGERS.2014.7"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis","author":"Miltenberger Marc","year":"2023","unstructured":"Marc Miltenberger and Steven Arzt. 2023. Extensible and Scalable Architecture for Hybrid Analysis. In Proceedings of the 12th ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis (Orlando, FL, USA) (SOAP 2023). Association for Computing Machinery, New York, NY, USA, 34\u201339. 10.1145\/3589250.3596146"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 35th IEEE\/ACM International Conference on Automated Software Engineering","author":"Rasheed Shawn","year":"2021","unstructured":"Shawn Rasheed and Jens Dietrich. 2021. A hybrid analysis to detect Java serialisation vulnerabilities. In Proceedings of the 35th IEEE\/ACM International Conference on Automated Software Engineering (Virtual Event, Australia) (ASE '20). Association for Computing Machinery, New York, NY, USA, 1209\u20131213. 10.1145\/3324884.3418931"},{"key":"e_1_3_2_1_19_1","volume-title":"RAICC: Revealing Atypical Inter-Component Communication in Android Apps. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE). IEEE Computer Society","author":"Samhi J.","year":"2021","unstructured":"J. Samhi, A. Bartel, T. F. Bissyande, and J. Klein. 2021. RAICC: Revealing Atypical Inter-Component Communication in Android Apps. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 1398\u20131409. 10.1109\/ICSE43902.2021.00126"},{"key":"e_1_3_2_1_20_1","volume-title":"JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis. In 2022 IEEE\/ACM 44th International Conference on Software Engineering (ICSE). IEEE Computer Society","author":"Samhi Jordan","year":"2022","unstructured":"Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawend\u00e9 F Bissyand\u00e9, and Jacques Klein. 2022. JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis. In 2022 IEEE\/ACM 44th International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 1232\u20131244. 10.1145\/3510003.3512766"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","author":"Samhi Jordan","year":"2024","unstructured":"Jordan Samhi, Ren\u00e9 Just, Tegawend\u00e9 F. Bissyand\u00e9, Michael D. Ernst, and Jacques Klein. 2024. Call Graph Soundness in Android Static Analysis. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (Vienna, Austria) (ISSTA 2024). Association for Computing Machinery, New York, NY, USA, 945\u2013957. 10.1145\/3650212.3680333"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3440033"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (Mississauga","author":"Vall\u00e9e-Rai Raja","year":"1999","unstructured":"Raja Vall\u00e9e-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java Bytecode Optimization Framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (Mississauga, Ontario, Canada) (CASCON '99). IBM Press, 13."},{"volume-title":"Java Spring Framework, https:\/\/spring.io. Accessed","year":"2024","key":"e_1_3_2_1_24_1","unstructured":"VMWare. 2024. Java Spring Framework, https:\/\/spring.io. Accessed October 2024."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis","author":"Wang Wenyu","year":"2021","unstructured":"Wenyu Wang, Wing Lam, and Tao Xie. 2021. An Infrastructure Approach to Improving Effectiveness of Android UI Testing Tools. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (Virtual, Denmark) (ISSTA 2021). Association for Computing Machinery, New York, NY, USA, 165\u2013176. 10.1145\/3460319.3464828"},{"key":"e_1_3_2_1_26_1","volume-title":"An Empirical Study of Android Test Generation Tools in Industrial Cases. In 2018 33rd IEEE\/ACM International Conference on Automated Software Engineering (ASE). 738\u2013748","author":"Wang Wenyu","year":"2018","unstructured":"Wenyu Wang, Dengfeng Li, Wei Yang, Yurui Cao, Zhenwen Zhang, Yuetang Deng, and Tao Xie. 2018. An Empirical Study of Android Test Generation Tools in Industrial Cases. In 2018 33rd IEEE\/ACM International Conference on Automated Software Engineering (ASE). 738\u2013748. 10.1145\/3238147.3240465"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2886881"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","author":"Wei Fengguo","year":"2018","unstructured":"Fengguo Wei, Xingwei Lin, Xinming Ou, Ting Chen, and Xiaosong Zhang. 2018. JN-SAF: Precise and Efficient NDK\/JNI-Aware Inter-Language Static Analysis Framework for Security Vetting of Android Applications with Native Code. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS '18). Association for Computing Machinery, New York, NY, USA, 1137\u20131150. 10.1145\/3243734.3243835"},{"key":"e_1_3_2_1_29_1","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security","author":"Wei Fengguo","year":"2014","unstructured":"Fengguo Wei, Sankardas Roy, Xinming Ou, and Robby. 2014. Amandroid: A Precise and General Inter-Component Data Flow Analysis Framework for Security Vetting of Android Apps. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS '14). Association for Computing Machinery, New York, NY, USA, 1329\u20131341. 10.1145\/2660267.2660357"}],"event":{"name":"FSE Companion '25: 33rd ACM International Conference on the Foundations of Software Engineering","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"],"location":"Clarion Hotel Trondheim Trondheim Norway","acronym":"FSE Companion '25"},"container-title":["Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696630.3728495","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T19:12:50Z","timestamp":1753729970000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696630.3728495"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,23]]},"references-count":29,"alternative-id":["10.1145\/3696630.3728495","10.1145\/3696630"],"URL":"https:\/\/doi.org\/10.1145\/3696630.3728495","relation":{},"subject":[],"published":{"date-parts":[[2025,6,23]]},"assertion":[{"value":"2025-07-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}