{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T10:08:35Z","timestamp":1781258915740,"version":"3.54.1"},"reference-count":310,"publisher":"Sociedade Brasileira de Computacao - SB","issue":"1","license":[{"start":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T00:00:00Z","timestamp":1626998400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T00:00:00Z","timestamp":1626998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Internet Serv Appl"],"published-print":{"date-parts":[[2021,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Mobile platforms are rapidly and continuously changing, with support for new sensors, APIs, and programming abstractions. Static analysis is gaining a growing interest, allowing developers to predict properties about the run-time behavior of mobile apps without executing them. Over the years, literally hundreds of static analysis techniques have been proposed, ranging from structural and control-flow analysis to state-based analysis.In this paper, we present a systematic mapping study aimed at identifying, evaluating and classifying characteristics, trends and potential for industrial adoption of existing research in static analysis of mobile apps. Starting from over 12,000 potentially relevant studies, we applied a rigorous selection procedure resulting in 261 primary studies along a time span of 9 years. We analyzed each primary study according to a rigorously-defined classification framework. The results of this study give a <jats:italic>solid foundation for assessing existing and future approaches for static analysis of mobile apps, especially in terms of their industrial adoptability<\/jats:italic>.Researchers and practitioners can use the results of this study to (i) identify existing research\/technical gaps to target, (ii) understand how approaches developed in academia can be successfully transferred to industry, and (iii) better position their (past and future) approaches for static analysis of mobile apps.<\/jats:p>","DOI":"10.1186\/s13174-021-00134-x","type":"journal-article","created":{"date-parts":[[2021,7,23]],"date-time":"2021-07-23T08:03:06Z","timestamp":1627027386000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Software engineering techniques for statically analyzing mobile apps: research trends, characteristics, and potential for industrial adoption"],"prefix":"10.5753","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5951-1567","authenticated-orcid":false,"given":"Marco","family":"Autili","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ivano","family":"Malavolta","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Alexander","family":"Perucci","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Gian Luca","family":"Scoccia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Roberto","family":"Verdecchia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"3742","published-online":{"date-parts":[[2021,7,23]]},"reference":[{"key":"134_CR1","doi-asserted-by":"crossref","unstructured":"Aafer Y, Du W, Yin H. Droidapiminer: Mining api-level features for robust malware detection in android. In: International Conference on Security and Privacy in Communication Systems. Springer: 2013. p. 86\u2013103.","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"134_CR2","unstructured":"Lella A, Lipsman A. The U.S. Mobile App Report. 2017. comsCore white paper. https:\/\/www.comscore.com\/Insights\/Presentations-and-Whitepapers\/2017\/The-2017-US-Mobile-App-Report."},{"issue":"7","key":"134_CR3","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/2.689678","volume":"31","author":"H Agrawal","year":"1998","unstructured":"Agrawal H, Alberi JL, Horgan JR, Li JJ, London S, Wong WE, Ghosh S, Wilde N. Mining system tests to aid software maintenance. Computer. 1998; 31(7):64\u201373.","journal-title":"Computer"},{"key":"134_CR4","doi-asserted-by":"crossref","unstructured":"Ahmad M, Costamagna V, Crispo B, Bergadano F. Teicc: targeted execution of inter-component communications in android. In: Proceedings of the symposium on applied computing. ACM: 2017. p. 1747\u201352.","DOI":"10.1145\/3019612.3019797"},{"key":"134_CR5","doi-asserted-by":"crossref","unstructured":"Al Rahat T, Feng Y, Tian Y. Oauthlint: an empirical study on oauth bugs in android applications. In: 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2019. p. 293\u2013304.","DOI":"10.1109\/ASE.2019.00036"},{"key":"134_CR6","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1016\/j.cose.2016.11.011","volume":"65","author":"S Alam","year":"2017","unstructured":"Alam S, Qu Z, Riley R, Chen Y, Rastogi V. Droidnative: Automating and optimizing detection of android native code malware variants. Comput Secur. 2017; 65:230\u201346.","journal-title":"Comput Secur"},{"key":"134_CR7","doi-asserted-by":"crossref","unstructured":"Allen J, Landen M, Chaba S, Ji Y, Chung SPH, Lee W. Improving accuracy of android malware detection with lightweight contextual awareness. In: Proceedings of the 34th Annual Computer Security Applications Conference. ACM: 2018. p. 210\u201321.","DOI":"10.1145\/3274694.3274744"},{"key":"134_CR8","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/s10664-014-9352-6","volume":"21","author":"K Allix","year":"2016","unstructured":"Allix K, Bissyand\u00e9 TF, J\u00e9rome Q, Klein J, State R, Le Traon Y. Empirical assessment of machine learning-based malware detectors for android. Empir Softw Eng. 2016; 21:183\u2013211.","journal-title":"Empir Softw Eng"},{"key":"134_CR9","unstructured":"Annie A. App Annie\u2019s Global App Economy Forecast. http:\/\/go.appannie.com\/report-app-economy-forecast-part-two. Accessed 27 Sept 2017."},{"key":"134_CR10","doi-asserted-by":"crossref","unstructured":"Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K, Siemens C. Drebin: Effective and explainable detection of android malware in your pocket. In: NDSS: 2014. p. 23\u20136.","DOI":"10.14722\/ndss.2014.23247"},{"key":"134_CR11","doi-asserted-by":"crossref","unstructured":"Arzt S, Bodden E. Stubdroid: automatic inference of precise data-flow summaries for the android framework. In: Proceedings of the 38th International Conference on Software Engineering. ACM: 2016. p. 725\u201335.","DOI":"10.1145\/2884781.2884816"},{"issue":"6","key":"134_CR12","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P. Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan Notices. 2014; 49(6):259\u201369.","journal-title":"ACM Sigplan Notices"},{"issue":"8","key":"134_CR13","doi-asserted-by":"publisher","first-page":"987","DOI":"10.1016\/j.scico.2012.01.005","volume":"78","author":"M Autili","year":"2013","unstructured":"Autili M, Benedetto PD, Inverardi P. A hybrid approach for resource-based comparison of adaptable java applications. Sci Comput Program. 2013; 78(8):987\u20131009. https:\/\/doi.org\/10.1016\/j.scico.2012.01.005.","journal-title":"Sci Comput Program"},{"key":"134_CR14","doi-asserted-by":"crossref","unstructured":"Autili M, Malavolta I, Perucci A, Scoccia GL. Perspectives on static analysis of mobile apps (invited talk). In: Proceedings of the 3rd International Workshop on Software Development Lifecycle for Mobile. ACM: 2015. p. 29\u201330.","DOI":"10.1145\/2804345.2804352"},{"key":"134_CR15","doi-asserted-by":"crossref","unstructured":"Avdiienko V, Kuznetsov K, Gorla A, Zeller A, Arzt S, Rasthofer S, Bodden E. Mining apps for abnormal usage of sensitive data. In: Proceedings of the 37th International Conference on Software Engineering, vol 1. IEEE Press: 2015. p. 426\u201336.","DOI":"10.1109\/ICSE.2015.61"},{"key":"134_CR16","doi-asserted-by":"crossref","unstructured":"Azim T, Neamtiu I. Targeted and depth-first exploration for systematic testing of android apps. In: ACM SIGPLAN Notices, vol. 48. ACM: 2013. p. 641\u201360.","DOI":"10.1145\/2544173.2509549"},{"key":"134_CR17","doi-asserted-by":"crossref","unstructured":"Backes M, Bugiel S, Derr E. Reliable third-party library detection in android and its security applications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM: 2016. p. 356\u201367.","DOI":"10.1145\/2976749.2978333"},{"key":"134_CR18","doi-asserted-by":"crossref","unstructured":"Bae S, Lee S, Ryu S. Towards understanding and reasoning about android interoperations. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). IEEE: 2019. p. 223\u201333.","DOI":"10.1109\/ICSE.2019.00038"},{"key":"134_CR19","doi-asserted-by":"crossref","unstructured":"Bagheri H, Kang E, Malek S, Jackson D. Detection of design flaws in the android permission protocol through bounded verification. In: International Symposium on Formal Methods. Springer: 2015. p. 73\u201389.","DOI":"10.1007\/978-3-319-19249-9_6"},{"issue":"9","key":"134_CR20","doi-asserted-by":"publisher","first-page":"866","DOI":"10.1109\/TSE.2015.2419611","volume":"41","author":"H Bagheri","year":"2015","unstructured":"Bagheri H, Sadeghi A, Garcia J, Malek S. Covert: Compositional analysis of android inter-app permission leakage. IEEE Trans Softw Eng. 2015; 41(9):866\u201386.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR21","doi-asserted-by":"crossref","unstructured":"Bagheri H, Sadeghi A, Jabbarvand R, Malek S. Practical, formal synthesis and automatic enforcement of security policies for android. In: 2016 46th Annual IEEE\/IFIP International Conference On Dependable Systems and Networks (DSN). IEEE: 2016. p. 514\u201325.","DOI":"10.1109\/DSN.2016.53"},{"key":"134_CR22","doi-asserted-by":"crossref","unstructured":"Bagheri H, Wang J, Aerts J, Malek S. Efficient, evolutionary security analysis of interacting android apps. In: 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE: 2018. p. 357\u201368.","DOI":"10.1109\/ICSME.2018.00044"},{"issue":"6","key":"134_CR23","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1109\/TSE.2017.2697848","volume":"44","author":"G Bai","year":"2017","unstructured":"Bai G, Ye Q, Wu Y, Botha H, Sun J, Liu Y, Dong JS, Visser W. Towards model checking android applications. IEEE Trans Softw Eng. 2017; 44(6):595\u2013612.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR24","doi-asserted-by":"crossref","unstructured":"Banerjee A, Chong LK, Chattopadhyay S, Roychoudhury A. Detecting energy bugs and hotspots in mobile apps. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM: 2014. p. 588\u201398.","DOI":"10.1145\/2635868.2635871"},{"key":"134_CR25","doi-asserted-by":"crossref","unstructured":"Banerjee A, Guo H-F, Roychoudhury A. Debugging energy-efficiency related field failures in mobile apps. In: Proceedings of the International Conference on Mobile Software Engineering and Systems. ACM: 2016. p. 127\u201338.","DOI":"10.1145\/2897073.2897085"},{"issue":"5","key":"134_CR26","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1109\/TSE.2017.2689012","volume":"44","author":"A Banerjee","year":"2018","unstructured":"Banerjee A, Chong LK, Ballabriga C, Roychoudhury A. Energypatch: Repairing resource leaks to improve energy-efficiency of android apps. IEEE Trans Softw Eng. 2018; 44(5):470\u201390.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR27","doi-asserted-by":"crossref","unstructured":"Barros P, Just R, Millstein S, Vines P, Dietl W, Ernst MD, et al. Static analysis of implicit control flow: Resolving java reflection and android intents (t). In: 2015 30th IEEE\/ACM International Conference On Automated Software Engineering (ASE). IEEE: 2015. p. 669\u201379.","DOI":"10.1109\/ASE.2015.69"},{"key":"134_CR28","doi-asserted-by":"crossref","unstructured":"Bartel A, Klein J, Le Traon Y, Monperrus M. Automatically securing permission-based software by reducing the attack surface: An application to android. In: Proceedings of the 27th IEEE\/ACM International Conference on Automated Software Engineering. ACM: 2012. p. 274\u20137.","DOI":"10.1145\/2351676.2351722"},{"issue":"6","key":"134_CR29","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1109\/TSE.2014.2322867","volume":"40","author":"A Bartel","year":"2014","unstructured":"Bartel A, Klein J, Monperrus M, Le Traon Y. Static analysis for extracting permission checks of a large scale framework: The challenges and solutions for analyzing android. IEEE Trans Softw Eng. 2014; 40(6):617\u201332.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR30","unstructured":"Basili VR, Caldiera G, Rombach HD. The Goal Question Metric Approach. In: Encyclopedia of Software Engineering, vol. 2. Wiley: 1994. p. 528\u201332."