{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T16:23:25Z","timestamp":1781281405932,"version":"3.54.1"},"reference-count":68,"publisher":"Association for Computing Machinery (ACM)","issue":"2","funder":[{"name":"Luxembourg National Research Fund","award":["16344458 (REPROCESS) and 18154263 (UNLOCK)"],"award-info":[{"award-number":["16344458 (REPROCESS) and 18154263 (UNLOCK)"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2026,2,28]]},"abstract":"<jats:p>\n                    An implicit call is a mechanism that triggers the execution of a method\n                    <jats:italic toggle=\"yes\">m<\/jats:italic>\n                    without a direct call to\n                    <jats:italic toggle=\"yes\">m<\/jats:italic>\n                    in the code being analyzed. For instance, in Android apps the\n                    <jats:monospace>Thread.start()<\/jats:monospace>\n                    method implicitly executes the\n                    <jats:monospace>Thread.run()<\/jats:monospace>\n                    method. These implicit calls can be conditionally triggered by programmer-specified constraints that are evaluated at runtime. For instance, the\n                    <jats:monospace>JobScheduler.schedule()<\/jats:monospace>\n                    method can be called to implicitly execute the\n                    <jats:monospace>JobService.onStartJob()<\/jats:monospace>\n                    method only if the device\u2019s battery is charging. Such conditional implicit calls can effectively disguise\n                    <jats:italic toggle=\"yes\">logic bombs<\/jats:italic>\n                    , posing significant challenges for both static and dynamic software analyses. Conservative static analysis may produce false-positive alerts due to over-approximation, while less conservative approaches might overlook potential covert behaviors, a serious concern in security analysis. Dynamic analysis may fail to generate the specific inputs required to activate these implicit call targets. To address these challenges, we introduce Archer, a tool designed to resolve conditional implicit calls and extract the constraints triggering execution control transfer. Our evaluation reveals that \u2460 implicit calls are prevalent in Android apps; \u2461 Archer enhances app models\u2019 soundness beyond existing static analysis methods; and \u2462 Archer successfully infers constraint values, enabling dynamic analyzers to detect (i.e., thanks to better code coverage) and assess conditionally triggered implicit calls.\n                  <\/jats:p>","DOI":"10.1145\/3729168","type":"journal-article","created":{"date-parts":[[2025,4,17]],"date-time":"2025-04-17T12:13:31Z","timestamp":1744892011000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Resolving Conditional Implicit Calls to Improve Static and Dynamic Analysis in Android Apps"],"prefix":"10.1145","volume":"35","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6052-6184","authenticated-orcid":false,"given":"Jordan","family":"Samhi","sequence":"first","affiliation":[{"name":"SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5982-275X","authenticated-orcid":false,"given":"Ren\u00e9","family":"Just","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, Washington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9379-277X","authenticated-orcid":false,"given":"Michael D.","family":"Ernst","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, Washington, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7270-9869","authenticated-orcid":false,"given":"Tegawend\u00e9 F.","family":"Bissyand\u00e9","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4052-475X","authenticated-orcid":false,"given":"Jacques","family":"Klein","sequence":"additional","affiliation":[{"name":"SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,1,21]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/390013.808479"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2903508"},{"key":"e_1_3_2_4_2","volume-title":"Program Analysis and Specialization for the C Programming Language","author":"Andersen L. O.","year":"1994","unstructured":"L. O. Andersen. 1994. Program Analysis and Specialization for the C Programming Language. Ph.D. thesis, Cornell."},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_3_2_6_2","unstructured":"S. Arzt S. Rasthofer C. Fritz E. Bodden A. Bartel J. Klein Y. Le Traon D. Octeau and P. McDaniel. 2022. Flowdroid Source Code. Retrieved April 2022 from https:\/\/github.com\/secure-software-engineering\/FlowDroid\/blob\/develop\/soot-infoflow\/src\/soot\/jimple\/infoflow\/cfg\/LibraryClassPatcher.java"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/236338.236371"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.69"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/2771284.2771288"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2259051.2259052"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510161"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23140"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00049"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2022.3159548"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00070"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCI.2018.8441295"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.5555\/646153.679523"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660343"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2016.7792435"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.30"},{"key":"e_1_3_2_21_2","unstructured":"Google. 2022. Android Guides. Retrieved August 2022 from https:\/\/developer.android.com\/guide"},{"key":"e_1_3_2_22_2","unstructured":"Google. 2023. Android Guide. Retrieved January 2023 from https:\/\/developer.android.com\/guide\/background\/threading"},{"key":"e_1_3_2_23_2","unstructured":"Google. 2023. Android Guide. Retrieved January 2023 from https:\/\/developer.android.com\/guide\/background"},{"key":"e_1_3_2_24_2","unstructured":"Google. 2023. Android Guide. Retrieved January 2024 from https:\/\/developer.android.com\/topic\/libraries\/architecture\/workmanager\/migrating-fb"},{"key":"e_1_3_2_25_2","unstructured":"Google. 2023. Android Guide. Retrieved January 2024 from https:\/\/developer.android.com\/topic\/libraries\/architecture\/workmanager"},{"key":"e_1_3_2_26_2","unstructured":"Google. 2023. Android Guide. Retrieved January 2024 from https:\/\/developer.android.com\/topic\/performance\/background-optimization"},{"key":"e_1_3_2_27_2","unstructured":"Google. 2023. Schedule Tasks with WorkManager. Retrieved January 2024 from https:\/\/developer.android.com\/topic\/libraries\/architecture\/workmanager"},{"key":"e_1_3_2_28_2","unstructured":"Google. 