Dynamic Security Analysis on Android: A Systematic Literature Review

Android; dynamic analysis; fuzzing; instrumentation; machine learning; monitoring; security; software testing; tracing; vulnerabilities; Code; Dynamics analysis; Fuzzing; Instrumentation; Machine-learning; Operating system; Security; Software testings; Systematic; Tracing; Vulnerability; Computer Science (all); Materials Science (all); Engineering (all)

Abstract :

[en] Dynamic analysis is a technique that is used to fully understand the internals of a system at runtime. On Android, dynamic security analysis involves real-time assessment and active adaptation of an app's behaviour, and is used for various tasks, including network monitoring, system-call tracing, and taint analysis. The research on dynamic analysis has made significant progress in the past years. However, to the best of our knowledge, there is a lack in secondary studies that analyse the novel ideas and common limitations of current security research. The main aim of this work is to understand dynamic security analysis research on Android to present the current state of knowledge, highlight research gaps, and provide insights into the existing body of work in a structured and systematic manner. We conduct a systematic literature review (SLR) on dynamic security analysis for Android. The systematic review establishes a taxonomy, defines a classification scheme, and explores the impact of advanced Android app testing tools on security solutions in software engineering and security research. The study's key findings centre on tool usage, research objectives, constraints, and trends. Instrumentation and network monitoring tools play a crucial role, with research goals focused on app security, privacy, malware detection, and software testing automation. Identified limitations include code coverage constraints, security-related analysis obstacles, app selection adequacy, and non-deterministic behaviour. Our study results deepen the understanding of dynamic analysis in Android security research by an in-depth review of 43 publications. The study highlights recurring limitations with automated testing tools and concerns about detecting or obstructing dynamic analysis.

Disciplines :

Computer science

Author, co-author :

Sutter, Thomas ; Institute of Computer Science, University of Bern, Bern, Switzerland ; Institute of Computer Science, Zürich University of Applied Sciences, Winterthur, Switzerland

Kehrer, Timo ; Institute of Computer Science, University of Bern, Bern, Switzerland

Rennhard, Marc ; Institute of Computer Science, Zürich University of Applied Sciences, Winterthur, Switzerland

Tellenbach, Bernhard ; Cyber-Defense Campus, Armasuisse Science and Technology, Zürich, Switzerland

KLEIN, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

External co-authors :

yes

Language :

English

Title :

Dynamic Security Analysis on Android: A Systematic Literature Review

Publication date :

17 April 2024

Journal title :

IEEE Access

ISSN :

2169-3536

Publisher :

Institute of Electrical and Electronics Engineers Inc.

Volume :

Pages :

57261 - 57287

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

http://xplorestaging.ieee.org/ielx7/6287639/10380310/10504267.pdf?arnumber=10504267

Funders :

Armasuisse Science and Technology, Cyber-Defense Campus, Switzerland, through the Research Program Cyberspace by the Project Security Analysis of Firmware of Mobile Devices

Available on ORBilu :

since 15 November 2024

Statistics

Number of views

90 (1 by Unilu)

