2017
DOI: 10.1016/j.infsof.2017.04.001
|View full text |Cite
|
Sign up to set email alerts
|

Static analysis of android apps: A systematic literature review

Abstract: Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps.Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis appro… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

1
178
0
1

Year Published

2017
2017
2024
2024

Publication Types

Select...
5
4

Relationship

5
4

Authors

Journals

citations
Cited by 272 publications
(192 citation statements)
references
References 48 publications
(38 reference statements)
1
178
0
1
Order By: Relevance
“…To that end, based on the motivation example and our study of reflective call patterns, we observe that the reflection problem can be modeled as a constant propagation 5 The format of an apk is actually a compressed ZIP archive.…”
Section: Ram -Reflection Analysis Modulementioning
confidence: 99%
See 1 more Smart Citation
“…To that end, based on the motivation example and our study of reflective call patterns, we observe that the reflection problem can be modeled as a constant propagation 5 The format of an apk is actually a compressed ZIP archive.…”
Section: Ram -Reflection Analysis Modulementioning
confidence: 99%
“…In particular, reflection can be used to hide the real purpose, e.g., by invoking a method at runtime to escape static scanning, or simply to deliver malicious code [4]. We have conducted a quick review of recent contributions on static analysis-based approaches for Android, and have found that over 90% of around 90 publications [5] from top conferences (including ICSE and ISSTA) do not tackle reflection. Indeed, most state-of-the-art approaches and tools for static analysis of Android simply ignore the use of reflection [6,7] or may treat it partially [8,9].…”
Section: Introductionmentioning
confidence: 99%
“…Our visions aims to bring the Android research community to topics specific to SPLE. The research field on malware detection is creating advanced and scalable methods for mining app markets [12]. Their objective is to heuristically define if a legitimate app has a malware counterpart signed with another certificate.…”
Section: Related Workmentioning
confidence: 99%
“…Unfortunately, the state-of-the-art on repackaged/clone app detection builds on internal heuristics are tedious to replicate, while the associated prototype tools are not available for furthering research in these directions [5]. Most of repackaged app detection works [3], [6] indeed do not come with reusable tools for the research community.…”
Section: Introductionmentioning
confidence: 99%