{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T17:44:31Z","timestamp":1778694271313,"version":"3.51.4"},"reference-count":30,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2021,11,10]],"date-time":"2021-11-10T00:00:00Z","timestamp":1636502400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Natural Science Foundation","award":["62004077"],"award-info":[{"award-number":["62004077"]}]},{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["2018YFB1800204"],"award-info":[{"award-number":["2018YFB1800204"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the R&amp;D Program of Shenzhen","award":["JCYJ20180508152204044"],"award-info":[{"award-number":["JCYJ20180508152204044"]}]},{"name":"the College-Enterprise Collaboration Project of Shenzhen Institute of Information Technology","award":["11400-2021-010201-010199"],"award-info":[{"award-number":["11400-2021-010201-010199"]}]},{"name":"Research Fund of PCL Future Regional Network Facilities for Large-scale Experiments and Applications","award":["PCL2018KP001"],"award-info":[{"award-number":["PCL2018KP001"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>Insecure applications (apps) are increasingly used to steal users\u2019 location information for illegal purposes, which has aroused great concern in recent years. Although the existing methods, i.e., static and dynamic taint analysis, have shown great merit for identifying such apps, which mainly rely on statically analyzing source code or dynamically monitoring the location data flow, identification accuracy is still under research, since the analysis results contain a certain false positive or true negative rate. In order to improve the accuracy and reduce the misjudging rate in the process of vetting suspicious apps, this paper proposes SAMLDroid, a combined method of static code analysis and machine learning for identifying Android apps with location privacy leakage, which can effectively improve the identification rate compared with existing methods. SAMLDroid first uses static analysis to scrutinize source code to investigate apps with location acquiring intentions. Then it exploits a well-trained classifier and integrates an app\u2019s multiple features to dynamically analyze the pattern and deliver the final verdict about the app\u2019s property. Finally, it is proved by conducting experiments, that the accuracy rate of SAMLDroid is up to 98.4%, which is nearly 20% higher than Apparecium.<\/jats:p>","DOI":"10.3390\/e23111489","type":"journal-article","created":{"date-parts":[[2021,11,11]],"date-time":"2021-11-11T23:02:41Z","timestamp":1636671761000},"page":"1489","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["SAMLDroid: A Static Taint Analysis and Machine Learning Combined High-Accuracy Method for Identifying Android Apps with Location Privacy Leakage Risks"],"prefix":"10.3390","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3947-9998","authenticated-orcid":false,"given":"Guangwu","family":"Hu","sequence":"first","affiliation":[{"name":"School of Computers, Shenzhen Institute of Information Technology, Shenzhen 518172, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bin","family":"Zhang","sequence":"additional","affiliation":[{"name":"Peng Cheng National Laboratory, Department of New Networks, Shenzhen 518000, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1521-9542","authenticated-orcid":false,"given":"Xi","family":"Xiao","sequence":"additional","affiliation":[{"name":"Peng Cheng National Laboratory, Department of New Networks, Shenzhen 518000, China"},{"name":"Information Technology Division, Tsinghua Shenzhen International Graduate School, Shenzhen 518055, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weizhe","family":"Zhang","sequence":"additional","affiliation":[{"name":"Peng Cheng National Laboratory, Department of New Networks, Shenzhen 518000, China"},{"name":"School of Computer Science and Technology, Harbin Institute of Technology, Harbin 150001, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Long","family":"Liao","sequence":"additional","affiliation":[{"name":"School of Computers, Shenzhen Institute of Information Technology, Shenzhen 518172, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ying","family":"Zhou","sequence":"additional","affiliation":[{"name":"Peng Cheng National Laboratory, Department of New Networks, Shenzhen 518000, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xia","family":"Yan","sequence":"additional","affiliation":[{"name":"School of Computers, Shenzhen Institute of Information Technology, Shenzhen 518172, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,11,10]]},"reference":[{"key":"ref_1","unstructured":"Beresford, R.A., and Stajano, F. (2004, January 14\u201317). Mix zones: User privacy in location-aware services. Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second IEEE Annual Conference on IEEE, Orlando, FL, USA."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Khoshgozaran, A., and Shahabi, C. (2007). Blind evaluation of nearest neighbor queries using space transformation to preserve location privacy. International Symposium on Spatial and Temporal Databases, Springer.","DOI":"10.1007\/978-3-540-73540-3_14"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"557","DOI":"10.1142\/S0218488502001648","article-title":"k-anonymity: A model for protecting privacy","volume":"10","author":"Sweeney","year":"2002","journal-title":"Int. J. Uncertain. Fuzziness Knowl.-Based Syst."},{"key":"ref_4","unstructured":"Joseph, M., and Choudhury, R.R. (2009, January 20\u201325). Hiding stars with fireworks: Location privacy through camouflage. Proceedings of the 15th Annual International Conference on Mobile Computing and Networking, Beijing, China."},{"key":"ref_5","unstructured":"Brij, G., Agrawal, D.P., and Yamaguchi, S. (2016). Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security, IGI Global."