Number of downloads

702 (7 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Proton AG. (2023). Complete Guide to GDPR Compliance. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://gdpr.eu/
PState of California Department of Justice. (2023). California Consumer Privacy Act (CCPA). MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://www.oag.ca.gov/privacy/ccpa
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, ‘‘FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps,’’ ACM SIGPLAN Notices, vol. 49, no. 6, pp. 259–269, 2014.
L. Wartschinski, Y. Noller, T. Vogel, T. Kehrer, and L. Grunske, ‘‘VUDENC: Vulnerability detection with deep learning on a natural codebase for Python,’’ Inf. Softw. Technol., vol. 144, Apr. 2022, Art. no. 106809.
Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, and F. Massacci, ‘‘StaDynA: Addressing the problem of dynamic code updates in the security analysis of Android applications,’’ in Proc. 5th ACM Conf. Data Appl. Secur. Privacy. New York, NY, USA: Association for Computing Machinery, Mar. 2015, pp. 37–48, doi: 10.1145/2699026.2699105.
S. Kumar, D. Mishra, B. Panda, and S. K. Shukla, ‘‘InviSeal: A stealthy dynamic analysis framework for Android systems,’’ Digital Threats, vol. 4, no. 1, pp. 1–13, Mar. 2023, doi: 10.1145/3567599.
A. Lyons, J. Gamba, A. Shawaga, J. Reardon, J. Tapiador, S. Egelman, and N. Vallina-Rodriguez, ‘‘Log: It’s big, it’s heavy, it’s filled with personal data! Measuring the logging of sensitive information in the Android ecosystem,’’ in Proc. Usenix Secur. Symp., 2023, pp. 2115–2132.
Z. Dong, M. Böhme, L. Cojocaru, and A. Roychoudhury, ‘‘Time-travel testing of Android apps,’’ in Proc. IEEE/ACM 42nd Int. Conf. Softw. Eng. (ICSE), Oct. 2020, pp. 481–492, doi: 10.1145/3377811.3380402. [Online]. Available: https://github.com/DroidTest/TimeMachine
K. Mao, M. Harman, and Y. Jia, ‘‘Sapienz: Multi-objective automated testing for Android applications,’’ in Proc. 25th Int. Symp. Softw. Test. Anal. New York, NY, USA: Association for Computing Machinery, Jul. 2016, pp. 94–105, doi: 10.1145/2931037.2931054.
T. Su, G. Meng, Y. Chen, K. Wu, W. Yang, Y. Yao, G. Pu, Y. Liu, and Z. Su, ‘‘Guided, stochastic model-based GUI testing of Android apps,’’ in Proc. 11th Joint Meeting Found. Softw. Eng. New York, NY, USA: Association for Computing Machinery, Aug. 2017, pp. 245–256, doi: 10.1145/3106237.3106298.
S. R. Choudhary, A. Gorla, and A. Orso, ‘‘Automated test input generation for Android: Are we there yet? (E),’’ in Proc. 30th IEEE/ACM Int. Conf. Automated Softw. Eng. (ASE), Nov. 2015, pp. 429–440.
M. Almeida, M. Bilal, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Varvello, and J. Blackburn, ‘‘CHIMP: Crowdsourcing human inputs for mobile phones,’’ in Proc. World Wide Web Conf., 2018, pp. 45–54.
Z. Yang, Z. Yuan, S. Jin, X. Chen, L. Sun, X. Du, W. Li, and H. Zhang, ‘‘FSAFlow: Lightweight and fast dynamic path tracking and control for privacy protection on Android using hybrid analysis with state-reduction strategy,’’ in Proc. IEEE Symp. Secur. Privacy (SP), May 2022, pp. 2114–2129.
L. Li, T. F. Bissyande, M. Papadakis, S. Rasthofer, A. Bartel, D. Octeau, J. Klein, and L. Traon, ‘‘Static analysis of Android apps: A systematic literature review,’’ Inf. Softw. Technol., vol. 88, pp. 67–95, Aug. 2017.
Z. Wu, X. Chen, and S. U.-J. Lee, ‘‘A systematic literature review on Android-specific smells,’’ J. Syst. Softw., vol. 201, Jul. 2023, Art. no. 111677. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0164121223000729
J. Senanayake, H. Kalutarage, and M. O. Al-Kadri, ‘‘Android mobile malware detection using machine learning: A systematic review,’’ Electronics, vol. 10, no. 13, p. 160, 2021. [Online]. Available: https://www.mdpi.com/2079-9292/10/13/1606