},{"key":"134_CR31","doi-asserted-by":"crossref","unstructured":"Bastani O, Anand S, Aiken A. Interactively verifying absence of explicit information flows in android apps. In: ACM SIGPLAN Notices, vol. 50. ACM: 2015. p. 299\u2013315.","DOI":"10.1145\/2858965.2814274"},{"key":"134_CR32","doi-asserted-by":"crossref","unstructured":"Batyuk L, Herpich M, Camtepe SA, Raddatz K, Schmidt A-D, Albayrak S. Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within android applications. In: 2011 6th International Conference On Malicious and Unwanted Software (MALWARE). IEEE: 2011. p. 66\u201372.","DOI":"10.1109\/MALWARE.2011.6112328"},{"key":"134_CR33","doi-asserted-by":"crossref","unstructured":"Baumg\u00e4rtner L, Graubner P, Schmidt N, Freisleben B. Andro lyze: A distributed framework for efficient android app analysis. In: 2015 IEEE International Conference On Mobile Services (MS). IEEE: 2015. p. 73\u201380.","DOI":"10.1109\/MobServ.2015.20"},{"key":"134_CR34","doi-asserted-by":"crossref","unstructured":"Behrouz RJ, Sadeghi A, Garcia J, Malek S, Ammann P. Ecodroid: An approach for energy-based ranking of android apps. In: 2015 IEEE\/ACM 4th International Workshop On Green and Sustainable Software (GREENS). IEEE: 2015. p. 8\u201314.","DOI":"10.1109\/GREENS.2015.9"},{"key":"134_CR35","unstructured":"Martin B. The Global Mobile Report - comScore\u2019s cross-market comparison of mobile trends and behaviours. 2017. comsCore white paper. https:\/\/www.comscore.com\/ita\/Public-Relations\/Presentazioni-e-Whitepaper\/2017\/The-Global-Mobile-Trends-Webinar."},{"key":"134_CR36","doi-asserted-by":"crossref","unstructured":"Bianchi A, Corbetta J, Invernizzi L, Fratantonio Y, Kruegel C, Vigna G. What the app is that? deception and countermeasures in the android user interface. In: 2015 IEEE Symposium on Security and Privacy (SP). IEEE: 2015. p. 931\u201348.","DOI":"10.1109\/SP.2015.62"},{"key":"134_CR37","doi-asserted-by":"crossref","unstructured":"Bosu A, Liu F, Yao D, Wang G. Collusive data leak and more: Large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM: 2017. p. 71\u201385.","DOI":"10.1145\/3052973.3053004"},{"key":"134_CR38","doi-asserted-by":"crossref","unstructured":"Brucker AD, Herzberg M. On the static analysis of hybrid mobile apps. In: International Symposium on Engineering Secure Software and Systems. Springer: 2016. p. 72\u201388.","DOI":"10.1007\/978-3-319-30806-7_5"},{"key":"134_CR39","doi-asserted-by":"crossref","unstructured":"Brutschy L, Ferrara P, M\u00fcller P. Static analysis for independent app developers. In: ACM SIGPLAN Notices, vol. 49. ACM: 2014. p. 847\u201360.","DOI":"10.1145\/2714064.2660219"},{"key":"134_CR40","doi-asserted-by":"crossref","unstructured":"Brutschy L, Ferrara P, Tripp O, Pistoia M. Shamdroid: gracefully degrading functionality in the presence of limited resource access. In: ACM SIGPLAN Notices, vol. 50. ACM: 2015. p. 316\u201331.","DOI":"10.1145\/2858965.2814296"},{"key":"134_CR41","doi-asserted-by":"publisher","unstructured":"Cai H, Ryder BG. Artifacts for dynamic analysis of android apps. In: 2017 IEEE International Conference on Software Maintenance and Evolution, ICSME 2017, Shanghai, China, September: 2017. p. 659. https:\/\/doi.org\/10.1109\/ICSME.2017.36.","DOI":"10.1109\/ICSME.2017.36"},{"key":"134_CR42","doi-asserted-by":"crossref","unstructured":"Calcagno C, Distefano D. Infer: An automatic program verifier for memory safety of c programs. In: NASA Formal Methods. Springer: 2011. p. 459\u2013465.","DOI":"10.1007\/978-3-642-20398-5_33"},{"key":"134_CR43","doi-asserted-by":"crossref","unstructured":"Calcagno C, Distefano D, O\u2019Hearn P, Yang H. Compositional shape analysis by means of bi-abduction. In: ACM SIGPLAN Notices, ACM: 2009. p. 289\u2013300.","DOI":"10.1145\/1594834.1480917"},{"key":"134_CR44","doi-asserted-by":"crossref","unstructured":"Calzavara S, Grishchenko I, Maffei M. HornDroid: Practical and sound static analysis of Android applications by SMT solving. In: 2016 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE: 2016. p. 47\u201362.","DOI":"10.1109\/EuroSP.2016.16"},{"key":"134_CR45","doi-asserted-by":"crossref","unstructured":"Cam NT, Phuoc NCH. Nesedroid\u2013android malware detection based on network traffic and sensitive resource accessing. In: Proceedings of the International Conference on Data Engineering and Communication Technology. Springer: 2017. p. 19\u201330.","DOI":"10.1007\/978-981-10-1678-3_3"},{"issue":"12","key":"134_CR46","doi-asserted-by":"publisher","first-page":"1230","DOI":"10.1109\/TSE.2018.2834344","volume":"45","author":"G Canfora","year":"2018","unstructured":"Canfora G, Martinelli F, Mercaldo F, Nardone V, Santone A, Visaggio CA. Leila: formal tool for identifying mobile malicious behaviour. IEEE Trans Softw Eng. 2018; 45(12):1230\u201352.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR47","doi-asserted-by":"crossref","unstructured":"Cao Y, Fratantonio Y, Bianchi A, Egele M, Kruegel C, Vigna G, Chen Y. Edgeminer: Automatically detecting implicit control flow transitions through the android framework. In: NDSS. Internet Society: 2015.","DOI":"10.14722\/ndss.2015.23140"},{"key":"134_CR48","doi-asserted-by":"crossref","unstructured":"Chan PP, Hui LC, Yiu SM. Droidchecker: analyzing android applications for capability leak. In: Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM: 2012. p. 125\u201336.","DOI":"10.1145\/2185448.2185466"},{"key":"134_CR49","doi-asserted-by":"crossref","unstructured":"Chen K, Liu P, Zhang Y. Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: Proceedings of the 36th International Conference on Software Engineering. ACM\/IEEE: 2014. p. 175\u201386.","DOI":"10.1145\/2568225.2568286"},{"key":"134_CR50","unstructured":"Chen KZ, Johnson NM, D\u2019Silva V, Dai S, MacNamara K, Magrino TR, Wu EX, Rinard M, Song DX. Contextual policy enforcement in android applications with permission event graphs. In: NDSS, vol 234. Internet Society: 2013."},{"key":"134_CR51","doi-asserted-by":"publisher","first-page":"110418","DOI":"10.1016\/j.jss.2019.110418","volume":"158","author":"X Chen","year":"2019","unstructured":"Chen X, Chen J, Liu B, Ma Y, Zhang Y, Zhong H. Androidoff: Offloading android application based on cost estimation. J Syst Softw. 2019; 158:110418.","journal-title":"J Syst Softw"},{"key":"134_CR52","doi-asserted-by":"crossref","unstructured":"Chen X, Li C, Wang D, Wen S, Zhang J, Nepal S, Xiang Y, Ren K. Android hiv: A study of repackaging malware for evading machine-learning detection. IEEE Trans Inf Forensic Secur. 2019b; 15:987\u20131001.","DOI":"10.1109\/TIFS.2019.2932228"},{"key":"134_CR53","doi-asserted-by":"crossref","unstructured":"Chin E, Felt AP, Greenwood K, Wagner D. Analyzing inter-application communication in android. In: Proceedings of the 9th international conference on Mobile systems, applications, and services. ACM: 2011. p. 239\u201352.","DOI":"10.1145\/1999995.2000018"},{"key":"134_CR54","doi-asserted-by":"crossref","unstructured":"Choi B, Kim J, Cho D, Kim S, Han D. Appx: an automated app acceleration framework for low latency mobile app. In: Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies. ACM: 2018. p. 27\u201340.","DOI":"10.1145\/3281411.3281416"},{"key":"134_CR55","unstructured":"Clarivate. Isi web of science. 2019. http:\/\/www.webofknowledge.com. Accessed 06 Nov 2019."},{"key":"134_CR56","doi-asserted-by":"crossref","unstructured":"Crussell J, Gibler C, Chen H. Andarwin: Scalable detection of semantically similar android applications. In: European Symposium on Research in Computer Security. Springer: 2013. p. 182\u201399.","DOI":"10.1007\/978-3-642-40203-6_11"},{"key":"134_CR57","doi-asserted-by":"crossref","unstructured":"Cui X, Yu D, Chan P, Hui LC, Yiu SM, Qing S. Cochecker: Detecting capability and sensitive data leaks from component chains in android. In: Australasian Conference on Information Security and Privacy. Springer: 2014. p. 446\u201353.","DOI":"10.1007\/978-3-319-08344-5_31"},{"key":"134_CR58","doi-asserted-by":"crossref","unstructured":"Cui X, Wang J, Hui LC, Xie Z, Zeng T, Yiu SM. Wechecker: efficient and precise detection of privilege escalation vulnerabilities in android apps. In: Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM: 2015. p. 1\u201312.","DOI":"10.1145\/2766498.2766509"},{"key":"134_CR59","doi-asserted-by":"crossref","unstructured":"Das T, Penta MD, Malavolta I. A quantitative and qualitative investigation of performance-related commits in android apps. In: 2016 IEEE International Conference on Software Maintenance and Evolution, ICSME 2016, Raleigh, NC, USA, October, vol. 2-7: 2016. p. 443\u20137. http:\/\/www.ivanomalavolta.com\/files\/papers\/ICSME_2016.pdf.","DOI":"10.1109\/ICSME.2016.49"},{"key":"134_CR60","doi-asserted-by":"crossref","unstructured":"Del Vecchio J, Shen F, Yee KM, Wang B, Ko SY, Ziarek L. String analysis of android applications (n). In: 2015 30th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2015. p. 680\u20135.","DOI":"10.1109\/ASE.2015.20"},{"key":"134_CR61","doi-asserted-by":"crossref","unstructured":"Demissie BF, Ghio D, Ceccato M, Avancini A. Identifying android inter app communication vulnerabilities using static and dynamic analysis. In: Proceedings of the International Conference on Mobile Software Engineering and Systems. ACM: 2016. p. 255\u201366.","DOI":"10.1145\/2897073.2897082"},{"key":"134_CR62","doi-asserted-by":"crossref","unstructured":"Demissie BF, Ceccato M, Shar LK. Anflo: Detecting anomalous sensitive information flows in android apps. In: 2018 IEEE\/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE: 2018. p. 24\u201334.","DOI":"10.1145\/3197231.3197238"},{"key":"134_CR63","unstructured":"Egele M, Kruegel C, Kirda E, Vigna G. Pios: Detecting privacy leaks in ios applications. In: NDSS. Internet Society: 2011. p. 177\u201383."},{"key":"134_CR64","doi-asserted-by":"crossref","unstructured":"Egele M, Brumley D, Fratantonio Y, Kruegel C. An empirical study of cryptographic misuse in android applications. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM: 2013. p. 73\u201384.","DOI":"10.1145\/2508859.2516693"},{"issue":"1","key":"134_CR65","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.infsof.2011.06.003","volume":"54","author":"F Elberzhager","year":"2012","unstructured":"Elberzhager F, M\u00fcnch J, Nha VTN. A systematic mapping study on the combination of static and dynamic quality assurance techniques. Inf Softw Technol. 2012; 54(1):1\u201315.","journal-title":"Inf Softw Technol"},{"key":"134_CR66","unstructured":"Elish KO, Yao D, Ryder BG. User-centric dependence analysis for identifying malicious mobile apps. In: Workshop on Mobile Security Technologies. Cornell University arXiv: 2012."},{"key":"134_CR67","doi-asserted-by":"crossref","unstructured":"Ernst MD, Just R, Millstein S, Dietl W, Pernsteiner S, Roesner F, Koscher K, Barros PB, Bhoraskar R, Han S, et al.Collaborative verification of information flow for a high-assurance app store. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM: 2014. p. 1092\u2013104.","DOI":"10.1145\/2660267.2660343"},{"issue":"1","key":"134_CR68","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1515\/popets-2017-0008","volume":"2017","author":"M Eskandari","year":"2017","unstructured":"Eskandari M, Kessler B, Ahmad M, de Oliveira AS, Crispo B. Analyzing remote server locations for personal data transfers in mobile apps. Proc Priv Enhancing Technol. 2017; 2017(1):118\u201331.","journal-title":"Proc Priv Enhancing Technol"},{"key":"134_CR69","doi-asserted-by":"crossref","unstructured":"Fahl S, Harbach M, Muders T, Baumg\u00e4rtner L, Freisleben B, Smith M. Why eve and mallory love android: An analysis of android ssl (in) security. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM: 2012. p. 50\u201361.","DOI":"10.1145\/2382196.2382205"},{"key":"134_CR70","doi-asserted-by":"crossref","unstructured":"Fan L, Su T, Chen S, Meng G, Liu Y, Xu L, Pu G. Efficiently manifesting asynchronous programming errors in android apps. In: Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering. ACM\/IEEE: 2018a. p. 486\u201397.","DOI":"10.1145\/3238147.3238170"},{"issue":"8","key":"134_CR71","doi-asserted-by":"publisher","first-page":"1772","DOI":"10.1109\/TIFS.2017.2687880","volume":"12","author":"M Fan","year":"2017","unstructured":"Fan M, Liu J, Wang W, Li H, Tian Z, Liu T. Dapasa: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans Inf Forensic Secur. 