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"392","DOI":"10.1016\/j.future.2016.05.005","article-title":"Achieving high performance and privacy-preserving query over encrypted multidimensional big metering data","volume":"78","author":"Jiang","year":"2018","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_7","unstructured":"Anthony, D. (2021, September 20). Androguard. Available online: https:\/\/github.com\/androguard\/androguard."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2666356.2594299","article-title":"Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps","volume":"49","author":"Arzt","year":"2014","journal-title":"ACM Sigplan Not."},{"key":"ref_9","unstructured":"Ma, S., Tang, Z., Xiao, Q., Liu, J., Duong, T.T., Lin, X., and Zhu, H. (2013, January 9\u201313). Detecting GPS information leakage in Android applications. Proceedings of the Global Communications Conference (GLOBECOM), Atlanta, GA, USA."},{"key":"ref_10","unstructured":"Fengguo, W., Roy, S., and Ou, X. (2014, January 3\u20137). Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Li, L., Bartel, A., Bissyand\u00e9, T.F., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., and McDaniel, P. (2015, January 16\u201324). Iccta: Detecting inter-component privacy leaks in android apps. Proceedings of the 37th International Conference on Software Engineering, Florence, Italy.","DOI":"10.1109\/ICSE.2015.48"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Zhang, D., Guo, Y., Guo, D., Wang, R., and Yu, G. (2017, January 3\u20136). Contextual approach for identifying malicious Inter-Component privacy leaks in Android apps. Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Heraklion, Greece.","DOI":"10.1109\/ISCC.2017.8024534"},{"key":"ref_13","unstructured":"Steven, A., and Bodden, E. (2016, January 14\u201322). StubDroid: Automatic inference of precise data-flow summaries for the android framework. Proceedings of the 38th IEEE\/ACM International Conference on Software Engineering (ICSE), Austin, TX, USA."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gordon, M.I., Kim, D., Perkins, J.H., Gilham, L., Nguyen, N., and Rinard, M.C. (2015, January 8\u201311). Information Flow Analysis of Android Applications in DroidSafe. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2015.23089"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Titze, D., and Sch\u00fctte, J. (2015, January 24\u201327). Apparecium: Revealing data flows in android applications. Proceedings of the 29th International Conference on Advanced Information Networking and Applications, Gwangiu, Korea.","DOI":"10.1109\/AINA.2015.239"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/2619091","article-title":"TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones","volume":"32","author":"Enck","year":"2014","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Markmann, T., Gessner, D., and Westhoff, D. (2013, January 9\u201313). QuantDroid: Quantitative approach towards mitigating privilege escalation on Android. Proceedings of the IEEE International Conference on Communications (ICC), Budapest, Hungary.","DOI":"10.1109\/ICC.2013.6654844"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1109\/TDSC.2016.2536605","article-title":"Madam: Effective and efficient behavior-based android malware detection and prevention","volume":"15","author":"Saracino","year":"2018","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"1103","DOI":"10.1109\/TIFS.2016.2646641","article-title":"Monet: A user-oriented behavior-based malware variants detection system for android","volume":"12","author":"Sun","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_20","unstructured":"Zhu, D., Jin, H., Yang, Y., Wu, D., and Chen, W. (2017, January 3\u20136). DeepFlow: Deep learning-based malware detection by mining Android application for abnormal usage of sensitive data. Proceedings of the IEEE Symposium on Computers and Communications (ISCC), Heraklion, Greece."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Wei, F., Li, Y., Roy, S., Ou, X., and Zhou, W. (2017, January 6\u20137). Deep ground truth analysis of current Android malware. Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany.","DOI":"10.1007\/978-3-319-60876-1_12"},{"key":"ref_22","unstructured":"(2021, September 20). Android Malware Dataset. Available online: http:\/\/amd.arguslab.org\/."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Allix, K., Bissyand\u00e9, T.F., Klein, J., and Traon, Y.L. (2016, January 14\u201315). Androzoo: Collecting millions of android apps for the research community. Proceedings of the 13th International Conference on Mining Software Repositories, Austin, TX, USA.","DOI":"10.1145\/2901739.2903508"},{"key":"ref_24","unstructured":"(2021, September 20). Androzoo. Available online: https:\/\/androzoo.uni.lu\/."},{"key":"ref_25","unstructured":"(2021, September 20). Bayesian Network. Available online: https:\/\/en.wikipedia.org\/wiki\/Bayesian_network."},{"key":"ref_26","unstructured":"(2021, September 20). Decision Tree. Available online: https:\/\/en.wikipedia.org\/wiki\/Decision_tree."},{"key":"ref_27","unstructured":"(2021, September 20). Adaboost. Available online: https:\/\/en.wikipedia.org\/wiki\/AdaBoost."},{"key":"ref_28","unstructured":"(2021, September 20). Random Forest. Available online: https:\/\/en.wikipedia.org\/wiki\/Random_forest."},{"key":"ref_29","unstructured":"(2021, September 20). Support Vector Machine. Available online: https:\/\/en.wikipedia.org\/wiki\/Support-vector_machine."},{"key":"ref_30","unstructured":"(2021, September 20). Neural Network. Available online: https:\/\/en.wikipedia.org\/wiki\/Neural_network."}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/11\/1489\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T07:28:18Z","timestamp":1760167698000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/23\/11\/1489"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,10]]},"references-count":30,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2021,11]]}},"alternative-id":["e23111489"],"URL":"https:\/\/doi.org\/10.3390\/e23111489","relation":{},"ISSN":["1099-4300"],"issn-type":[{"value":"1099-4300","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,10]]}}}