{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T01:03:00Z","timestamp":1777424580297,"version":"3.51.4"},"reference-count":98,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T00:00:00Z","timestamp":1762300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Sophisticated malware families exploit the openness of the Android platform to enable large-scale disruption, data exfiltration, and denial-of-service attacks, including the infiltration of IoT infrastructures. This systematic literature review examines cutting-edge approaches to Android malware analysis, with implications for securing resource-constrained environments. We analyze feature extraction techniques across static, dynamic, hybrid, and graph-based methods, highlighting their respective trade-offs. Static analysis offers efficiency but is easily circumvented through obfuscation, whereas dynamic analysis provides stronger resistance to evasive behaviors at the cost of higher computational overhead, often unsuitable for lightweight devices. Hybrid approaches aim to balance accuracy with resource efficiency, while graph-based methods deliver enhanced semantic modeling and adversarial robustness. This survey provides a structured comparison of existing techniques, identifies open research gaps, and outlines a roadmap for future work to improve scalability, adaptability, and long-term resilience in Android malware detection.<\/jats:p>","DOI":"10.3390\/computers14110482","type":"journal-article","created":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T16:09:47Z","timestamp":1762358987000},"page":"482","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Feature-Centric Approaches to Android Malware Analysis: A Survey"],"prefix":"10.3390","volume":"14","author":[{"given":"Shama","family":"Maganur","sequence":"first","affiliation":[{"name":"Gianforte School of Computing, Montana State University, Bozeman, MT 59717, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0340-1152","authenticated-orcid":false,"given":"Yili","family":"Jiang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Georgia State University, Atlanta, GA 30303, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9794-2103","authenticated-orcid":false,"given":"Jiaqi","family":"Huang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Cybersecurity, University of Central Missouri, Warrensburg, MO 64093, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1125-7472","authenticated-orcid":false,"given":"Fangtian","family":"Zhong","sequence":"additional","affiliation":[{"name":"Gianforte School of Computing, Montana State University, Bozeman, MT 59717, USA"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,5]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Qiu, J., Nepal, S., Luo, W., Pan, L., Tai, Y., Zhang, J., and Xiang, Y. (2019). Data-Driven Android Malware Intelligence: A Survey. Machine Learning for Cyber Security, Proceedings of the Second International Conference, ML4CS 2019, Xi\u2019an, China, 19\u201321 September 2019, Springer.","DOI":"10.1007\/978-3-030-30619-9_14"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"2574","DOI":"10.1109\/TNSE.2022.3188597","article-title":"RThreatDroid: A Ransomware Detection Approach to Secure IoT Based Healthcare Systems","volume":"10","author":"Iqbal","year":"2023","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"DeLoach, J., and Caragea, D. (2017, January 11\u201314). Twitter-enhanced Android malware detection. Proceedings of the 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA.","DOI":"10.1109\/BigData.2017.8258510"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Hou, S., Fan, Y., Zhang, Y., Ye, Y., Lei, J., Wan, W., Wang, J., Xiong, Q., and Shao, F. (2019, January 3\u20137). \u03b1Cyber: Enhancing Robustness of Android Malware Detection System against Adversarial Attacks on Heterogeneous Graph based Model. Proceedings of the 28th ACM International Conference on Information and Knowledge Management, Beijing, China.","DOI":"10.1145\/3357384.3357875"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1109\/TIFS.2013.2290431","article-title":"Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks","volume":"9","author":"Rastogi","year":"2014","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Abaid, Z., Kaafar, M.A., and Jha, S. (November, January 30). Quantifying the impact of adversarial evasion attacks on machine learning based android malware classifiers. Proceedings of the 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA), Cambridge, MA, USA.","DOI":"10.1109\/NCA.2017.8171381"},{"key":"ref_7","unstructured":"Zheng, C., Dellarocca, N., Andronio, N., Zanero, S., and Maggi, F. (2016, January 10\u201312). GreatEatlon: Fast, Static Detection of Mobile Ransomware. Security and Privacy in Communication Networks, Proceedings of the 12th International Conference, SecureComm 2016, Guangzhou, China."