Y. Pan, X. Ge, C. Fang, and Y. Fan, ‘‘A systematic literature review of Android malware detection using static analysis,’’ IEEE Access, vol. 8, pp. 116363–116379, 2020.
H. Rathore, S. Chari, N. Verma, S. K. Sahay, and M. Sewak, ‘‘Android malware detection based on static analysis and data mining techniques: A systematic literature review,’’ in Broadband Communications, Networks, and Systems, W. Wang and J. Wu, Eds. Cham, Switzerland: Springer, 2023, pp. 51–71.
Google. (2023). UI/Application Exerciser Monkey. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://developer.android.com/studio/test/monkey.html
A. Pilgun, O. Gadyatskaya, Y. Zhauniarovich, S. Dashevskyi, A. Kushniarou, and S. Mauw, ‘‘Fine-grained code coverage measurement in automated black-box Android testing,’’ ACM Trans. Softw. Eng. Methodol., vol. 29, no. 4, pp. 1–35, Oct. 2020. [Online]. Available: https://github.com/pilgun/acvtool
H. Zheng, D. Li, B. Liang, X. Zeng, W. Zheng, Y. Deng, W. Lam, W. Yang, and T. Xie, ‘‘Automated test input generation for Android: Towards getting there in an industrial case,’’ in Proc. IEEE/ACM 39th Int. Conf. Softw. Eng., Softw. Eng. Pract. Track (ICSE-SEIP), May 2017, pp. 253–262.
W. Wang, W. Lam, and T. Xie, ‘‘An infrastructure approach to improving effectiveness of Android UI testing tools,’’ in Proc. 30th ACM SIGSOFT Int. Symp. Softw. Test. Anal. New York, NY, USA: Association for Computing Machinery, Jul. 2021, pp. 165–176, doi: 10.1145/3460319.3464828.
A. Romdhana, A. Merlo, M. Ceccato, and P. Tonella, ‘‘Deep reinforcement learning for black-box testing of Android apps,’’ ACM Trans. Softw. Eng. Methodol., vol. 31, no. 4, pp. 1–29, Jul. 2022, doi: 10.1145/3502868.
M. Pan, A. Huang, G. Wang, T. Zhang, and X. Li, ‘‘Reinforcement learning based curiosity-driven testing of Android applications,’’ in Proc. 29th ACM SIGSOFT Int. Symp. Softw. Test. Anal. New York, NY, USA: Association for Computing Machinery, Jul. 2020, pp. 153–164, doi: 10.1145/3395363.3397354.
Google. (2023). Write Automated Tests With UI Automator. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://developer.android.com/training/testing/other-components/ui-automator
Google. (2023). OSS-FUZZ: Continuous Fuzzing for Open Source Software. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://github.com/google/oss-fuzz
Google. (Mar. 2021). Fuzzing Java in OSS-FUZZ. MISC. Accessed: Apr. 26, 2023. https://security.googleblog.com/2021/03/fuzzing-java-inoss-fuzz.html
(2023). Jazzer. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://github.com/CodeIntelligenceTesting/jazzer
(2023). OWASP: Certificate and Public Key Pinning. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://owasp.org/wwwcommunity/controls/Certificate_and_Public_Key_Pinning
I. Kara, ‘‘Fileless malware threats: Recent advances, analysis approach through memory forensics and research challenges,’’ Exp. Syst. Appl., vol. 214, Mar. 2023, Art. no. 119133. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0957417422021510
Strace.io. (2023). Strace—Linux Syscall Tracer. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://strace.io/
Man7.org. (2023). Ptrace—Linux Manual Page. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://man7.org/linux/manpages/man2/ptrace.2.html
(2023). Android Developer: Share Memory. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://developer.android.com/topic/performance/memory-overview#SharingRAM
B. Buddhdev, R. Bhan, M. S. Gaur, and V. Laxmi, ‘‘DynaDroid: Dynamic binary instrumentation based app behavior monitoring framework,’’ in Proc. 8th Int. Conf. Secur. Inf. Netw. New York, NY, USA: Association for Computing Machinery, Sep. 2015, pp. 322–325, doi: 10.1145/2799979.2800036.