2017; 12(8):1772\u201385.","journal-title":"IEEE Trans Inf Forensic Secur"},{"key":"134_CR72","doi-asserted-by":"crossref","unstructured":"Fan M, Liu J, Luo X, Chen K, Tian Z, Zheng Q, Liu T. Android malware familial classification and representative sample selection via frequent subgraph analysis. IEEE Trans Inf Forensic Secur. 2018b; 13(8):1890\u2013905.","DOI":"10.1109\/TIFS.2018.2806891"},{"key":"134_CR73","doi-asserted-by":"crossref","unstructured":"Fan M, Luo X, Liu J, Wang M, Nong C, Zheng Q, Liu T. Graph embedding based familial analysis of android malware using unsupervised learning. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). IEEE: 2019. p. 771\u201382.","DOI":"10.1109\/ICSE.2019.00085"},{"key":"134_CR74","doi-asserted-by":"crossref","unstructured":"Fazzini M, Xin Q, Orso A. Automated api-usage update for android apps. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM SIGSOFT: 2019. p. 204\u201315.","DOI":"10.1145\/3293882.3330571"},{"key":"134_CR75","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1016\/j.cose.2016.11.007","volume":"65","author":"A Feizollah","year":"2017","unstructured":"Feizollah A, Anuar NB, Salleh R, Suarez-Tangil G, Furnell S. Androdialysis: Analysis of android intent effectiveness in malware detection. Comput Secur. 2017; 65:121\u201334.","journal-title":"Comput Secur"},{"key":"134_CR76","doi-asserted-by":"crossref","unstructured":"Felt AP, Chin E, Hanna S, Song D, Wagner D. Android permissions demystified. In: Proceedings of the 18th ACM conference on Computer and communications security. ACM: 2011. p. 627\u201338.","DOI":"10.1145\/2046707.2046779"},{"key":"134_CR77","doi-asserted-by":"crossref","unstructured":"Feng R, Meng G, Xie X, Su T, Liu Y, Lin SW. Learning performance optimization from code changes for android apps. In: 2019 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE: 2019. p. 285\u201390.","DOI":"10.1109\/ICSTW.2019.00067"},{"key":"134_CR78","doi-asserted-by":"crossref","unstructured":"Feng Y, Anand S, Dillig I, Aiken A. Apposcopy: Semantics-based detection of android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM: 2014. p. 576\u201387.","DOI":"10.1145\/2635868.2635869"},{"key":"134_CR79","doi-asserted-by":"crossref","unstructured":"Ferrari A, Gallucci D, Puccinelli D, Giordano S. Detecting energy leaks in android app with poem. In: 2015 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops). IEEE: 2015. p. 421\u20136.","DOI":"10.1109\/PERCOMW.2015.7134075"},{"issue":"12","key":"134_CR80","doi-asserted-by":"publisher","first-page":"1146","DOI":"10.1109\/TSE.2017.2755039","volume":"44","author":"M Franzago","year":"2018","unstructured":"Franzago M, Di Ruscio D, Malavolta I, Muccini H. Collaborative model-driven software engineering: a classification framework and a research map. IEEE Trans Softw Eng. 2018; 44(12):1146\u201375. https:\/\/doi.org\/10.1109\/TSE.2017.2755039.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR81","doi-asserted-by":"crossref","unstructured":"Fratantonio Y, Machiry A, Bianchi A, Kruegel C, Vigna G. Clapp: Characterizing loops in android applications. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering. ACM: 2015. p. 687\u201397.","DOI":"10.1145\/2786805.2786873"},{"key":"134_CR82","doi-asserted-by":"crossref","unstructured":"Fratantonio Y, Bianchi A, Robertson W, Kirda E, Kruegel C, Vigna G. Triggerscope: Towards detecting logic bombs in android applications. In: Security and Privacy (SP), 2016 IEEE Symposium on. IEEE: 2016. p. 377\u201396.","DOI":"10.1109\/SP.2016.30"},{"issue":"5","key":"134_CR83","doi-asserted-by":"publisher","first-page":"3046","DOI":"10.1007\/s10664-018-9673-y","volume":"24","author":"P Gadient","year":"2019","unstructured":"Gadient P, Ghafari M, Frischknecht P, Nierstrasz O. Security code smells in android icc. Empir Softw Eng. 2019; 24(5):3046\u201376.","journal-title":"Empir Softw Eng"},{"key":"134_CR84","doi-asserted-by":"crossref","unstructured":"Gao X, Tan SH, Dong Z, Roychoudhury A. Android testing via synthetic symbolic execution. In: 2018 33rd IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2018. p. 419\u201329.","DOI":"10.1145\/3238147.3238225"},{"key":"134_CR85","doi-asserted-by":"crossref","unstructured":"Garcia J, Hammad M, Ghorbani N, Malek S. Automatic generation of inter-component communication exploits for android applications. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM SIGSOFT: 2017. p. 661\u201371.","DOI":"10.1145\/3106237.3106286"},{"issue":"3","key":"134_CR86","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3162625","volume":"26","author":"J Garcia","year":"2018","unstructured":"Garcia J, Hammad M, Malek S. Lightweight, obfuscation-resilient detection and family identification of android malware. ACM Trans Softw Eng Methodol (TOSEM). 2018; 26(3):1\u201329.","journal-title":"ACM Trans Softw Eng Methodol (TOSEM)"},{"key":"134_CR87","doi-asserted-by":"crossref","unstructured":"Garc\u0131a-Ferreira I, Laorden C, Santos I, Bringas PG. A survey on static analysis and model checking. In: International Joint Conference SOCO\u201914-CISIS\u201914-ICEUTE\u201914: Bilbao, Spain, June 25th-27th, 2014, Proceedings, vol. 299. Springer: 2014. p. 443.","DOI":"10.1007\/978-3-319-07995-0_44"},{"key":"134_CR88","doi-asserted-by":"crossref","unstructured":"Gascon H, Yamaguchi F, Arp D, Rieck K. Structural detection of android malware using embedded call graphs. In: Proceedings of the 2013 ACM workshop on Artificial intelligence and security. ACM: 2013. p. 45\u201354.","DOI":"10.1145\/2517312.2517315"},{"key":"134_CR89","volume-title":"Proceedings of the 15th International Conference on Mining Software Repositories, MSR","author":"FX Geiger","year":"2018","unstructured":"Geiger FX, Malavolta I, Pascarella L, Palomba F, Nucci DD, Malavolta I, Bacchelli A. A Graph-based Dataset of Commit History of Real-World Android apps. In: Proceedings of the 15th International Conference on Mining Software Repositories, MSR. New York: ACM: 2018. http:\/\/www.ivanomalavolta.com\/files\/papers\/MSR_2018.pdf."},{"key":"134_CR90","doi-asserted-by":"crossref","unstructured":"Gibler C, Crussell J, Erickson J, Chen H. AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: International Conference on Trust and Trustworthy Computing. Springer: 2012. p. 291\u2013307.","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"134_CR91","doi-asserted-by":"crossref","unstructured":"Gonzalez H, Stakhanova N, Ghorbani AA. Authorship attribution of android apps. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. ACM: 2018. p. 277\u201386.","DOI":"10.1145\/3176258.3176322"},{"key":"134_CR92","doi-asserted-by":"crossref","unstructured":"Gordon MI, Kim D, Perkins JH, Gilham L, Nguyen N, Rinard MC. Information Flow Analysis of Android Applications in DroidSafe. In: NDSS, vol. 15: 2015. p. 110.","DOI":"10.14722\/ndss.2015.23089"},{"key":"134_CR93","doi-asserted-by":"crossref","unstructured":"Gorla A, Tavecchia I, Gross F, Zeller A. Checking app behavior against app descriptions. In: Proceedings of the 36th International Conference on Software Engineering. ACM: 2014a. p. 1025\u201335.","DOI":"10.1145\/2568225.2568276"},{"key":"134_CR94","doi-asserted-by":"crossref","unstructured":"Gorla A, Tavecchia I, Gross F, Zeller A. Checking App Behavior Against App Descriptions. In: Proceedings of the 36th International Conference on Software Engineering (ICSE 2014): 2014. p. 1025\u201335.","DOI":"10.1145\/2568225.2568276"},{"key":"134_CR95","doi-asserted-by":"crossref","unstructured":"Grace M, Zhou Y, Zhang Q, Zou S, Jiang X. Riskranker: scalable and accurate zero-day android malware detection. In: Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM: 2012a. p. 281\u201394.","DOI":"10.1145\/2307636.2307663"},{"key":"134_CR96","unstructured":"Grace MC, Zhou Y, Wang Z, Jiang X. Systematic detection of capability leaks in stock android smartphones. In: NDSS, vol. 14. Internet Society: 2012b. p. 19."},{"key":"134_CR97","doi-asserted-by":"crossref","unstructured":"Gui J, Li D, Wan M, Halfond WG. Lightweight measurement and estimation of mobile ad energy consumption. In: 2016 IEEE\/ACM 5th International Workshop on Green and Sustainable Software (GREENS). IEEE: 2016. p. 1\u20137.","DOI":"10.1145\/2896967.2896970"},{"key":"134_CR98","doi-asserted-by":"crossref","unstructured":"Guo C, Zhang J, Yan J, Zhang Z, Zhang Y. Characterizing and detecting resource leaks in android applications. In: 2013 IEEE\/ACM 28th International Conference on Automated Software Engineering (ASE). IEEE: 2013. p. 389\u201398.","DOI":"10.1109\/ASE.2013.6693097"},{"key":"134_CR99","doi-asserted-by":"crossref","unstructured":"Guo C, Ye Q, Dong N, Bai G, Dong JS, Xu J. Automatic construction of callback model for android application. In: 2016 21st International Conference on Engineering of Complex Computer Systems (ICECCS). IEEE: 2016. p. 231\u20134.","DOI":"10.1109\/ICECCS.2016.041"},{"key":"134_CR100","doi-asserted-by":"crossref","unstructured":"Hammad M, Garcia J, Malek S. Self-protection of android systems from inter-component communication attacks. In: 2018 33rd IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2018. p. 726\u201337.","DOI":"10.1145\/3238147.3238207"},{"key":"134_CR101","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.jss.2018.11.049","volume":"149","author":"M Hammad","year":"2019","unstructured":"Hammad M, Bagheri H, Malek S. Deldroid: an automated approach for determination and enforcement of least-privilege architecture in android. J Syst Softw. 2019; 149:83\u2013100.","journal-title":"J Syst Softw"},{"key":"134_CR102","doi-asserted-by":"crossref","unstructured":"Hanna S, Huang L, Wu E, Li S, Chen C, Song D. Juxtapp: A scalable system for detecting code reuse among android applications. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer: 2012. p. 62\u201381.","DOI":"10.1007\/978-3-642-37300-8_4"},{"key":"134_CR103","doi-asserted-by":"crossref","unstructured":"Hao S, Li D, Halfond WG, Govindan R. Estimating android applications\u2019 cpu energy usage via bytecode profiling. In: Proceedings of the First International Workshop on Green and Sustainable Software. IEEE Press: 2012. p. 1\u20137.","DOI":"10.1109\/GREENS.2012.6224263"},{"key":"134_CR104","doi-asserted-by":"crossref","unstructured":"Hao S, Li D, Halfond WG, Govindan R. Estimating mobile application energy consumption using program analysis. In: Proceedings of the 2013 International Conference on Software Engineering. IEEE Press: 2013. p. 92\u2013101.","DOI":"10.1109\/ICSE.2013.6606555"},{"issue":"1","key":"134_CR105","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/2194-0827-1-1","volume":"1","author":"R Harrison","year":"2013","unstructured":"Harrison R, Flood D, Duce D. Usability of mobile applications: literature review and rationale for a new usability model. J Interact Sci. 2013; 1(1):1\u201316.","journal-title":"J Interact Sci"},{"key":"134_CR106","doi-asserted-by":"crossref","unstructured":"He D, Li L, Wang L, Zheng H, Li G, Xue J. Understanding and detecting evolution-induced compatibility issues in android apps. In: 2018 33rd IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2018. p. 167\u201377.","DOI":"10.1145\/3238147.3238185"},{"key":"134_CR107","doi-asserted-by":"crossref","unstructured":"He J, Chen T, Wang P, Wu Z, Yan J. Android multitasking mechanism: Formal semantics and static analysis of apps. In: Asian Symposium on Programming Languages and Systems. Springer: 2019. p. 291\u2013312.","DOI":"10.1007\/978-3-030-34175-6_15"},{"key":"134_CR108","doi-asserted-by":"crossref","unstructured":"Hecht G, Benomar O, Rouvoy R, Moha N, Duchien L. Tracking the software quality of android applications along their evolution (t). In: 2015 30th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2015. p. 236\u201347.","DOI":"10.1109\/ASE.2015.46"},{"key":"134_CR109","doi-asserted-by":"crossref","unstructured":"Hoffmann J, Ussath M, Holz T, Spreitzenbarth M. Slicing droids: program slicing for smali code. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing. ACM: 2013. p. 1844\u201351.","DOI":"10.1145\/2480362.2480706"},{"key":"134_CR110","doi-asserted-by":"crossref","unstructured":"Holavanalli S, Manuel D, Nanjundaswamy V, Rosenberg B, Shen F, Ko SY, Ziarek L. Flow permissions for android. In: Proceedings of the 28th IEEE\/ACM International Conference on Automated Software Engineering. IEEE Press: 2013. p. 652\u20137.","DOI":"10.1109\/ASE.2013.6693128"},{"key":"134_CR111","doi-asserted-by":"crossref","unstructured":"Huang J, Zhang X, Tan L, Wang P, Liang B. Asdroid: Detecting stealthy behaviors in android applications by user interface and program behavior contradiction. In: Proceedings of the 36th International Conference on Software Engineering. ACM: 2014. p. 1036\u201346.","DOI":"10.1145\/2568225.2568301"},{"key":"134_CR112","unstructured":"Huang J, Li Z, Xiao X, Wu Z, Lu K, Zhang X, Jiang G. SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps. In: USENIX Security Symposium: 2015. p. 977\u201392."},{"key":"134_CR113","doi-asserted-by":"crossref","unstructured":"Huang W, Dong Y, Milanova A, Dolby J. Scalable and precise taint analysis for android. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis: 2015b. p. 106\u201317.","DOI":"10.1145\/2771783.2771803"},{"key":"134_CR114","unstructured":"Gartner Inc. Title of Citation. 2017. http:\/\/www.gartner.com\/newsroom\/id\/3609817. Accessed 27 Sept 2017."},{"key":"134_CR115","unstructured":"ISO\/IEC. ISO\/IEC 25010 System and software quality models. Tech. rep. ISO\/IEC. 2010."},{"key":"134_CR116","volume-title":"Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM \u201912)","author":"S Jalali","year":"2012","unstructured":"Jalali S, Wohlin C. Systematic Literature Studies: Database Searches vs. Backward Snowballing. In: Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM \u201912). New York: ACM: 2012. p. 29\u201338."},{"key":"134_CR117","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1016\/j.diin.2015.06.002","volume":"14","author":"Jang Jw","year":"2015","unstructured":"Jw Jang, Kang H, Woo J, Mohaisen A, Kim HK. Andro-autopsy: Anti-malware system based on similarity matching of malware and malware creator-centric information. Digit Investig. 2015; 14:17\u201335.","journal-title":"Digit Investig"},{"key":"134_CR118","doi-asserted-by":"crossref","unstructured":"Jeon J, Micinski KK, Vaughan JA, Fogel A, Reddy N, Foster JS, Millstein T. Dr. Android and Mr. Hide: fine-grained permissions in android applications. In: Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices. ACM: 2012. p. 3\u201314.","DOI":"10.1145\/2381934.2381938"},{"key":"134_CR119","doi-asserted-by":"crossref","unstructured":"Jia YJ, Chen QA, Lin Y, Kong C, Mao ZM. Open doors for bob and mallory: Open port usage in android apps and security implications. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE: 2017. p. 190\u2013203.","DOI":"10.1109\/EuroSP.2017.44"},{"key":"134_CR120","unstructured":"Jiang YZX, Xuxian Z. Detecting passive content leaks and pollution in android applications. In: Proceedings of the 20th Network and Distributed System Security Symposium (NDSS). Internet Society: 2013."},{"key":"134_CR121","doi-asserted-by":"crossref","unstructured":"Jin X, Hu X, Ying K, Du W, Yin H, Peri GN. Code injection attacks on html5-based mobile apps: Characterization, detection and mitigation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM: 2014. p. 66\u201377.","DOI":"10.1145\/2660267.2660275"},{"key":"134_CR122","doi-asserted-by":"crossref","unstructured":"Joorabchi ME, Mesbah A, Kruchten P. Real Challenges in Mobile App Development. In: Empirical Software Engineering and Measurement, 2013. IEEE: 2013. p. 15\u201324.","DOI":"10.1109\/ESEM.2013.9"},{"key":"134_CR123","doi-asserted-by":"crossref","unstructured":"Joorabchi ME, Mesbah A, Kruchten P. Real challenges in mobile app development. In: 2013 ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement. ACM\/IEEE: 2013. p. 15\u201324.","DOI":"10.1109\/ESEM.2013.9"},{"key":"134_CR124","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1016\/j.cose.2016.01.008","volume":"59","author":"M Junaid","year":"2016","unstructured":"Junaid M, Liu D, Kung D. Comput Secur. 2016; 59:92\u2013117.","journal-title":"Comput Secur"},{"key":"134_CR125","doi-asserted-by":"crossref","unstructured":"Junaid M, Ming J, Kung D. Statedroid: Stateful detection of stealthy attacks in android apps via horn-clause verification. In: Proceedings of the 34th Annual Computer Security Applications Conference. ACM: 2018. p. 198\u2013209.","DOI":"10.1145\/3274694.3274707"},{"key":"134_CR126","doi-asserted-by":"crossref","unstructured":"Keng JCJ. Automated testing and notification of mobile app privacy leak-cause behaviours. In: 2016 31st IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2016. p. 880\u20133.","DOI":"10.1145\/2970276.2975935"},{"key":"134_CR127","doi-asserted-by":"crossref","unstructured":"Keng JCJ, Jiang L, Wee TK, Balanm RK. Graph-aided directed testing of android applications for checking runtime privacy behaviours. In: Proceedings of the 11th International Workshop on Automation of Software Test. ACM: 2016. p. 57\u201363.","DOI":"10.1145\/2896921.2896930"},{"issue":"3","key":"134_CR128","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1109\/MS.2014.50","volume":"32","author":"H Khalid","year":"2015","unstructured":"Khalid H, Shihab E, Nagappan M, Hassan AE. What do mobile app users complain about?IEEE Softw. 2015; 32(3):70\u20137.","journal-title":"IEEE Softw"},{"key":"134_CR129","doi-asserted-by":"crossref","unstructured":"Kim CHP, Kroening D, Kwiatkowska M. Static program analysis for identifying energy bugs in graphics-intensive mobile apps. In: 2016 IEEE 24th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (MASCOTS). IEEE: 2016a. p. 115\u201324.","DOI":"10.1109\/MASCOTS.2016.28"},{"key":"134_CR130","first-page":"110","volume":"12","author":"Y Yoon","year":"2012","unstructured":"Kim J, Yoon Y, Yi K, Shin J, Center S. Scandal: Static analyzer for detecting privacy leaks in android applications. MoST. 2012; 12:110.","journal-title":"MoST"},{"key":"134_CR131","doi-asserted-by":"crossref","unstructured":"Kim J, Choi H, Namkung H, Choi W, Choi B, Hong H, Kim Y, Lee J, Han D. Enabling automatic protocol behavior analysis for android applications. In: Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies. ACM: 2016b. p. 281\u201395.","DOI":"10.1145\/2999572.2999596"},{"issue":"12","key":"134_CR132","doi-asserted-by":"publisher","first-page":"2049","DOI":"10.1016\/j.infsof.2013.07.010","volume":"55","author":"B Kitchenham","year":"2013","unstructured":"Kitchenham B, Brereton P. A systematic review of systematic review process research in software engineering. Inf Softw Technol. 2013; 55(12):2049\u201375.","journal-title":"Inf Softw Technol"},{"key":"134_CR133","unstructured":"Kitchenham BA, Charters S. Guidelines for performing systematic literature reviews in software engineering. Tech. Rep. EBSE-2007-01, Keele University and University of Durham. 2007."},{"key":"134_CR134","doi-asserted-by":"crossref","unstructured":"Kitchenham BA, Budgen D, Brereton OP. The value of mapping studies-a participant-observer case study. In: EASE, vol. 10. ACM: 2010. p. 25\u201333.","DOI":"10.14236\/ewic\/EASE2010.4"},{"key":"134_CR135","doi-asserted-by":"crossref","unstructured":"Klieber W, Flynn L, Bhosale A, Jia L, Bauer L. Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis. ACM: 2014. p. 1\u20136.","DOI":"10.1145\/2614628.2614633"},{"key":"134_CR136","doi-asserted-by":"crossref","unstructured":"Koch W, Chaabane A, Egele M, Robertson W, Kirda E. Semi-automated discovery of server-based information oversharing vulnerabilities in android applications. In: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM SIGSOFT: 2017. p. 147\u201357.","DOI":"10.1145\/3092703.3092708"},{"key":"134_CR137","doi-asserted-by":"crossref","unstructured":"Lai D, Rubin J. Goal-driven exploration for android applications. In: 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2019. p. 115\u201327.","DOI":"10.1109\/ASE.2019.00021"},{"key":"134_CR138","doi-asserted-by":"crossref","unstructured":"Lee S, Dolby J, Ryu S. Hybridroid: static analysis framework for android hybrid applications. In: 2016 31st IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2016. p. 250\u201361.","DOI":"10.1145\/2970276.2970368"},{"key":"134_CR139","doi-asserted-by":"crossref","unstructured":"Lee YK, Bang JY, Safi G, Shahbazian A, Zhao Y, Medvidovic N. A sealant for inter-app security holes in android. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE: 2017. p. 312\u201323.","DOI":"10.1109\/ICSE.2017.36"},{"issue":"4","key":"134_CR140","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1016\/j.infsof.2010.11.009","volume":"53","author":"OAL Lemos","year":"2011","unstructured":"Lemos OAL, Bajracharya S, Ossher J, Masiero PC, Lopes C. A test-driven approach to code search and its application to the reuse of auxiliary functionality. Inf Softw Technol. 2011; 53(4):294\u2013306.","journal-title":"Inf Softw Technol"},{"key":"134_CR141","doi-asserted-by":"crossref","unstructured":"Ley M. The DBLP computer science bibliography: Evolution, research issues, perspectives. In: International symposium on string processing and information retrieval. Springer: 2002. p. 1\u201310.","DOI":"10.1007\/3-540-45735-6_1"},{"key":"134_CR142","doi-asserted-by":"crossref","unstructured":"Li D, Hao S, Halfond WG, Govindan R. Calculating source line level energy information for android applications. In: Proceedings of the 2013 International Symposium on Software Testing and Analysis. ACM: 2013. p. 78\u201389.","DOI":"10.1145\/2483760.2483780"},{"key":"134_CR143","doi-asserted-by":"crossref","unstructured":"Li D, Lyu Y, Gui J, Halfond WG. Automated energy optimization of http requests for mobile applications. In: 2016 IEEE\/ACM 38th International Conference on Software Engineering (ICSE). IEEE: 2016a. p. 249\u201360.","DOI":"10.1145\/2884781.2884867"},{"key":"134_CR144","doi-asserted-by":"crossref","unstructured":"Li L, Bartel A, Klein J, Le Traon Y. Automatically exploiting potential component leaks in android applications. In: 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). IEEE: 2014. p. 388\u201397.","DOI":"10.1109\/TrustCom.2014.50"},{"key":"134_CR145","doi-asserted-by":"crossref","unstructured":"Li L, Allix K, Li D, Bartel A, Bissyand\u00e9 TF, Klein J. Potential component leaks in android apps: An investigation into a new feature set for malware detection. In: 2015 IEEE International Conference on Software Quality, Reliability and Security. IEEE: 2015. p. 195\u2013200.","DOI":"10.1109\/QRS.2015.36"},{"key":"134_CR146","doi-asserted-by":"crossref","unstructured":"Li L, Bartel A, Bissyand\u00e9 TF, Klein J, Le Traon Y. Apkcombiner: Combining multiple android apps to support inter-app analysis. In: IFIP International Information Security and Privacy Conference. Springer: 2015. p. 513\u201327.","DOI":"10.1007\/978-3-319-18467-8_34"},{"key":"134_CR147","doi-asserted-by":"crossref","unstructured":"Li L, Bartel A, Bissyand\u00e9 TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P. Iccta: Detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press: 2015. p. 280\u201391.","DOI":"10.1109\/ICSE.2015.48"},{"key":"134_CR148","doi-asserted-by":"crossref","unstructured":"Li L, Bissyand\u00e9 TF, Octeau D, Klein J. Droidra: Taming reflection to support whole-program analysis of android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis. ACM: 2016. p. 318\u201329.","DOI":"10.1145\/2931037.2931044"},{"key":"134_CR149","doi-asserted-by":"crossref","unstructured":"Li L, Bissyand\u00e9 TF, Octeau D, Klein J. Reflection-aware static analysis of android apps. In: 2016 31st IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2016. p. 756\u201361.","DOI":"10.1145\/2970276.2970277"},{"key":"134_CR150","doi-asserted-by":"crossref","unstructured":"Li L, Li D, Bartel A, Bissyand\u00e9 TF, Klein J, Traon YL. Towards a generic framework for automating extensive analysis of android applications. In: Proceedings of the 31st Annual ACM Symposium on Applied Computing. ACM: 2016. p. 1460\u20135.","DOI":"10.1145\/2851613.2851784"},{"key":"134_CR151","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1016\/j.infsof.2017.04.001","volume":"88","author":"L Li","year":"2017","unstructured":"Li L, Bissyand\u00e9 TF, Papadakis M, Rasthofer S, Bartel A, Octeau D, Klein J, Le Traon Y. Static analysis of android apps: a systematic literature review. Inf Softw Technol. 