},{"key":"ref_8","unstructured":"Lab, K. (2025, September 27). Android Malware and Unwanted Software Statistics for Q1 2024. Available online: https:\/\/securelist.com\/it-threat-evolution-q1-2024-mobile-statistics\/112750\/."},{"key":"ref_9","unstructured":"Team, C. (2025, September 27). Inside the Infamous Mirai IoT Botnet: A Retrospective Analysis. Available online: https:\/\/blog.cloudflare.com\/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis\/."},{"key":"ref_10","unstructured":"(2025, September 27). Forensic Methodology Report: How to Catch NSO Group\u2019s Pegasus. Technical Report, Amnesty International. Available online: https:\/\/www.amnesty.org\/en\/latest\/research\/2021\/07\/forensic-methodology-report-how-to-catch-nso-groups-pegasus\/."},{"key":"ref_11","unstructured":"News, T.H. (2025, September 27). Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF Readers. Available online: https:\/\/thehackernews.com\/2025\/07\/anatsa-android-banking-trojan-hits.html."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"124633","DOI":"10.1016\/j.eswa.2024.124633","article-title":"A lightweight deep learning-based android malware detection framework","volume":"255","author":"Ma","year":"2024","journal-title":"Expert Syst. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Dash, S.K., Suarez-Tangil, G., Khan, S., Tam, K., Ahmadi, M., Kinder, J., and Cavallaro, L. (2016, January 22\u201326). DroidScribe: Classifying Android Malware Based on Runtime Behavior. Proceedings of the 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA.","DOI":"10.1109\/SPW.2016.25"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/j.jpdc.2016.10.012","article-title":"A hybrid approach of mobile malware detection in Android","volume":"103","author":"Tong","year":"2017","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"123922","DOI":"10.1016\/j.eswa.2024.123922","article-title":"SNDGCN: Robust Android malware detection based on subgraph network and denoising GCN network","volume":"250","author":"Lu","year":"2024","journal-title":"Expert Syst. Appl."},{"key":"ref_16","first-page":"103556","article-title":"WHGDroid: Effective android malware detection based on weighted heterogeneous graph","volume":"77","author":"Huang","year":"2023","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Ojo, D., Siddique, N.M., Leung, C.K., and Hryhoruk, C.C. (2023, January 9\u201313). Machine Learning-Based Android Malware Detection. Proceedings of the 2023 IEEE 10th International Conference on Data Science and Advanced Analytics (DSAA), Thessaloniki, Greece.","DOI":"10.1109\/DSAA60987.2023.10302617"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Razgallah, A., and Khoury, R. (2021, January 6\u20139). Behavioral classification of Android applications using system calls. Proceedings of the 2021 28th Asia-Pacific Software Engineering Conference (APSEC), Taipei, Taiwan.","DOI":"10.1109\/APSEC53868.2021.00012"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Arora, A., and Peddoju, S.K. (2017, January 5\u20137). Minimizing Network Traffic Features for Android Mobile Malware Detection. Proceedings of the 18th International Conference on Distributed Computing and Networking, Hyderabad, India.","DOI":"10.1145\/3007748.3007763"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Afonso, V., Kalysch, A., M\u00fcller, T., Oliveira, D., Gr\u00e9gio, A., and de Geus, P.L. (2018). Lumus: Dynamically uncovering evasive android applications. Information Security, Proceedings of the 21st International Conference, ISC 2018, Guildford, UK, 9\u201312 September 2018, Springer.","DOI":"10.1007\/978-3-319-99136-8_3"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Norouzian, M.R., Xu, P., Eckert, C., and Zarras, A. (2021, January 10\u201312). Hybroid: Toward Android Malware Detection and Categorization with Program Code and Network Traffic. Information Security, Proceedings of the 24th International Conference, ISC 2021, Virtual Event.","DOI":"10.1007\/978-3-030-91356-4_14"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Gascon, H., Yamaguchi, F., Arp, D., and Rieck, K. (2013, January 4). Structural detection of android malware using embedded call graphs. Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, Berlin, Germany.","DOI":"10.1145\/2517312.2517315"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Fasano, F., Martinelli, F., Mercaldo, F., and Santone, A. (2019, January 14\u201319). Cascade Learning for Mobile Malware Families Detection through Quality and Android Metrics. Proceedings of the 2019 International Joint Conference on Neural Networks (IJCNN), Budapest, Hungary.","DOI":"10.1109\/IJCNN.2019.8852268"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Zhu, D., Xi, T., Jing, P., Wu, D., Xia, Q., and Zhang, Y. (2019, January 25\u201329). A Transparent and Multimodal Malware Detection Method for Android Apps. Proceedings of the 22nd Int\u2019l ACM Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, Miami Beach, FL, USA.","DOI":"10.1145\/3345768.3355915"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Li, H., Zhou, S., Yuan, W., Luo, X., Gao, C., and Chen, S. (2021, January 19\u201323). Robust Android Malware Detection against Adversarial Example Attacks. Proceedings of the Web Conference 2021, Ljubljana, Slovenia.","DOI":"10.1145\/3442381.3450044"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Rathore, H., Bandwala, T., Sahay, S., and Sewak, M. (2021, January 8\u20139). Adversarial Robustness of Image Based Android Malware Detection Models. Secure Knowledge Management in the Artificial Intelligence Era, Proceedings of the 9th International Conference, SKM 2021, San Antonio, TX, USA.","DOI":"10.1007\/978-3-030-97532-6_1"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Xi, N., He, Y., Zhang, Y., Wang, Z., and Feng, P. (2023, January 11\u201314). ACDroid: Detecting Collusion Applications on Smart Devices. Science of Cyber Security, Proceedings of the 5th International Conference, SciSec 2023, Melbourne, VIC, Australia.","DOI":"10.1007\/978-3-031-45933-7_1"},{"key":"ref_28","first-page":"1","article-title":"A Systematic Overview of Android Malware Detection","volume":"36","author":"Meijin","year":"2021","journal-title":"Appl. Artif. Intell."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3417978","article-title":"A Survey of Android Malware Detection with Deep Neural Models","volume":"53","author":"Qiu","year":"2020","journal-title":"ACM Comput. Surv."},{"key":"ref_30","unstructured":"Alam, M.T., Bhusal, D., and Rastogi, N. (2024). Revisiting Static Feature-Based Android Malware Detection. arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"1115","DOI":"10.1007\/s10207-023-00679-x","article-title":"SFCGDroid: Android malware detection based on sensitive function call graph","volume":"22","author":"Shi","year":"2023","journal-title":"Int. J. Inf. Secur."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Ma, D., Bai, Y., Xing, Z., Sun, L., and Li, X. (2020, January 1\u20134). A Knowledge Graph-based Sensitive Feature Selection for Android Malware Classification. Proceedings of the 2020 27th Asia-Pacific Software Engineering Conference (APSEC), Singapore.","DOI":"10.1109\/APSEC51365.2020.00027"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Allix, K., Jerome, Q., Bissyand\u00e9, T.F., Klein, J., State, R., and Traon, Y.L. (2014, January 21\u201325). A Forensic Analysis of Android Malware\u2013How is Malware Written and How it Could Be Detected?. Proceedings of the 2014 IEEE 38th Annual Computer Software and Applications Conference, Vasteras, Sweden.","DOI":"10.1109\/COMPSAC.2014.61"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Parker, C., McDonald, J.T., Johnsten, T., and Benton, R.G. (2018, January 22\u201324). Android Malware Detection Using Step-Size Based Multi-layered Vector Space Models. Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, MA, USA.","DOI":"10.1109\/MALWARE.2018.8659372"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"8087303","DOI":"10.1155\/2018\/8087303","article-title":"RoughDroid: Operative Scheme for Functional Android Malware Detection","volume":"2018","author":"Riad","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"7744","DOI":"10.1109\/TII.2024.3363016","article-title":"Android Malware Detection Method Based on CNN and DNN Bybrid Mechanism","volume":"20","author":"Dong","year":"2024","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_37","unstructured":"Lam, P., Hendren, R.L., and Lhot\u00e1k, O. (2019, January 16\u201320). The Soot Framework for Java Program Analysis: A Retrospective. Proceedings of the 2019 IEEE\/ACM International Symposium on Code Generation and Optimization (CGO), Washington, DC, USA."