N. Nethercote and J. Seward, ‘‘Valgrind: A framework for heavyweight dynamic binary instrumentation,’’ ACM SIGPLAN Notices, vol. 42, no. 6, pp. 89–100, Jun. 2007, doi: 10.1145/1273442.1250746.
O. A. V. Ravnås and H. Sørbø. (Jul. 2014). Frida Source Code. [Online]. Available: https://github.com/frida/frida
Quarkslab. (2023). Quarkslab Dynamic Binary Instrumentation. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://qbdi.quarkslab.com/#about
MIT. (2023). Dynamorio. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://dynamorio.org/
Google. (2023). Logcat Command-Line Tool. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://developer.android.com/tools/logcat
B. Kitchenham and P. Brereton, ‘‘A systematic review of systematic review process research in software engineering,’’ Inf. Softw. Technol., vol. 55, no. 12, pp. 2049–2075, Dec. 2013. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0950584913001560
Anne-Wil Harzing. (2022). Publish or Perish. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://harzing.com/resources/publish-orperish/
A. Yasin, R. Fatima, L. Wen, W. Afzal, M. Azhar, and R. Torkar, ‘‘On using grey literature and Google scholar in systematic literature reviews in software engineering,’’ IEEE Access, vol. 8, pp. 36226–36243, 2020.
(2023). DBLP Computer Science Bibliography. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://dblp.org/xml/release/
(2023). Google Scholar: Top Publications Software Systems. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://scholar.google.com/citations?view_op=top_venues&hl=en&vq=eng_softwaresystems
(2023). Google Scholar: Top Publications Computer Security & Crypography. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://scholar.google.com/citations?view_op=top_venues&hl=en&vq= eng_computersecuritycryptography
B. Andow, A. Acharya, D. Li, W. Enck, K. Singh, and T. Xie, ‘‘UiRef: Analysis of sensitive user inputs in Android applications,’’ in Proc. 10th ACM Conf. Secur. Privacy Wireless Mobile Netw. New York, NY, USA: Association for Computing Machinery, Jul. 2017, pp. 23–34, doi: 10.1145/3098243.3098247.
M. Oltrogge, E. Derr, C. Stransky, Y. Acar, S. Fahl, C. Rossow, G. Pellegrino, S. Bugiel, and M. Backes, ‘‘The rise of the citizen developer: Assessing the security impact of online app generators,’’ in Proc. IEEE Symp. Secur. Privacy (SP), May 2018, pp. 634–647.
Y. Liu, C. Zuo, Z. Zhang, S. Guo, and X. Xu, ‘‘An automatically vetting mechanism for SSL error-handling vulnerability in Android hybrid web apps,’’ World Wide Web, vol. 21, no. 1, pp. 127–150, Jan. 2018.
A. Papageorgiou, M. Strigkos, E. Politou, E. Alepis, A. Solanas, and C. Patsakis, ‘‘Security and privacy analysis of mobile health applications: The alarming state of practice,’’ IEEE Access, vol. 6, pp. 9390–9403, 2018.
M. Luo, P. Laperdrix, N. Honarmand, and N. Nikiforakis, ‘‘Time does not heal all wounds: A longitudinal analysis of security-mechanism support in mobile browsers,’’ in Proc. Netw. Distrib. Syst. Secur. Symp., 2019, pp. 1–9.
D. Wu, D. Gao, R. K. C. Chang, E. He, E. K. T. Cheng, and R. H. Deng, ‘‘Understanding open ports in Android applications: Discovery, diagnosis, and security assessment,’’ in Proc. Netw. Distrib. Syst. Secur. Symp., 2019, pp. 1–16.
S. Shi, X. Wang, and W. C. Lau, ‘‘MoSSOT: An automated blackbox tester for single sign-on vulnerabilities in mobile applications,’’ in Proc. ACM Asia Conf. Comput. Commun. Secur. New York, NY, USA: Association for Computing Machinery, Jul. 2019, pp. 269–282, doi: 10.1145/3321705.3329801.
J. Reardon, A. Feal, P. Wijesekera, A. E. B. On, N. Vallina-Rodriguez, and S. Egelman, ‘‘50 ways to leak your data: An exploration of apps’ circumvention of the Android permissions system,’’ in Proc. 28th USENIX Secur. Symp., Santa Clara, CA, USA, Aug. 2019, pp. 603–620. [Online]. Available: https://www.usenix.org/conference/usenixsecurity19/presentation/reardon