2023. UI\/Application Exerciser Monkey. Retrieved January 2024 from https:\/\/developer.android.com\/studio\/test\/other-testing-tools\/monkey"},{"key":"e_1_3_2_29_2","unstructured":"Google Security Operations. 2022. Virus Total Free Online Virus Malware and URL Scanner. Retrieved from https:\/\/www.virustotal.com"},{"key":"e_1_3_2_30_2","first-page":"110","article-title":"Information flow analysis of Android applications in DroidSafe","volume":"15","author":"Gordon M. I.","year":"2015","unstructured":"M. I. Gordon, D. Kim, J. H. Perkins, L. Gilham, N. Nguyen, and M. C. Rinard. 2015. Information flow analysis of Android applications in DroidSafe. In Proceedings of the Network and Distributed System Security Symposium (NDSS), Vol. 15, 110.","journal-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2013.6693097"},{"key":"e_1_3_2_32_2","unstructured":"IDC. 2024. Smartphone Market Share. Retrieved January 2024 from https:\/\/www.idc.com\/promo\/smartphone-market-share\/os"},{"key":"e_1_3_2_33_2","unstructured":"S. T. Intelligence and R. Team. 2022. Poseidon\u2019s Offspring: Charybdis and Scylla. Retrieved December 2022 from https:\/\/www.humansecurity.com\/learn\/blog\/poseidons-offspring-charybdis-and-scylla"},{"key":"e_1_3_2_34_2","unstructured":"M. Iqbal. 2023. App Download Data. Retrieved January 2024 from https:\/\/www.businessofapps.com\/data\/app-statistics\/"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/479174"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36579-6_12"},{"key":"e_1_3_2_37_2","first-page":"280","article-title":"IccTA: Detecting inter-component privacy leaks in Android apps","author":"Li L.","year":"2015","unstructured":"L. Li, A. Bartel, T. F. Bissyand\u00e9, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel. 2015. IccTA: Detecting inter-component privacy leaks in Android apps. In Proceedings of the 37th International Conference on Software Engineering (ICSE \u201915)\u2014Volume 1, 280\u2013291.","journal-title":"Proceedings of the 37th International Conference on Software Engineering (ICSE \u201915)\u2014Volume 1"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931044"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2017.04.001"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICST57152.2023.00024"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2012.6263963"},{"key":"e_1_3_2_42_2","first-page":"77","article-title":"Composite constant propagation: Application to Android inter-component communication analysis","author":"Octeau D.","year":"2015","unstructured":"D. Octeau, D. Luchaup, M. Dering, S. Jha, and P. McDaniel. 2015. Composite constant propagation: Application to Android inter-component communication analysis. In Proceedings of the 37th International Conference on Software Engineering (ICSE \u201915)\u2014Volume 1, 77\u201388.","journal-title":"Proceedings of the 37th International Conference on Software Engineering (ICSE \u201915)\u2014Volume 1"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409699"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592796"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3395042"},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1145\/199448.199462"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1979.234183"},{"key":"e_1_3_2_48_2","unstructured":"J. Samhi. 2022 Stack Overflow. Retrieved August 2022 from https:\/\/stackoverflow.com\/q\/70670020\/"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00126"},{"key":"e_1_3_2_50_2","first-page":"459","volume-title":"2022 IEEE\/ACM 19th International Conference on Mining Software Repositories (MSR)","author":"Samhi J.","year":"2020","unstructured":"J. Samhi, T. F. Bissyande, and J. Klein. 2020. TriggerZoo: A dataset of Android applications automatically infected with logic bombs. In 2022 IEEE\/ACM 19th International Conference on Mining Software Repositories (MSR). IEEE Computer Society, 459\u2013463."},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3512766"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510135"},{"key":"e_1_3_2_53_2","unstructured":"J. Skylot. 2022. JadX: Dex to Java Decompiler. Retrieved May 2022 from https:\/\/github.com\/skylot\/jadx"},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"e_1_3_2_55_2","first-page":"1","volume-title":"ACM Transactions on Software Engineering and Methodology","volume":"32","author":"Sun X.","year":"2022","unstructured":"X. Sun, X. Chen, L. Li, H. Cai, J. Grundy, J. Samhi, T. F. Bissyand\u00e9, and J. Klein. 2022. Demystifying hidden sensitive operations in Android apps. ACM Transactions on Software Engineering and Methodology 32, 2 (2022), 1\u201330."},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3440033"},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/353171.353189"},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/1925805.1925818"},{"key":"e_1_3_2_59_2","volume-title":"Jimple: Simplifying Java Bytecode for Analyses and Transformations","author":"Vallee-Rai R.","year":"1998","unstructured":"R. Vallee-Rai and L. J. Hendren. 1998. Jimple: Simplifying Java Bytecode for Analyses and Transformations. Sable Technical Report 1. McGill University."},{"key":"e_1_3_2_60_2","volume-title":"Dynamic Analysis of Android Malware","author":"Van Der Veen V.","year":"2013","unstructured":"V. Van Der Veen, H. Bos, and C. Rossow. 2013. Dynamic Analysis of Android Malware. Internet and Web Technology Master thesis. VU University Amsterdam."},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_12"},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660357"},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2547385"},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-56991-8_51"},{"key":"e_1_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510454.3516864"},{"key":"e_1_3_2_66_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.31"},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.76"},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714604"},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1145\/2381934.2381950"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3729168","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,21]],"date-time":"2026-01-21T16:33:25Z","timestamp":1769013205000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3729168"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,21]]},"references-count":68,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,2,28]]}},"alternative-id":["10.1145\/3729168"],"URL":"https:\/\/doi.org\/10.1145\/3729168","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,21]]},"assertion":[{"value":"2024-01-26","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-24","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-01-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}