},{"key":"ref_38","unstructured":"Mariconti, E., Onwuzurike, L., Andriotis, P., De Cristofaro, E., Ross, G., and Stringhini, G. (2018, January 22\u201324). Impact of Code Obfuscation on Android Malware Detection based on Static and Dynamic Analysis. Proceedings of the 2018 International Conference on Information Systems Security and Privacy, Funchal, Portugal."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"e1002","DOI":"10.7717\/peerj-cs.1002","article-title":"On the Evaluation of Android Malware Detectors Against Code Obfuscation","volume":"8","author":"Dash","year":"2022","journal-title":"PeerJ Comput. Sci."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"2295","DOI":"10.1007\/s10586-016-0630-5","article-title":"A study of android malware detection techniques in virtual environment","volume":"19","author":"Jung","year":"2016","journal-title":"Clust. Comput."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"31798","DOI":"10.1109\/ACCESS.2018.2835654","article-title":"DroidEnsemble: Detecting Android Malicious Applications With Ensemble of String and Structural Static Features","volume":"6","author":"Wang","year":"2018","journal-title":"IEEE Access"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"176728","DOI":"10.1109\/ACCESS.2020.3026052","article-title":"Malicious Code Detection Based on Code Semantic Features","volume":"8","author":"Zhang","year":"2020","journal-title":"IEEE Access"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"107026","DOI":"10.1016\/j.comnet.2019.107026","article-title":"Mining Nested Flow of Dominant APIs for Detecting Android Malware","volume":"167","author":"Alam","year":"2019","journal-title":"Comput. Netw."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Skovoroda, A., and Gamayunov, D. (2017, January 28\u201330). Automated Static Analysis and Classification of Android Malware using Permission and API Calls Models. Proceedings of the 2017 15th Annual Conference on Privacy, Security and Trust (PST), Calgary, AB, Canada.","DOI":"10.1109\/PST.2017.00036"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1049\/ntw2.12022","article-title":"Bat optimization algorithm for wrapper-based feature selection and performance improvement of android malware detection","volume":"10","author":"Mallidi","year":"2021","journal-title":"IET Netw."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2619091","article-title":"TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones","volume":"32","author":"Enck","year":"2014","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Ferrante, A., Medvet, E., Mercaldo, F., Milosevic, J., and Visaggio, C.A. (September, January 31). Spotting the Malicious Moment: Characterizing Malware Behavior Using Dynamic Features. Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria.","DOI":"10.1109\/ARES.2016.70"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., H\u00fcbner, M., Gascon, H., and Rieck, K. (2014, January 23\u201326). DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket. Proceedings of the Symposium on Network and Distributed System Security (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2014.23247"},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Li, W., Zhang, X.Y., Bao, H., Wang, Q., Shi, H., and Li, Z. (2022, January 18\u201320). A Glimpse of the Whole: Detecting Few-shot Android Malware Encrypted Network Traffic. Proceedings of the 2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC\/DSS\/SmartCity\/DependSys), Hainan, China.","DOI":"10.1109\/HPCC-DSS-SmartCity-DependSys57074.2022.00111"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"128754","DOI":"10.1109\/ACCESS.2022.3227579","article-title":"Android Ransomware Detection From Traffic Analysis Using Metaheuristic Feature Selection","volume":"10","author":"Hossain","year":"2022","journal-title":"IEEE Access"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Li, Z., Sun, L., Yan, Q., Srisa-an, W., and Chen, Z. (2017). DroidClassifier: Efficient Adaptive Mining of Application-Layer Header for Classifying Android Malware. Security and Privacy in Communication Networks, Proceedings of the 12th International Conference, SecureComm 2016, Guangzhou, China, 10\u201312 October 2016, Springer.","DOI":"10.1007\/978-3-319-59608-2_33"},{"key":"ref_52","unstructured":"Bia\u0142czak, P., and Mazurczyk, W. (2023, January 25\u201329). Malware Classification Using Open Set Recognition and HTTP Protocol Requests. Computer Security\u2013ESORICS 2023, Proceedings of the 28th European Symposium on Research in Computer Security, The Hague, The Netherlands."