Internal report (Reports)
Static Analysis of Android Apps: A Systematic Literature Review
LI, Li; BISSYANDE, Tegawendé François D Assise; PAPADAKIS, Mike et al.
2016
 

Files


Full Text
tr_slr_article.pdf
Author preprint (710.61 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Abstract :
[en] Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps. Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put and enumerate the key aspects where future researches are still needed. Method: We have performed a systematic literature review which involves studying around 90 research papers published in software engineering, programming languages and security venues. This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results: Our in-depth examination have led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available. Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.
Research center :
SnT
Disciplines :
Computer science
Author, co-author :
LI, Li ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
BISSYANDE, Tegawendé François D Assise  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
PAPADAKIS, Mike ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Rasthofer, Siegfried
BARTEL, Alexandre ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Octeau, Damien
KLEIN, Jacques  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC)
LE TRAON, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Language :
English
Title :
Static Analysis of Android Apps: A Systematic Literature Review
Publication date :
20 April 2016
Publisher :
SnT
ISBN/EAN :
978-2-87971-150-8
Number of pages :
24
Name of the research project :
AndroMap C13/IS/5921289
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 27 April 2016

Statistics


Number of views
945 (29 by Unilu)
Number of downloads
4661 (47 by Unilu)

Bibliography


Similar publications



Contact ORBilu