2017; 88:67\u201395. https:\/\/doi.org\/10.1016\/j.infsof.2017.04.001.","journal-title":"Inf Softw Technol"},{"key":"134_CR152","doi-asserted-by":"crossref","unstructured":"Li L, Bissyand\u00e9 TF, Wang H, Klein J. Cid: Automating the detection of api-related compatibility issues in android apps. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM SIGSOFT: 2018. p. 153\u201363.","DOI":"10.1145\/3213846.3213857"},{"key":"134_CR153","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1016\/j.jss.2019.04.065","volume":"154","author":"L Li","year":"2019","unstructured":"Li L, Riom T, Bissyand\u00e9 TF, Wang H, Klein J, et al.Revisiting the impact of common libraries for android-related investigations. J Syst Softw. 2019; 154:157\u2013175.","journal-title":"J Syst Softw"},{"key":"134_CR154","doi-asserted-by":"crossref","unstructured":"Li M, Wang W, Wang P, Wang S, Wu D, Liu J, Xue R, Huo W. Libd: Scalable and precise third-party library detection in android markets. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE: 2017. p. 335\u201346.","DOI":"10.1109\/ICSE.2017.38"},{"key":"134_CR155","doi-asserted-by":"crossref","unstructured":"Li W, Jiang Y, Xu C, Liu Y, Ma X, L\u00fc J. Characterizing and detecting inefficient image displaying issues in android apps. In: 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE: 2019. p. 355\u201365.","DOI":"10.1109\/SANER.2019.8668030"},{"key":"134_CR156","unstructured":"Li Y, Guo Y, Chen X. Pepping. In: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM: 2016. p. 682\u201393."},{"key":"134_CR157","doi-asserted-by":"crossref","unstructured":"Li Z, Sun J, Yan Q, Srisa-an W, Bachala S. Grandroid: Graph-based detection of malicious network behaviors in android applications. In: International Conference on Security and Privacy in Communication Systems. Springer: 2018. p. 264\u201380.","DOI":"10.1007\/978-3-030-01701-9_15"},{"key":"134_CR158","doi-asserted-by":"crossref","unstructured":"Li Z, Sun J, Yan Q, Srisa-an W, Tsutano Y. Obfusifier: Obfuscation-resistant android malware detection system. In: International Conference on Security and Privacy in Communication Systems. Springer: 2019. p. 214\u201334.","DOI":"10.1007\/978-3-030-37228-6_11"},{"key":"134_CR159","doi-asserted-by":"crossref","unstructured":"Liang S, Keep AW, Might M, Lyde S, Gilray T, Aldous P, Van Horn D. Sound and precise malware analysis for android via pushdown reachability and entry-point saturation. In: Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices. ACM: 2013. p. 21\u201332.","DOI":"10.1145\/2516760.2516769"},{"key":"134_CR160","doi-asserted-by":"crossref","unstructured":"Lin Y, Radoi C, Dig D. Retrofitting concurrency for android applications through refactoring. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM: 2014. p. 341\u201352.","DOI":"10.1145\/2635868.2635903"},{"key":"134_CR161","doi-asserted-by":"crossref","unstructured":"Lin Y, Okur S, Dig D. Study and refactoring of android asynchronous programming (t). In: 2015 30th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2015. p. 224\u201335.","DOI":"10.1109\/ASE.2015.50"},{"key":"134_CR162","doi-asserted-by":"crossref","unstructured":"Linares-Vasquez M, Vendome C, Luo Q, Poshyvanyk D. How developers detect and fix performance bottlenecks in android apps. In: 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME). IEEE: 2015. p. 352\u201361.","DOI":"10.1109\/ICSM.2015.7332486"},{"key":"134_CR163","doi-asserted-by":"publisher","first-page":"110,781","DOI":"10.1109\/ACCESS.2019.2934528","volume":"7","author":"A Liu","year":"2019","unstructured":"Liu A, Guo C, Wang W, Qiu Y, Xu J. Static back-stack transition analysis for android. IEEE Access. 2019; 7:110,781\u2013110,793.","journal-title":"IEEE Access"},{"key":"134_CR164","doi-asserted-by":"crossref","unstructured":"Liu J, Wu T, Yan J, Zhang J. Fixing resource leaks in android apps with light-weight static analysis and low-overhead instrumentation. In: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE). IEEE: 2016. p. 342\u201352.","DOI":"10.1109\/ISSRE.2016.15"},{"key":"134_CR165","doi-asserted-by":"crossref","unstructured":"Liu J, Wu D, Xue J. Tdroid: Exposing app switching attacks in android with control flow specialization. In: 2018 33rd IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2018. p. 236\u201347.","DOI":"10.1145\/3238147.3238188"},{"key":"134_CR166","doi-asserted-by":"crossref","unstructured":"Liu Y, Xu C, Cheung SC. Characterizing and detecting performance bugs for smartphone applications. In: Proceedings of the 36th International Conference on Software Engineering. ACM: 2014. p. 1013\u201324.","DOI":"10.1145\/2568225.2568229"},{"issue":"9","key":"134_CR167","doi-asserted-by":"publisher","first-page":"911","DOI":"10.1109\/TSE.2014.2323982","volume":"40","author":"Y Liu","year":"2014","unstructured":"Liu Y, Xu C, Cheung SC, Lu J. Greendroid: Automated diagnosis of energy inefficiency for smartphone applications. IEEE Trans Softw Eng. 2014; 40(9):911\u201340.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR168","doi-asserted-by":"crossref","unstructured":"Liu Y, Xu C, Cheung SC, Terragni V. Understanding and detecting wake lock misuses for android applications. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM: 2016. p. 396\u2013409.","DOI":"10.1145\/2950290.2950297"},{"key":"134_CR169","doi-asserted-by":"crossref","unstructured":"Lortz S, Mantel H, Starostin A, B\u00e4hr T, Schneider D, Weber A. Cassandra: Towards a certifying app store for android. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. ACM: 2014. p. 93\u2013104.","DOI":"10.1145\/2666620.2666631"},{"key":"134_CR170","doi-asserted-by":"crossref","unstructured":"Lu L, Li Z, Wu Z, Lee W, Jiang G. Chex: statically vetting android apps for component hijacking vulnerabilities. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM: 2012. p. 229\u201340.","DOI":"10.1145\/2382196.2382223"},{"key":"134_CR171","doi-asserted-by":"crossref","unstructured":"Lyu Y, Li D, Halfond WG. Remove rats from your code: automated optimization of resource inefficient database writes for mobile applications. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM SIGSOFT: 2018. p. 310\u201321.","DOI":"10.1145\/3213846.3213865"},{"key":"134_CR172","doi-asserted-by":"crossref","unstructured":"Ma J, Liu S, Jiang Y, Tao X, Xu C, Lu J. Lesdroid: a tool for detecting exported service leaks of android applications. In: Proceedings of the 26th Conference on Program Comprehension. ACM: 2018. p. 244\u201354.","DOI":"10.1145\/3196321.3196336"},{"key":"134_CR173","doi-asserted-by":"crossref","unstructured":"Ma S, Bertino E, Nepal S, Li J, Ostry D, Deng RH, Jha S. Finding flaws from password authentication code in android apps. In: European Symposium on Research in Computer Security. Springer: 2019. p. 619\u201337.","DOI":"10.1007\/978-3-030-29959-0_30"},{"key":"134_CR174","doi-asserted-by":"crossref","unstructured":"Ma Z, Wang H, Guo Y, Chen X. Libradar: Fast and accurate detection of third-party libraries in android apps. In: Proceedings of the 38th international conference on software engineering companion. ACM\/IEEE: 2016. p. 653\u20136.","DOI":"10.1145\/2889160.2889178"},{"key":"134_CR175","doi-asserted-by":"crossref","unstructured":"Mahmood R, Mirzaei N, Malek S. Evodroid: Segmented evolutionary testing of android apps. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM SIGSOFT: 2014. p. 599\u2013609.","DOI":"10.1145\/2635868.2635896"},{"key":"134_CR176","doi-asserted-by":"crossref","unstructured":"Mann C, Starostin A. A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th annual ACM symposium on applied computing. ACM: 2012. p. 1457\u201362.","DOI":"10.1145\/2245276.2232009"},{"key":"134_CR177","doi-asserted-by":"crossref","unstructured":"Maqsood HMA, Qureshi KN, Bashir F, Islam NU. Privacy leakage through exploitation of vulnerable inter-app communication on android. In: 2019 13th International Conference on Open Source Systems and Technologies (ICOSST). IEEE: 2019. p. 1\u20136.","DOI":"10.1109\/ICOSST48232.2019.9043935"},{"key":"134_CR178","doi-asserted-by":"crossref","unstructured":"Mariconti E, Onwuzurike L, Andriotis P, De Cristofaro E, Ross G, Stringhini G. Mamadroid: Detecting android malware by building markov chains of behavioral models. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, February 26 - March, vol 1. Internet Society: 2017. p. 2017.","DOI":"10.14722\/ndss.2017.23353"},{"issue":"9","key":"134_CR179","doi-asserted-by":"publisher","first-page":"817","DOI":"10.1109\/TSE.2016.2630689","volume":"43","author":"W Martin","year":"2017","unstructured":"Martin W, Sarro F, Jia Y, Zhang Y, Harman M. A survey of app store analysis for software engineering. IEEE Trans Softw Eng. 2017; 43(9):817\u201347.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR180","doi-asserted-by":"crossref","unstructured":"Martini A, Bosch J. The danger of architectural technical debt: Contagious debt and vicious circles. In: 2015 12th Working IEEE\/IFIP Conference on Software Architecture (WICSA). IEEE: 2015. p. 1\u201310.","DOI":"10.1109\/WICSA.2015.31"},{"key":"134_CR181","doi-asserted-by":"crossref","unstructured":"Mirzaei N, Bagheri H, Mahmood R, Malek S. Sig-droid: Automated system input generation for android applications. In: 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE). IEEE: 2015. p. 461\u201371.","DOI":"10.1109\/ISSRE.2015.7381839"},{"key":"134_CR182","doi-asserted-by":"crossref","unstructured":"Mirzaei N, Garcia J, Bagheri H, Sadeghi A, Malek S. Reducing combinatorics in gui testing of android applications. In: 2016 IEEE\/ACM 38th International Conference on Software Engineering (ICSE). IEEE: 2016. p. 559\u201370.","DOI":"10.1145\/2884781.2884853"},{"key":"134_CR183","doi-asserted-by":"crossref","unstructured":"Mishra A, Kanade A, Srikant Y. Asynchrony-aware static analysis of android applications. In: 2016 ACM\/IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE). IEEE: 2016. p. 163\u201372.","DOI":"10.1109\/MEMCOD.2016.7797761"},{"issue":"12","key":"134_CR184","doi-asserted-by":"publisher","first-page":"1176","DOI":"10.1109\/TSE.2017.2757486","volume":"44","author":"R Morales","year":"2017","unstructured":"Morales R, Saborido R, Khomh F, Chicano F, Antoniol G. Earmo: an energy-aware refactoring approach for mobile apps. IEEE Trans Softw Eng. 2017; 44(12):1176\u2013206.","journal-title":"IEEE Trans Softw Eng"},{"key":"134_CR185","doi-asserted-by":"crossref","unstructured":"Moran K, Linares-V\u00e1squez M, Bernal-C\u00e1rdenas C, Vendome C, Poshyvanyk D. Automatically discovering, reporting and reproducing android application crashes. In: 2016 IEEE international conference on software testing, verification and validation (icst). IEEE: 2016. p. 33\u201344.","DOI":"10.1109\/ICST.2016.34"},{"key":"134_CR186","unstructured":"Nan Y, Yang M, Yang Z, Zhou S, Gu G, Wang X. UIPicker: User-Input Privacy Identification in Mobile Applications. In: USENIX Security Symposium. USENIX Association: 2015. p. 993\u20131008."},{"key":"134_CR187","doi-asserted-by":"crossref","unstructured":"Narayanan A, Chandramohan M, Chen L, Liu Y. A multi-view context-aware approach to android malware detection and malicious code localization. Empir Softw Eng. 2018a; 23(3):1222\u201374.","DOI":"10.1007\/s10664-017-9539-8"},{"key":"134_CR188","doi-asserted-by":"crossref","unstructured":"Narayanan A, Soh C, Chen L, Liu Y, Wang L. apk2vec: Semi-supervised multi-view representation learning for profiling android applications. In: 2018 IEEE International Conference on Data Mining (ICDM). IEEE: 2018. p. 357\u201366.","DOI":"10.1109\/ICDM.2018.00051"},{"key":"134_CR189","unstructured":"Nielson F, Nielson HR, Hankin C. Principles of program analysis: Springer; 2015."},{"issue":"1","key":"134_CR190","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1002\/spe.2643","volume":"49","author":"A Nirumand","year":"2019","unstructured":"Nirumand A, Zamani B, Tork Ladani B. Vandroid: A framework for vulnerability analysis of android applications using a model-driven reverse engineering technique. Softw Pract Exp. 2019; 49(1):70\u201399.","journal-title":"Softw Pract Exp"},{"key":"134_CR191","doi-asserted-by":"crossref","unstructured":"Nolan G. Decompiling android: Apress; 2012.","DOI":"10.1007\/978-1-4302-4249-9"},{"key":"134_CR192","volume-title":"Proceedings of the 22nd USENIX Conference on Security. SEC\u201913","author":"D Octeau","year":"2013","unstructured":"Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Le Traon Y. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX Conference on Security. SEC\u201913. Washington, D.C.: USENIX Association: 2013. p. 543\u2013558."},{"key":"134_CR193","doi-asserted-by":"crossref","unstructured":"Octeau D, Luchaup D, Dering M, Jha S, McDaniel P. Composite constant propagation: Application to android inter-component communication analysis. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press: 2015. p. 77\u201388.","DOI":"10.1109\/ICSE.2015.30"},{"key":"134_CR194","doi-asserted-by":"crossref","unstructured":"Octeau D, Jha S, Dering M, McDaniel P, Bartel A, Li L, Klein J, Le Traon Y. Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: ACM SIGPLAN Notices, vol. 51. ACM: 2016. p. 469\u201384.","DOI":"10.1145\/2914770.2837661"},{"key":"134_CR195","doi-asserted-by":"crossref","unstructured":"Ongkosit T, Takada S. Responsiveness analysis tool for android application. In: Proceedings of the 2nd International Workshop on Software Development Lifecycle for Mobile. ACM: 2014. p. 1\u20134.","DOI":"10.1145\/2661694.2661695"},{"key":"134_CR196","doi-asserted-by":"crossref","unstructured":"Pan L, Cui B, Yan J, Ma X, Yan J, Zhang J. Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for android. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis: 2019. p. 394\u20137.","DOI":"10.1145\/3293882.3339001"},{"key":"134_CR197","doi-asserted-by":"crossref","unstructured":"Pascarella L, Geiger FX, Palomba F, Nucci DD, Malavolta I, Bacchelli A. Self-Reported Activities of Android Developers. In: 5th IEEE\/ACM International Conference on Mobile Software Engineering and Systems. New York: ACM: 2018. http:\/\/www.ivanomalavolta.com\/files\/papers\/mobilesoft_2018_self.pdf.","DOI":"10.1145\/3197231.3197251"},{"key":"134_CR198","doi-asserted-by":"crossref","unstructured":"Pathak A, Jindal A, Hu YC, Midkiff SP. What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps. In: Proceedings of the 10th international conference on Mobile systems, applications, and services. ACM: 2012. p. 267\u201380.","DOI":"10.1145\/2307636.2307661"},{"key":"134_CR199","doi-asserted-by":"crossref","unstructured":"Pauck F, Wehrheim H. Together strong: cooperative android app analysis. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM SIGSOFT: 2019. p. 374\u201384.","DOI":"10.1145\/3338906.3338915"},{"issue":"11","key":"134_CR200","doi-asserted-by":"publisher","first-page":"1192","DOI":"10.1016\/j.infsof.2012.05.003","volume":"54","author":"\u00c9 Payet","year":"2012","unstructured":"Payet \u00c9, Spoto F. Static analysis of android programs. Inf Softw Technol. 2012; 54(11):1192\u2013201.","journal-title":"Inf Softw Technol"},{"key":"134_CR201","doi-asserted-by":"crossref","unstructured":"Peiravian N, Zhu X. Machine learning for android malware detection using permission and api calls. In: 2013 IEEE 25th international conference on tools with artificial intelligence. IEEE: 2013. p. 300\u20135.","DOI":"10.1109\/ICTAI.2013.53"},{"key":"134_CR202","unstructured":"Petersen K, Feldt R, Mujtaba S, Mattsson M. Systematic mapping studies in software engineering. In: Proceedings of the 12th International Conference on Evaluation and Assessment in Software Engineering, British Computer Society, Swinton, UK, UK, EASE\u201908: 2008. p. 68\u201377. http:\/\/dl.acm.org\/citation.cfm?id=2227115.2227123."},{"key":"134_CR203","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.infsof.2015.03.007","volume":"64","author":"K Petersen","year":"2015","unstructured":"Petersen K, Vakkalanka S, Kuzniarz L. Guidelines for conducting systematic mapping studies in software engineering: An update. Inf Softw Technol. 2015; 64:1\u201318.","journal-title":"Inf Softw Technol"},{"issue":"2","key":"134_CR204","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1147\/sj.462.0265","volume":"46","author":"M Pistoia","year":"2007","unstructured":"Pistoia M, Chandra S, Fink SJ, Yahav E. A survey of static analysis methods for identifying security vulnerabilities in software systems. IBM Syst J. 2007; 46(2):265\u201388.","journal-title":"IBM Syst J"},{"key":"134_CR205","unstructured":"Radhakrishna A, Lewchenko NV, Meier S, Mover S, Sripada KC, Zufferey D, Chang BYE, Cerny\u0300 P. Droidstar: callback typestates for android classes. In: 2018 IEEE\/ACM 40th International Conference on Software Engineering (ICSE). IEEE: 2018. p. 1160\u201370."},{"key":"134_CR206","doi-asserted-by":"crossref","unstructured":"Rasthofer S, Arzt S, Triller S, Pradel M. Making malory behave maliciously: Targeted fuzzing of android execution environments. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE: 2017. p. 300\u201311.","DOI":"10.1109\/ICSE.2017.35"},{"key":"134_CR207","doi-asserted-by":"crossref","unstructured":"Ravitch T, Creswick ER, Tomb A, Foltzer A, Elliott T, Casburn L. Multi-app security analysis with fuse: Statically detecting android app collusion. In: Proceedings of the 4th Program Protection and Reverse Engineering Workshop. ACM: 2014. p. 4.","DOI":"10.1145\/2689702.2689705"},{"key":"134_CR208","unstructured":"IBM Research. T.J. Watson Libraries for Analysis. 2006. http:\/\/wala.sourceforge.net\/wiki\/index.php\/Main_Page. Accessed 06 Nov 2019."},{"key":"134_CR209","doi-asserted-by":"crossref","unstructured":"Rosen S, Qian Z, Mao ZM. Appprofiler: a flexible method of exposing privacy-related behavior in android applications to end users. In: Proceedings of the third ACM conference on Data and application security and privacy. ACM: 2013. p. 221\u201332.","DOI":"10.1145\/2435349.2435380"},{"key":"134_CR210","doi-asserted-by":"crossref","unstructured":"Rountev A, Yan D. Static reference analysis for gui objects in android software. In: Proceedings of Annual IEEE\/ACM International Symposium on Code Generation and Optimization. ACM: 2014. p. 143.","DOI":"10.1145\/2544137.2544159"},{"key":"134_CR211","doi-asserted-by":"crossref","unstructured":"Rubin J, Gordon MI, Nguyen N, Rinard M. Covert communication in mobile applications (t). In: 2015 30th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2015. p. 647\u201357.","DOI":"10.1109\/ASE.2015.66"},{"key":"134_CR212","doi-asserted-by":"crossref","unstructured":"Sadeghi A, Jabbarvand R, Malek S. Patdroid: permission-aware gui testing of android. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM SIGSOFT: 2017. p. 220\u201332.","DOI":"10.1145\/3106237.3106250"},{"key":"134_CR213","doi-asserted-by":"crossref","unstructured":"Sadeghi A, Jabbarvand R, Ghorbani N, Bagheri H, Malek S. A temporal permission analysis and enforcement framework for android. In: Proceedings of the 40th International Conference on Software Engineering. ACM\/IEEE: 2018. p. 846\u201357.","DOI":"10.1145\/3180155.3180172"},{"key":"134_CR214","doi-asserted-by":"crossref","unstructured":"Sahaf Z, Garousi V, Pfahl D, Irving R, Amannejad Y. When to automate software testing? decision support based on system dynamics: an industrial case study. In: Proceedings of the 2014 International Conference on Software and System Process. ACM: 2014. p. 149\u201358.","DOI":"10.1145\/2600821.2600832"},{"issue":"2","key":"134_CR215","first-page":"315","volume":"25","author":"F Sattler","year":"2018","unstructured":"Sattler F, von Rhein A, Berger T, Johansson NS, Apel S. Hard\u00f8, MM. Lifting inter-app data-flow analysis to large app sets. Automated Software Engineering. 2018; 25(2):315\u201346.","journal-title":"Lifting inter-app data-flow analysis to large app sets. Automated Software Engineering"},{"key":"134_CR216","doi-asserted-by":"crossref","unstructured":"Scalabrino S, Bavota G, Linares-V\u00e1squez M, Lanza M, Oliveto R. Data-driven solutions to detect api compatibility issues in android: an empirical study. In: 2019 IEEE\/ACM 16th International Conference on Mining Software Repositories (MSR). IEEE: 2019. p. 288\u201398.","DOI":"10.1109\/MSR.2019.00055"},{"issue":"6","key":"134_CR217","doi-asserted-by":"publisher","first-page":"5006","DOI":"10.1007\/s10664-020-09877-w","volume":"25","author":"S Scalabrino","year":"2020","unstructured":"Scalabrino S, Bavota G, Linares-V\u00e1squez M, Piantadosi V, Lanza M, Oliveto R. Empir Softw Eng. 2020; 25(6):5006\u201346.","journal-title":"Empir Softw Eng"},{"key":"134_CR218","doi-asserted-by":"crossref","unstructured":"Scoccia GL, Malavolta I, Autili M, Di Salle A, Inverardi P. User-centric android flexible permissions. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering Companion (ICSE-C). IEEE: 2017. p. 365\u20137.","DOI":"10.1109\/ICSE-C.2017.84"},{"key":"134_CR219","first-page":"1","volume":"01","author":"GL Scoccia","year":"2019","unstructured":"Scoccia GL, Malavolta I, Autili M, Di Salle A, Inverardi P. Enhancing trustability of android applications via user-centric flexible permissions. IEEE Comput Archit Lett. 2019; 01:1\u20131.","journal-title":"IEEE Comput Archit Lett"},{"key":"134_CR220","doi-asserted-by":"crossref","unstructured":"Shan Z, Azim T, Neamtiu I. Finding resume and restart errors in android applications. In: ACM SIGPLAN Notices, vol. 51. ACM: 2016. p. 864\u201380.","DOI":"10.1145\/3022671.2984011"},{"key":"134_CR221","doi-asserted-by":"crossref","unstructured":"Shan Z, Neamtiu I, Samuel R. Self-hiding behavior in android apps: detection and characterization. In: Proceedings of the 40th International Conference on Software Engineering: 2018. p. 728\u201339.","DOI":"10.1145\/3180155.3180214"},{"key":"134_CR222","doi-asserted-by":"crossref","unstructured":"Shao Y, Luo X, Qian C, Zhu P, Zhang L. Towards a scalable resource-driven approach for detecting repackaged android applications. In: Proceedings of the 30th Annual Computer Security Applications Conference. ACM: 2014. p. 56\u201365.","DOI":"10.1145\/2664243.2664275"},{"key":"134_CR223","doi-asserted-by":"crossref","unstructured":"Sharma A, Nasre R. Qadroid: regression event selection for android applications. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM SIGSOFT: 2019. p. 66\u201377.","DOI":"10.1145\/3293882.3330550"},{"key":"134_CR224","doi-asserted-by":"crossref","unstructured":"Shen F, Vishnubhotla N, Todarka C, Arora M, Dhandapani B, Lehner EJ, Ko SY, Ziarek L. Information flows as a permission mechanism. In: Proceedings of the 29th ACM\/IEEE international conference on Automated software engineering. ACM: 2014. p. 515\u201326.","DOI":"10.1145\/2642937.2643018"},{"key":"134_CR225","doi-asserted-by":"crossref","unstructured":"Sinha L, Bhandari S, Faruki P, Gaur MS, Laxmi V, Conti M. Flowmine: Android app analysis via data flow. In: 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC). IEEE: 2016. p. 435\u201341.","DOI":"10.1109\/CCNC.2016.7444819"},{"key":"134_CR226","doi-asserted-by":"crossref","unstructured":"Slavin R, Wang X, Hosseini MB, Hester J, Krishnan R, Bhatia J, Breaux TD, Niu J. Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th International Conference on Software Engineering. ACM\/IEEE: 2016. p. 25\u201336.","DOI":"10.1145\/2884781.2884855"},{"key":"134_CR227","unstructured":"IBM Software. Native, web or hybrid mobile-app development. Thought Leadership White Paper. 2013. IBM white paper. ftp:\/\/public.dhe.ibm.com\/software\/pdf\/mobile-enterprise\/WSW14182USEN.pdf."},{"key":"134_CR228","doi-asserted-by":"crossref","unstructured":"Song H, Lin D, Zhu S, Wang W, Zhang S. Ads-sa: System for automatically detecting sensitive path of android applications based on static analysis. In: International Conference on Smart City and Informatization. Springer: 2019. p. 309\u201322.","DOI":"10.1007\/978-981-15-1301-5_25"},{"key":"134_CR229","doi-asserted-by":"crossref","unstructured":"Song W, Zhang J, Huang J. Servdroid: detecting service usage inefficiencies in android applications. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM SIGSOFT: 2019. p. 362\u201373.","DOI":"10.1145\/3338906.3338950"},{"key":"134_CR230","doi-asserted-by":"crossref","unstructured":"Sounthiraraj D, Sahs J, Greenwood G, Lin Z, Khan L. Smv-hunter: Large scale, automated detection of ssl\/tls man-in-the-middle vulnerabilities in android apps. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium (NDSS\u201914). Citeseer: 2014.","DOI":"10.14722\/ndss.2014.23205"},{"key":"134_CR231","doi-asserted-by":"crossref","unstructured":"Su T, Meng G, Chen Y, Wu K, Yang W, Yao Y, Pu G, Liu Y, Su Z. Guided, stochastic model-based gui testing of android apps. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM SIGSOFT: 2017. p. 245\u201356.","DOI":"10.1145\/3106237.3106298"},{"key":"134_CR232","doi-asserted-by":"crossref","unstructured":"Suzuki N, Kamina T, Maruyama K. Detecting invalid layer combinations using control-flow analysis for android. In: Proceedings of the 8th International Workshop on Context-Oriented Programming. ACM: 2016. p. 27\u201332.","DOI":"10.1145\/2951965.2951970"},{"key":"134_CR233","doi-asserted-by":"crossref","unstructured":"Tillmann N, Moskal M, de Halleux J, Fahndrich M. Touchdevelop: programming cloud-connected mobile devices via touchscreen. In: Proceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software. ACM: 2011. p. 49\u201360.","DOI":"10.1145\/2048237.2048245"},{"key":"134_CR234","doi-asserted-by":"crossref","unstructured":"Titze D, Lux M, Schuette J. Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications. In: 2017 IEEE Trustcom\/BigDataSE\/ICESS. IEEE: 2017. p. 618\u201325.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.292"},{"key":"134_CR235","doi-asserted-by":"crossref","unstructured":"Tiwari A, Gro\u00df S, Hammer C. Iifa: modular inter-app intent information flow analysis of android applications. In: International Conference on Security and Privacy in Communication Systems. Springer: 2019. p. 335\u201349.","DOI":"10.1007\/978-3-030-37231-6_19"},{"key":"134_CR236","doi-asserted-by":"crossref","unstructured":"Tiwari A, Prakash J, Gro\u00df S, Hammer C. Ludroid: A large scale analysis of android\u2013web hybridization. In: 2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE: 2019. p. 256\u201367.","DOI":"10.1109\/SCAM.2019.00036"},{"key":"134_CR237","doi-asserted-by":"crossref","unstructured":"Tsutano Y, Bachala S, Srisa-An W, Rothermel G, Dinh J. An efficient, robust, and scalable approach for analyzing interacting android apps. In: 2017 IEEE\/ACM 39th International Conference on Software Engineering (ICSE). IEEE: 2017. p. 324\u201334.","DOI":"10.1109\/ICSE.2017.37"},{"key":"134_CR238","unstructured":"Vall\u00e9e-Rai R, Co P, Gagnon E, Hendren L, Lam P, Sundaresan V. Soot-a java bytecode optimization framework. In: Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research. IBM Press: 1999. p. 13."},{"key":"134_CR239","doi-asserted-by":"crossref","unstructured":"Verdecchia R, Procaccianti G, Malavolta I, Lago P, Koedijk J. Estimating energy impact of software releases and deployment strategies: The KPMG case study. In: ACM\/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), vol. 2017. IEEE: 2017. p. 257\u201366.","DOI":"10.1109\/ESEM.2017.39"},{"key":"134_CR240","unstructured":"Vu PM, Nguyen TT, Pham HV, Nguyen TT. Mining user opinions in mobile app reviews: A keyword-based approach (t). In: 2015 30th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2015. p. 749\u201359."},{"key":"134_CR241","volume-title":"Proceedings of the 2015 International Symposium on Software Testing and Analysis","author":"H Wang","year":"2015","unstructured":"Wang H, Guo Y, Ma Z, Chen X. Wukong: A scalable and accurate two-phase approach to android app clone detection. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis. New York: ACM: 2015. p. 71\u201382. http:\/\/doi.acm.org\/10.1145\/2771783.2771795."},{"key":"134_CR242","doi-asserted-by":"crossref","unstructured":"Wang H, Guo Y, Tang Z, Bai G, Chen X. Reevaluating android permission gaps with static and dynamic analysis. In: 2015 IEEE Global Communications Conference (GLOBECOM). IEEE: 2015. p. 1\u20136.","DOI":"10.1109\/GLOCOM.2015.7417621"},{"key":"134_CR243","doi-asserted-by":"crossref","unstructured":"Wang H, Hong J, Guo Y. Using text mining to infer the purpose of permission use in mobile apps. In: Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM: 2015. p. 1107\u201318.","DOI":"10.1145\/2750858.2805833"},{"issue":"4","key":"134_CR244","first-page":"1","volume":"35","author":"H Wang","year":"2017","unstructured":"Wang H, Li Y, Guo Y, Agarwal Y, Hong JI. Understanding the purpose of permission use in mobile apps. ACM Trans Inf Syst (TOIS). 2017; 35(4):1\u201340.","journal-title":"ACM Trans Inf Syst (TOIS)"},{"key":"134_CR245","doi-asserted-by":"crossref","unstructured":"Wang X, Qin X, Hosseini MB, Slavin R, Breaux TD, Niu J. Guileak: Tracing privacy policy claims on user input data for android applications. In: Proceedings of the 40th International Conference on Software Engineering. ACM\/IEEE: 2018. p. 37\u201347.","DOI":"10.1145\/3180155.3180196"},{"key":"134_CR246","doi-asserted-by":"crossref","unstructured":"Wang Y, Rountev A. Profiling the responsiveness of android applications via automated resource amplification. In: Proceedings of the International Conference on Mobile Software Engineering and Systems. ACM: 2016. p. 48\u201358.","DOI":"10.1145\/2897073.2897097"},{"key":"134_CR247","doi-asserted-by":"crossref","unstructured":"Wang Y, Rountev A. Who changed you? obfuscator identification for android. In: 2017 IEEE\/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE: 2017. p. 154\u201364.","DOI":"10.1109\/MOBILESoft.2017.18"},{"key":"134_CR248","doi-asserted-by":"crossref","unstructured":"Wang Y, Wu H, Zhang H, Rountev A. Orlis: Obfuscation-resilient library detection for android. In: 2018 IEEE\/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft). IEEE: 2018. p. 13\u201323.","DOI":"10.1145\/3197231.3197248"},{"key":"134_CR249","doi-asserted-by":"crossref","unstructured":"Wasserman AI. Software engineering issues for mobile application development. In: Proceedings of the FSE\/SDP workshop on Future of software engineering research. ACM: 2010. p. 397\u2013400.","DOI":"10.1145\/1882362.1882443"},{"key":"134_CR250","unstructured":"Watanabe T, Akiyama M, Sakai T, Mori T. Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps. In: Eleventh Symposium On Usable Privacy and Security ({SOUPS}, vol. 2015: 2015. p. 241\u201355."},{"key":"134_CR251","doi-asserted-by":"crossref","unstructured":"Wei F, Roy S, Ou X, et al.Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM: 2014. p. 1329\u201341.","DOI":"10.1145\/2660267.2660357"},{"key":"134_CR252","doi-asserted-by":"crossref","unstructured":"Wei L, Liu Y, Cheung SC. Taming android fragmentation: Characterizing and detecting compatibility issues for android apps. In: Proceedings of the 31st IEEE\/ACM International Conference on Automated Software Engineering. ACM: 2016. p. 226\u201337.","DOI":"10.1145\/2970276.2970312"},{"key":"134_CR253","doi-asserted-by":"crossref","unstructured":"Wei L, Liu Y, Cheung SC. Oasis: prioritizing static analysis warnings for android apps based on app user reviews. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM SIGSOFT: 2017. p. 672\u201382.","DOI":"10.1145\/3106237.3106294"},{"key":"134_CR254","doi-asserted-by":"crossref","unstructured":"Wei L, Liu Y, Cheung SC. Pivot: learning api-device correlations to facilitate android compatibility issue detection. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). IEEE: 2019. p. 878\u201388.","DOI":"10.1109\/ICSE.2019.00094"},{"key":"134_CR255","volume-title":"Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering (EASE \u201914)","author":"C Wohlin","year":"2014","unstructured":"Wohlin C. Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering (EASE \u201914). New York: ACM: 2014. p. 38:1\u201338:10."},{"key":"134_CR256","doi-asserted-by":"crossref","unstructured":"Wohlin C. Guidelines for snowballing in systematic literature studies and a replication in software engineering. In: Proceedings of the 18th international conference on evaluation and assessment in software engineering. ACM: 2014. p. 38.","DOI":"10.1145\/2601248.2601268"},{"key":"134_CR257","doi-asserted-by":"crossref","unstructured":"Wohlin C, Runeson P, H\u00f6st M, Ohlsson MC, Regnell B, Wessl\u00e9n A. Experimentation in Software Engineering (Computer Science): Springer; 2012.","DOI":"10.1007\/978-3-642-29044-2"},{"key":"134_CR258","doi-asserted-by":"crossref","unstructured":"Wong MY, Lie D. Intellidroid: A targeted input generator for the dynamic analysis of android malware. In: NDSS, vol. 16. Internet Society: 2016. p. 21\u201324.","DOI":"10.14722\/ndss.2016.23118"},{"key":"134_CR259","unstructured":"Wong MY, Lie D. Tackling runtime-based obfuscation in android with {TIRO}. In: 27th {USENIX} Security Symposium ({USENIX} Security), vol. 18. USENIX Association: 2018. p. 1247\u201362."},{"key":"134_CR260","doi-asserted-by":"crossref","unstructured":"Wu DJ, Mao CH, Wei TE, Lee HM, Wu KP. Droidmat: Android malware detection through manifest and api calls tracing. In: 2012 Seventh Asia Joint Conference on Information Security (Asia JCIS). IEEE: 2012. p. 62\u20139.","DOI":"10.1109\/AsiaJCIS.2012.18"},{"key":"134_CR261","doi-asserted-by":"crossref","unstructured":"Wu H, Yang S, Rountev A. Static detection of energy defect patterns in android applications. In: Proceedings of the 25th International Conference on Compiler Construction: 2016. p. 185\u201395.","DOI":"10.1145\/2892208.2892218"},{"key":"134_CR262","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/s11219-019-09484-z","volume":"40","author":"H Wu","year":"2020","unstructured":"Wu H, Zhang H, Wang Y, Rountev A. Sentinel: generating gui tests for sensor leaks in android and android wear apps. Softw Qual J. 2020; 40:335\u201367. https:\/\/doi.org\/10.1007\/s11219-019-09484-z.","journal-title":"Softw Qual J"},{"issue":"13","key":"134_CR263","doi-asserted-by":"publisher","first-page":"2338","DOI":"10.1002\/sec.1179","volume":"8","author":"J Wu","year":"2015","unstructured":"Wu J, Cui T, Ban T, Guo S, Cui L. Paddyfrog: systematically detecting confused deputy vulnerability in android applications. Secur Commun Netw. 2015; 8(13):2338\u201349.","journal-title":"Secur Commun Netw"},{"key":"134_CR264","doi-asserted-by":"crossref","unstructured":"Wu S, Wang P, Li X, Zhang Y. Effective detection of android malware based on the usage of data flow apis and machine learning. Inf Softw Technol. 2016b; 75:17\u201325.","DOI":"10.1016\/j.infsof.2016.03.004"},{"key":"134_CR265","doi-asserted-by":"crossref","unstructured":"Wu T, Yang Y. CapaDroid: Detecting Capability Leak for Android Applications. In: International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage. Springer: 2016. p. 95\u2013104.","DOI":"10.1007\/978-3-319-49145-5_10"},{"key":"134_CR266","doi-asserted-by":"crossref","unstructured":"Wu T, Liu J, Deng X, Yan J, Zhang J. Relda2: an effective static analysis tool for resource leak detection in android apps. In: 2016 31st IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2016. p. 762\u20137.","DOI":"10.1145\/2970276.2970278"},{"key":"134_CR267","doi-asserted-by":"crossref","unstructured":"Wu Y, Li X, Zou D, Yang W, Zhang X, Jin H. Malscan: Fast market-wide mobile malware scanning by social-network centrality analysis. In: 2019 34th IEEE\/ACM International Conference on Automated Software Engineering (ASE). IEEE: 2019. p. 139\u201350.","DOI":"10.1109\/ASE.2019.00023"},{"key":"134_CR268","doi-asserted-by":"crossref","unstructured":"Xi S, Yang S, Xiao X, Yao Y, Xiong Y, Xu F, Wang H, Gao P, Liu Z, Xu F, et al.Deepintent: Deep icon-behavior learning for detecting intention-behavior discrepancy in mobile apps. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security: 2019. p. 2421\u201336.","DOI":"10.1145\/3319535.3363193"},{"issue":"3","key":"134_CR269","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/s10515-014-0166-y","volume":"22","author":"X Xiao","year":"2015","unstructured":"Xiao X, Tillmann N, Fahndrich M, De Halleux J, Moskal M, Xie T. User-aware privacy control via extended static-information-flow analysis. Autom Softw Eng. 2015; 22(3):333\u201366.","journal-title":"Autom Softw Eng"},{"key":"134_CR270","doi-asserted-by":"crossref","unstructured":"Xiao X, Wang X, Cao Z, Wang H, Gao P. Iconintent: automatic identification of sensitive ui widgets based on icon classification for android apps. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). IEEE: 2019. p. 257\u201368.","DOI":"10.1109\/ICSE.2019.00041"},{"key":"134_CR271","unstructured":"Xie T. Software engineering conferences (statistics). 2002. http:\/\/taoxie.cs.illinois.edu\/seconferences.htm. Accessed 06 Nov 2019."