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Chew, C.J.W., Kumar, V., Patros, P., and Malik, R. (2020, January 25\u201327). ESCAPADE: Encryption-Type-Ransomware: System Call Based Pattern Detection. Network and System Security, Proceedings of the 14th International Conference, NSS 2020, Melbourne, VIC, Australia.","DOI":"10.1007\/978-3-030-65745-1_23"},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"891","DOI":"10.1007\/s11219-017-9368-4","article-title":"A survey on dynamic mobile malware detection","volume":"26","author":"Yan","year":"2018","journal-title":"Softw. Qual. J."},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"1103","DOI":"10.1109\/TIFS.2016.2646641","article-title":"Monet: A User-Oriented Behavior-Based Malware Variants Detection System for Android","volume":"12","author":"Sun","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Sen, K., Marinov, D., and Agha, G. (2005, January 5\u20139). CUTE: A concolic unit testing engine for C. Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ESEC\/FSE-13, Lisbon, Portugal.","DOI":"10.1145\/1081706.1081750"},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"169432","DOI":"10.1109\/ACCESS.2024.3494545","article-title":"A Defensive Strategy Against Android Adversarial Malware Attacks","volume":"12","author":"Atedjio","year":"2024","journal-title":"IEEE Access"},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"119593","DOI":"10.1016\/j.eswa.2023.119593","article-title":"An effective end-to-end android malware detection method","volume":"218","author":"Zhu","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"15165","DOI":"10.1007\/s00521-021-06755-4","article-title":"HamDroid: Permission-based harmful android anti-malware detection using neural networks","volume":"34","author":"Seraj","year":"2022","journal-title":"Neural Comput. Appl."},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"119710","DOI":"10.1109\/ACCESS.2020.3003785","article-title":"A Digital DNA Sequencing Engine for Ransomware Detection Using Machine Learning","volume":"8","author":"Khan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Tossou, S., and Kacem, T. (2023, January 8\u201314). Mobile Threat Detection System: A Deep Learning Approach. Proceedings of the 2023 13th International Conference on Information Science and Technology (ICIST), Cairo, Egypt.","DOI":"10.1109\/ICIST59754.2023.10367120"},{"key":"ref_62","first-page":"2401","article-title":"Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DidFail","volume":"48","author":"Ring","year":"2021","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_63","unstructured":"Kipf, T., and Welling, M. (2016). Semi-Supervised Classification with Graph Convolutional Networks. arXiv."},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Zhang, C., Song, D., Huang, C., Swami, A., and Chawla, N.V. (2019, January 4\u20138). Heterogeneous Graph Neural Network. Proceedings of the 25th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Anchorage, AK, USA.","DOI":"10.1145\/3292500.3330961"},{"key":"ref_65","unstructured":"Kipf, T.N., and Welling, M. (2016). Variational Graph Auto-Encoders. arXiv."},{"key":"ref_66","doi-asserted-by":"crossref","unstructured":"Pasdar, A., Lee, Y.C., and Hong, S.H. (2023, January 2\u20138). Catch the Intruder: Collaborative and Personalized Malware Detection By On-Device Application Fingerprinting. Proceedings of the 2023 IEEE International Conference on Web Services (ICWS), Chicago, IL, USA.","DOI":"10.1109\/ICWS60048.2023.00078"},{"key":"ref_67","doi-asserted-by":"crossref","unstructured":"Jiang, C., Xia, C., Chen, C., Li, H., Wang, T., and Li, X. (2023, January 1\u20133). FedDLM: A Fine-Grained Assessment Scheme for Risk of Sensitive Information Leakage in Federated Learning-based Android Malware Classifier. Proceedings of the 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Exeter, UK.","DOI":"10.1109\/TrustCom60117.2023.00051"},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"1169","DOI":"10.23919\/cje.2021.00.451","article-title":"EAODroid: Android Malware Detection Based on Enhanced API Order","volume":"32","author":"Huang","year":"2023","journal-title":"Chin. J. Electron."