M. Diamantaris, E. P. Papadopoulos, E. P. Markatos, S. Ioannidis, and J. Polakis, ‘‘REAPER: Real-time app analysis for augmenting the Android permission system,’’ in Proc. 9th ACM Conf. Data Appl. Secur. Privacy, 2019, pp. 37–48.
J. Tang, R. Li, K. Wang, X. Gu, and Z. Xu, ‘‘A novel hybrid method to analyze security vulnerabilities in Android applications,’’ Tsinghua Sci. Technol., vol. 25, no. 5, pp. 589–603, 2020.
Y. Wang, G. Xu, X. Liu, W. Mao, C. Si, W. Pedrycz, and W. Wang, ‘‘Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis,’’ J. Syst. Softw., vol. 167, Sep. 2020, Art. no. 110609.
M. Benz, E. K. Kristensen, L. Luo, N. P. Borges, E. Bodden, and A. Zeller, ‘‘Heaps’n leaks: How heap snapshots improve Android taint analysis,’’ in Proc. IEEE/ACM 42nd Int. Conf. Softw. Eng. (ICSE). New York, NY, USA: Association for Computing Machinery, Oct. 2020, pp. 1061–1072.
X. Liu, J. Liu, S. Zhu, W. Wang, and X. Zhang, ‘‘Privacy risk analysis and mitigation of analytics libraries in the Android ecosystem,’’ IEEE Trans. Mobile Comput., vol. 19, no. 5, pp. 1184–1199, May 2020.
T. T. Nguyen, M. Backes, N. Marnau, and B. Stock, ‘‘Share first, ask later (or never?) Studying violations of GDPR’s explicit consent in Android apps,’’ in Proc. 30th USENIX Secur. Symp., Aug. 2021, pp. 3667–3684. [Online]. Available: https://www.usenix.org/conference/usenixsecurity21/presentation/nguyen
Z. Dong, H. Liu, L. Wang, X. Luo, Y. Guo, G. Xu, X. Xiao, and H. Wang, ‘‘What did you pack in my app? A systematic analysis of commercial Android packers,’’ in Proc. 30th ACM Joint Eur. Softw. Eng. Conf. Symp. Found. Softw. Eng. New York, NY, USA: Association for Computing Machinery, Nov. 2022, pp. 1430–1440, doi: 10.1145/3540250.3558969.
M. H. Meng, Q. Zhang, G. Xia, Y. Zheng, Y. Zhang, G. Bai, Z. Liu, S. G. Teo, and J. S. Dong, ‘‘Post-GDPR threat hunting on Android phones: Dissecting OS-level safeguards of user-unresettable identifiers,’’ in Proc. Netw. Distrib. Syst. Secur. Symp. (NDSS), 2023, pp. 1–18.
(2023). Hope Felivery: Extracting User Locations From Mobile Instant Messengers. [Online]. Available: https://www.ndss-symposium.org/wpcontent/uploads/2023/02/ndss2023_s188_paper.pdf
H. Inayoshi, S. Kakei, and S. Saito, ‘‘Execution recording and reconstruction for detecting information flows in Android apps,’’ IEEE Access, vol. 11, pp. 10730–10750, 2023.
K. Ahmed, Y. Wang, M. Lis, and J. Rubin, ‘‘ViaLin: Path-aware dynamic taint analysis for Android,’’ in Proc. ACM Joint Eur. Softw. Eng. Conf. Symp. Found. Softw. Eng. (FSE), 2023, pp. 1598–1610.
H. Cai, N. Meng, B. Ryder, and D. Yao, ‘‘DroidCat: Effective Android malware detection and categorization via app-level profiling,’’ IEEE Trans. Inf. Forensics Security, vol. 14, no. 6, pp. 1455–1470, Jun. 2019.
S. Arshad, M. A. Shah, A. Wahid, A. Mehmood, H. Song, and H. Yu, ‘‘SAMADroid: A novel 3-level hybrid malware detection model for Android operating system,’’ IEEE Access, vol. 6, pp. 4321–4339, 2018.
K. Xu, Y. Li, R. H. Deng, and K. Chen, ‘‘DeepRefiner: Multi-layer Android malware detection system applying deep neural networks,’’ in Proc. IEEE Eur. Symp. Secur. Privacy (EuroSP), Apr. 2018, pp. 473–487.
P. Feng, J. Ma, C. Sun, X. Xu, and Y. Ma, ‘‘A novel dynamic Android malware detection system with ensemble learning,’’ IEEE Access, vol. 6, pp. 30996–31011, 2018.
M. L. Bernardi, M. Cimitile, D. Distante, F. Martinelli, and F. Mercaldo, ‘‘Dynamic malware detection and phylogeny analysis using process mining,’’ Int. J. Inf. Secur., vol. 18, pp. 257–284, Jan. 2019.