},{"key":"134_CR272","doi-asserted-by":"crossref","unstructured":"Xu Z, Fan D, Qin S. State-taint analysis for detecting resource bugs. In: 2016 10th International Symposium on Theoretical Aspects of Software Engineering (TASE). IEEE: 2016. p. 168\u201375.","DOI":"10.1109\/TASE.2016.17"},{"key":"134_CR273","doi-asserted-by":"crossref","unstructured":"Xu Z, Ren K, Qin S, Craciun F. Cdgdroid: Android malware detection based on deep learning using cfg and dfg. In: International Conference on Formal Engineering Methods. Springer: 2018. p. 177\u201393.","DOI":"10.1007\/978-3-030-02450-5_11"},{"key":"134_CR274","doi-asserted-by":"crossref","unstructured":"Yan J, Deng X, Wang P, Wu T, Yan J, Zhang J. Characterizing and identifying misexposed activities in android applications. In: Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering: 2018. p. 691\u2013701.","DOI":"10.1145\/3238147.3238164"},{"key":"134_CR275","doi-asserted-by":"crossref","unstructured":"Yang S, Yan D, Wu H, Wang Y, Rountev A. Static control-flow analysis of user-driven callbacks in android applications. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press: 2015. p. 89\u201399.","DOI":"10.1109\/ICSE.2015.31"},{"key":"134_CR276","doi-asserted-by":"crossref","unstructured":"Yang S, Wu H, Zhang H, Wang Y, Swaminathan C, Yan D, Rountev A. Static window transition graphs for android. Autom Softw Eng. 2018a; 25(4):833\u201373.","DOI":"10.1007\/s10515-018-0237-6"},{"key":"134_CR277","doi-asserted-by":"crossref","unstructured":"Yang W, Prasad MR, Xie T. A grey-box approach for automated gui-model generation of mobile applications. In: International Conference on Fundamental Approaches to Software Engineering. Springer: 2013. p. 250\u201365.","DOI":"10.1007\/978-3-642-37057-1_19"},{"key":"134_CR278","doi-asserted-by":"crossref","unstructured":"Yang W, Xiao X, Andow B, Li S, Xie T, Enck W. Appcontext: Differentiating malicious and benign mobile app behaviors using context. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press: 2015. p. 303\u201313.","DOI":"10.1109\/ICSE.2015.50"},{"key":"134_CR279","doi-asserted-by":"crossref","unstructured":"Yang W, Prasad MR, Xie T. Enmobile: Entity-based characterization and analysis of mobile malware. In: Proceedings of the 40th International Conference on Software Engineering. ACM\/IEEE: 2018. p. 384\u201394.","DOI":"10.1145\/3180155.3180223"},{"key":"134_CR280","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.infsof.2017.04.007","volume":"90","author":"X Yang","year":"2017","unstructured":"Yang X, Lo D, Li L, Xia X, Klein J. Characterizing malicious android apps by mining topic-specific data flow signatures. Inf Softw Technol. 2017; 90:27\u201339.","journal-title":"Inf Softw Technol"},{"key":"134_CR281","doi-asserted-by":"crossref","unstructured":"Yang Z, Yang M. Leakminer: Detect information leakage on android with static taint analysis. In: 2012 Third World Congress on Software Engineering (WCSE). IEEE: 2012. p. 101\u20134.","DOI":"10.1109\/WCSE.2012.26"},{"key":"134_CR282","doi-asserted-by":"crossref","unstructured":"Yang Z, Yang M, Zhang Y, Gu G, Ning P, Wang XS. Appintent: Analyzing sensitive data transmission in android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM: 2013. p. 1043\u201354.","DOI":"10.1145\/2508859.2516676"},{"key":"134_CR283","doi-asserted-by":"crossref","unstructured":"Yerima SY, Sezer S, McWilliams G, Muttik I. A new android malware detection approach using bayesian classification. In: 2013 IEEE 27th international conference on advanced information networking and applications (AINA). IEEE: 2013. p. 121\u20138.","DOI":"10.1109\/AINA.2013.88"},{"key":"134_CR284","doi-asserted-by":"crossref","unstructured":"Yu L, Zhang T, Luo X, Xue L. Autoppg: Towards automatic generation of privacy policy for android applications. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM: 2015. p. 39\u201350.","DOI":"10.1145\/2808117.2808125"},{"key":"134_CR285","doi-asserted-by":"crossref","unstructured":"Yu L, Luo X, Qian C, Wang S. Revisiting the description-to-behavior fidelity in android applications. In: 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol. 1. IEEE: 2016. p. 415\u201326.","DOI":"10.1109\/SANER.2016.67"},{"key":"134_CR286","doi-asserted-by":"crossref","unstructured":"Yu L, Luo X, Qian C, Wang S, Leung HK. Enhancing the description-to-behavior fidelity in android apps with privacy policy. IEEE Trans Softw Engg. 2017a; 44(9):834\u201354.","DOI":"10.1109\/TSE.2017.2730198"},{"key":"134_CR287","doi-asserted-by":"crossref","unstructured":"Yu L, Zhang T, Luo X, Xue L, Chang H. Toward automatically generating privacy policy for android apps. IEEE Trans Inf Forensic Secur. 2017b; 12(4):865\u201380.","DOI":"10.1109\/TIFS.2016.2639339"},{"key":"134_CR288","doi-asserted-by":"crossref","unstructured":"Zhang C, Wang H, Wang R, Guo Y, Xu G. Re-checking app behavior against app description in the context of third-party libraries. In: SEKE. KSI Research Inc.: 2018a. p. 665\u20134.","DOI":"10.18293\/SEKE2018-180"},{"key":"134_CR289","unstructured":"Zhang D, Wang R, Lin Z, Guo D, Cao X. IacDroid: Preventing Inter-App Communication capability leaks in Android. In: 2016 IEEE Symposium on Computers and Communication (ISCC). IEEE: 2016. p. 443\u2013449."},{"key":"134_CR290","doi-asserted-by":"crossref","unstructured":"Zhang F, Huang H, Zhu S, Wu D, Liu P. Viewdroid: Towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of the 2014 ACM conference on Security and privacy in wireless & mobile networks. ACM: 2014. p. 25\u201336.","DOI":"10.1145\/2627393.2627395"},{"issue":"7","key":"134_CR291","doi-asserted-by":"publisher","first-page":"1341","DOI":"10.1016\/j.infsof.2012.09.008","volume":"55","author":"H Zhang","year":"2013","unstructured":"Zhang H, Babar MA. Systematic reviews in software engineering: An empirical investigation. Inf Softw Technol. 2013; 55(7):1341\u201354.","journal-title":"Inf Softw Technol"},{"key":"134_CR292","doi-asserted-by":"crossref","unstructured":"Zhang H, Wu H, Rountev A. Automated test generation for detection of leaks in android applications. In: Proceedings of the 11th International Workshop on Automation of Software Test. ACM: 2016. p. 64\u201370.","DOI":"10.1145\/2896921.2896932"},{"key":"134_CR293","doi-asserted-by":"crossref","unstructured":"Zhang J, Qin Z, Zhang K, Yin H, Zou J. Dalvik opcode graph based android malware variants detection using global topology features. IEEE Access. 2018b; 6:51,964\u201351,974.","DOI":"10.1109\/ACCESS.2018.2870534"},{"key":"134_CR294","doi-asserted-by":"crossref","unstructured":"Zhang J, Beresford AR, Kollmann SA. Libid: reliable identification of obfuscated third-party android libraries. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis: 2019. p. 55\u201365.","DOI":"10.1145\/3293882.3330563"},{"key":"134_CR295","doi-asserted-by":"crossref","unstructured":"Zhang M, Yin H. Appsealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in android applications. In: NDSS: 2014.","DOI":"10.14722\/ndss.2014.23255"},{"key":"134_CR296","doi-asserted-by":"crossref","unstructured":"Zhang M, Yin H. Efficient, context-aware privacy leakage confinement for android applications without firmware modding. In: Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM: 2014. p. 259\u201370.","DOI":"10.1145\/2590296.2590312"},{"key":"134_CR297","doi-asserted-by":"crossref","unstructured":"Zhang M, Duan Y, Yin H, Zhao Z. Semantics-aware android malware classification using weighted contextual api dependency graphs. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM: 2014b. p. 1105\u201316.","DOI":"10.1145\/2660267.2660359"},{"key":"134_CR298","doi-asserted-by":"crossref","unstructured":"Zhang M, Duan Y, Feng Q, Yin H. Towards automatic generation of security-centric descriptions for android apps. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security: 2015. p. 518\u201329.","DOI":"10.1145\/2810103.2813669"},{"issue":"10","key":"134_CR299","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1145\/2398857.2384634","volume":"47","author":"Y Zhang","year":"2012","unstructured":"Zhang Y, Huang G, Liu X, Zhang W, Mei H, Yang S. Refactoring android java code for on-demand computation offloading. ACM Sigplan Not. 2012; 47(10):233\u201348.","journal-title":"ACM Sigplan Not"},{"key":"134_CR300","doi-asserted-by":"crossref","unstructured":"Zhang Y, Tan T, Li Y, Xue J. Ripple: Reflection analysis for android apps in incomplete information environments. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. ACM: 2017. p. 281\u2013288.","DOI":"10.1145\/3029806.3029814"},{"key":"134_CR301","doi-asserted-by":"crossref","unstructured":"Zhang Y, Dai J, Zhang X, Huang S, Yang Z, Yang M, Chen H. Detecting third-party libraries in android applications with high precision and recall. In: 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE: 2018. p. 141\u201352.","DOI":"10.1109\/SANER.2018.8330204"},{"key":"134_CR302","doi-asserted-by":"crossref","unstructured":"Zhang Y, Sui Y, Xue J. Launch-mode-aware context-sensitive activity transition analysis. In: Proceedings of the 40th International Conference on Software Engineering. ACM\/IEEE: 2018. p. 598\u2013608.","DOI":"10.1145\/3180155.3180188"},{"key":"134_CR303","doi-asserted-by":"crossref","unstructured":"Zhao J, Albarghouthi A, Rastogi V, Jha S, Octeau D. Neural-augmented static analysis of android communication. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ACM SIGSOFT: 2018. p. 342\u201353.","DOI":"10.1145\/3236024.3236066"},{"key":"134_CR304","doi-asserted-by":"crossref","unstructured":"Zhao Y, Laser MS, Lyu Y, Medvidovic N. Leveraging program analysis to reduce user-perceived latency in mobile applications. In: Proceedings of the 40th International Conference on Software Engineering. ACM\/IEEE: 2018. p. 176\u201386.","DOI":"10.1145\/3180155.3180249"},{"key":"134_CR305","doi-asserted-by":"crossref","unstructured":"Zhauniarovich Y, Ahmad M, Gadyatskaya O, Crispo B, Massacci F. Stadyna: Addressing the problem of dynamic code updates in the security analysis of android applications. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. ACM: 2015. p. 37\u201348.","DOI":"10.1145\/2699026.2699105"},{"key":"134_CR306","doi-asserted-by":"crossref","unstructured":"Zheng C, Zhu S, Dai S, Gu G, Gong X, Han X, Zou W. Smartdroid: an automatic system for revealing ui-based trigger conditions in android applications. In: Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices. ACM: 2012. p. 93\u2013104.","DOI":"10.1145\/2381934.2381950"},{"key":"134_CR307","doi-asserted-by":"crossref","unstructured":"Zhongyang Y, Xin Z, Mao B, Xie L. Droidalarm: an all-sided static analysis tool for android privilege-escalation malware. In: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security. ACM SIGSAC: 2013. p. 353\u20138.","DOI":"10.1145\/2484313.2484359"},{"key":"134_CR308","unstructured":"Zhou Y, Wang Z, Zhou W, Jiang X. Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: NDSS, vol. 25: 2012. p. 50\u20132."},{"key":"134_CR309","doi-asserted-by":"crossref","unstructured":"Zhou Y, Wu L, Wang Z, Jiang X. Harvesting developer credentials in android apps. In: Proceedings of the 8th ACM conference on security & privacy in wireless and mobile networks. ACM: 2015. p. 1\u201312.","DOI":"10.1145\/2766498.2766499"},{"key":"134_CR310","doi-asserted-by":"crossref","unstructured":"Zimmeck S, Wang Z, Zou L, Iyengar R, Liu B, Schaub F, Wilson S, Sadeh NM, Bellovin SM, Reidenberg JR. Automated analysis of privacy requirements for mobile apps. In: NDSS. Internet Society: 2017.","DOI":"10.14722\/ndss.2017.23034"}],"container-title":["Journal of Internet Services and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13174-021-00134-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s13174-021-00134-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s13174-021-00134-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,9]],"date-time":"2022-02-09T22:15:02Z","timestamp":1644444902000},"score":1,"resource":{"primary":{"URL":"https:\/\/jisajournal.springeropen.com\/articles\/10.1186\/s13174-021-00134-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,23]]},"references-count":310,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["134"],"URL":"https:\/\/doi.org\/10.1186\/s13174-021-00134-x","relation":{},"ISSN":["1867-4828","1869-0238"],"issn-type":[{"value":"1867-4828","type":"print"},{"value":"1869-0238","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7,23]]},"assertion":[{"value":"6 March 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 June 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 July 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"3"}}