},{"key":"ref_69","doi-asserted-by":"crossref","first-page":"28412","DOI":"10.1109\/ACCESS.2019.2901522","article-title":"An Entropy-Based Solution for Identifying Android Packers","volume":"7","author":"Chau","year":"2019","journal-title":"IEEE Access"},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"163128","DOI":"10.1109\/ACCESS.2019.2951751","article-title":"Identifying Malicious Software Using Deep Residual Long-Short Term Memory","volume":"7","author":"Alotaibi","year":"2019","journal-title":"IEEE Access"},{"key":"ref_71","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1109\/TSUSC.2017.2774184","article-title":"Low-Resource Footprint, Data-Driven Malware Detection on Android","volume":"5","author":"Aonzo","year":"2020","journal-title":"IEEE Trans. Sustain. Comput."},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"119967","DOI":"10.1109\/ACCESS.2021.3107903","article-title":"Malware Detection Inside App Stores Based on Lifespan Measurements","volume":"9","author":"Cilleruelo","year":"2021","journal-title":"IEEE Access"},{"key":"ref_73","doi-asserted-by":"crossref","first-page":"101573","DOI":"10.1016\/j.cose.2019.101573","article-title":"Android Fragmentation in Malware Detection","volume":"87","author":"Ahn","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_74","doi-asserted-by":"crossref","first-page":"3216","DOI":"10.1109\/TII.2017.2789219","article-title":"Significant Permission Identification for Machine-Learning-Based Android Malware Detection","volume":"14","author":"Li","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MMUL.2020.3022702","article-title":"MVIIDroid: A Multiple View Information Integration Approach for Android Malware Detection and Family Identification","volume":"27","author":"Wu","year":"2020","journal-title":"IEEE MultiMedia"},{"key":"ref_76","first-page":"103721","article-title":"Android malware detection based on a novel mixed bytecode image combined with attention mechanism","volume":"82","author":"Tang","year":"2024","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_77","doi-asserted-by":"crossref","unstructured":"Ma, Z.-h., Chen, Z.-h., Wang, X.-m., Nie, R.-h., Zhao, G.-s., Wu, J.-c., and Ren, X.-q. (2017, January 15\u201317). Shikra: A Behavior-Based Android Malware Detection Framework. Proceedings of the 2017 International Conference on Green Informatics (ICGI), Fuzhou, China.","DOI":"10.1109\/ICGI.2017.35"},{"key":"ref_78","doi-asserted-by":"crossref","unstructured":"Tian, K., Yao, D., Ryder, B.G., and Tan, G. (2016, January 22\u201326). Analysis of Code Heterogeneity for High-Precision Classification of Repackaged Malware. Proceedings of the 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, USA.","DOI":"10.1109\/SPW.2016.33"},{"key":"ref_79","unstructured":"Mohaisen, D. (2025). Empirical Evaluation of Concept Drift in ML-Based Android Malware Detection. arXiv."},{"key":"ref_80","unstructured":"Rahman, M.S. (2025). A Longitudinal Android Malware Benchmark for Concept Drift Analysis. arXiv."},{"key":"ref_81","unstructured":"Makkawy, S.J., and De, M.J. (2025). MalVis: A Large-Scale Image-Based Framework and Dataset for Advancing Android Malware Classification. arXiv."},{"key":"ref_82","first-page":"68945","article-title":"Maloid-DS: Labeled Dataset for Android Malware Forensics","volume":"12","author":"Aljohani","year":"2024","journal-title":"IEEE Access"},{"key":"ref_83","first-page":"470","article-title":"An Effectual Analytics and Approach for Avoidance of Malware in Android using Deep Neural Networks","volume":"19","author":"Aggarwal","year":"2021","journal-title":"NeuroQuantology"},{"key":"ref_84","unstructured":"B\u2019alik, D., Jure\u010dek, M., and Stamp, M. (2025). RawMal-TF: Raw Malware Dataset Labeled by Type and Family. arXiv."},{"key":"ref_85","doi-asserted-by":"crossref","unstructured":"Joyce, R.J., Miller, G., Roth, P., Zak, R., Zaresky-Williams, E., Anderson, H., Raff, E., and Holt, J. (2025). EMBER2024\u2014A Benchmark Dataset for Holistic Evaluation of Malware Classifiers. arXiv.","DOI":"10.1145\/3711896.3737431"},{"key":"ref_86","unstructured":"Rathore, H., Sahay, S., Thukral, S., and Sewak, M. (2020, January 11\u201312). Detection of Malicious Android Applications: Classical Machine Learning vs. Deep Neural Network Integrated with Clustering. Broadband Communications, Networks, and Systems, Proceedings of the 11th EAI International Conference, BROADNETS 2020, Qingdao, China."},{"key":"ref_87","doi-asserted-by":"crossref","unstructured":"Singh, N., Tripathy, S., and Bezawada, B. (2022, January 16\u201320). SHIELD: A Multimodal Deep Learning Framework for Android Malware Detection. Information Systems Security, Proceedings of the 18th International Conference, ICISS 2022, Tirupati, India.","DOI":"10.1007\/978-3-031-23690-7_4"},{"key":"ref_88","unstructured":"Rathore, H., Sahay, S., Rajvanshi, R., and Sewak, M. (2020, January 11\u201312). Identification of Significant Permissions for Efficient Android Malware Detection. Broadband Communications, Networks, and Systems, Proceedings of the 11th EAI International Conference, BROADNETS 2020, Qingdao, China."},{"key":"ref_89","unstructured":"Zhang, Y., Peng, G., Yang, L., Wang, Y., Tian, M., Hu, J., Wang, L., and Song, C. (2017, January 22\u201325). Visual Analysis of Android Malware Behavior Profile Based on PMCGdroid: A Pruned Lightweight APP Call Graph. Security and Privacy in Communication Networks, Proceedings of the 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada."},{"key":"ref_90","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3609112","article-title":"ViT4Mal: Lightweight Vision Transformer for Malware Detection on Edge Devices","volume":"22","author":"Ravi","year":"2023","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref_91","doi-asserted-by":"crossref","first-page":"9610","DOI":"10.1109\/JIOT.2023.3324053","article-title":"MalBoT-DRL: Malware Botnet Detection Using Deep Reinforcement Learning in IoT Networks","volume":"11","author":"Szewczyk","year":"2024","journal-title":"IEEE Internet Things J."},{"key":"ref_92","unstructured":"Hasselt, H.v., Guez, A., and Silver, D. (2016, January 12\u201317). Deep reinforcement learning with double Q-Learning. Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence, AAAI\u201916, Phoenix, AZ, USA."},{"key":"ref_93","doi-asserted-by":"crossref","first-page":"1199","DOI":"10.1109\/TNSM.2022.3200741","article-title":"Effective Multitask Deep Learning for IoT Malware Detection and Identification Using Behavioral Traffic Analysis","volume":"20","author":"Ali","year":"2023","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_94","doi-asserted-by":"crossref","unstructured":"Davanian, A., Faloutsos, M., and Lindorfer, M. (2024, January 1\u20135). C2Miner: Tricking IoT Malware into Revealing Live Command & Control Servers. Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, ASIA CCS \u201924, Singapore.","DOI":"10.1145\/3634737.3644992"},{"key":"ref_95","doi-asserted-by":"crossref","first-page":"8432","DOI":"10.1109\/JIOT.2022.3188583","article-title":"IoT-Based Android Malware Detection Using Graph Neural Network With Adversarial Defense","volume":"10","author":"Yumlembam","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_96","doi-asserted-by":"crossref","unstructured":"Xu, P., and Wang, L.-P. (2023, January 5\u20137). Multi-key Homomorphic Secret Sharing from LWE Without Multi-key HE. Information Security and Privacy, Proceedings of the 28th Australasian Conference, ACISP 2023, Brisbane, QLD, Australia.","DOI":"10.1007\/978-3-031-35486-1_12"},{"key":"ref_97","unstructured":"Mariconti, E., Onwuzurike, L., Andriotis, P., Cristofaro, E.D., Ross, G., and Stringhini, G. (March, January 26). MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_98","unstructured":"Rastogi, N., and Dutta, S. (2025). A Survey on ML Techniques for Multi-Platform Malware Detection. Sensors, 25."}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/11\/482\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,5]],"date-time":"2025-11-05T16:22:27Z","timestamp":1762359747000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/11\/482"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,5]]},"references-count":98,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2025,11]]}},"alternative-id":["computers14110482"],"URL":"https:\/\/doi.org\/10.3390\/computers14110482","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,5]]}}}