M. Ahmad, V. Costamagna, B. Crispo, F. Bergadano, and Y. Zhauniarovich, ‘‘StaDART: Addressing the problem of dynamic code updates in the security analysis of Android applications,’’ J. Syst. Softw., vol. 159, Jan. 2020, Art. no. 110386. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0164121219301530
J. Gajrani, U. Agarwal, V. Laxmi, B. Bezawada, M. S. Gaur, M. Tripathi, and A. Zemmari, ‘‘EspyDroid+: Precise reflection analysis of Android apps,’’ Comput. Secur., vol. 90, Mar. 2020, Art. no. 101688. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S0167404819302251
M. K. Alzaylaee, S. Y. Yerima, and S. Sezer, ‘‘DL-Droid: Deep learning based Android malware detection using real devices,’’ Comput. Secur., vol. 89, Feb. 2020, Art. no. 101663.
G. D’Angelo, M. Ficco, and F. Palmieri, ‘‘Malware detection in mobile environments based on autoencoders and API-images,’’ J. Parallel Distrib. Comput., vol. 137, pp. 26–33, Mar. 2020.
A. De Lorenzo, F. Martinelli, E. Medvet, F. Mercaldo, and A. Santone, ‘‘Visualizing the outcome of dynamic analysis of Android malware with VizMal,’’ J. Inf. Secur. Appl., vol. 50, Feb. 2020, Art. no. 102423.
W. Zhang, H. Wang, H. He, and P. Liu, ‘‘DAMBA: Detecting Android malware by ORGB analysis,’’ IEEE Trans. Rel., vol. 69, no. 1, pp. 55–69, Mar. 2020.
H. Cai, X. Fu, and A. Hamou-Lhadj, ‘‘A study of run-time behavioral evolution of benign versus malicious apps in Android,’’ Inf. Softw. Technol., vol. 122, Jun. 2020, Art. no. 106291.
P. Bhat, S. Behal, and K. Dutta, ‘‘A system call-based Android malware detection approach with homogeneous & heterogeneous ensemble machine learning,’’ Comput. Secur., vol. 130, Jul. 2023, Art. no. 103277. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404823001876
G. Suárez-Tangil, S. K. Dash, P. García-Teodoro, J. Camacho, and L. Cavallaro, ‘‘Anomaly-based exploratory analysis and detection of exploits in Android mediaserver,’’ IET Inf. Secur., vol. 12, no. 5, pp. 404–413, Sep. 2018, doi: 10.1049/iet-ifs.2017.0460.
H.-W. Hung, Y. Liu, and A. A. Sani, ‘‘Sifter: Protecting security-critical kernel modules in Android through attack surface reduction,’’ in Proc. 28th Annu. Int. Conf. Mobile Comput. Netw. New York, NY, USA: Association for Computing Machinery, Oct. 2022, pp. 623–635, doi: 10.1145/3495243.3560548.
B. F. Demissie, M. Ceccato, and L. K. Shar, ‘‘Security analysis of permission re-delegation vulnerabilities in Android apps,’’ Empirical Softw. Eng., vol. 25, no. 6, pp. 5084–5136, Nov. 2020.
B. Liu, C. Zhang, G. Gong, Y. Zeng, H. Ruan, and J. Zhuge, ‘‘FANS: Fuzzing Android native system services via automated interface analysis,’’ in Proc. 29th USENIX Conf. Secur. Symp., 2020, pp. 307–323.
L. Harrison, H. Vijayakumar, R. Padhye, K. Sen, and M. Grace, ‘‘PARTEMU: Enabling dynamic analysis of real-world TrustZone software using emulation,’’ in Proc. 29th USENIX Conf. Secur. Symp., 2020, pp. 789–806.
I. Pustogarov, Q. Wu, and D. Lie, ‘‘Ex-vivo dynamic analysis framework for Android device drivers,’’ in Proc. IEEE Symp. Secur. Privacy (SP), May 2020, pp. 1088–1105.
A. Druffel and K. Heid, ‘‘DaVinci: Android app analysis beyond Frida via dynamic system call instrumentation,’’ in Applied Cryptography and Network Security Workshops, Rome, Italy. Cham, Switzerland: Springer, 2020, pp. 473–489.
A. Dawoud and S. Bugiel. (2021). Bringing Balance to the Force: Dynamic Analysis of the Android Application Framework. [Online]. Available: https://github.com/abdawoud/Dynamo and https://github.com/abdawoud/DynamoTestingApp and https://www.ndss-symposium.org/wp-content/uploads/ndss2021_2B-1_23106_paper.pdf
E. Soriano-Salvador and G. Guardiola-Múzquiz, ‘‘Detecting and bypassing Frida dynamic function call tracing: Exploitation and mitigation,’’ J. Comput. Virol. Hacking Techn., vol. 19, no. 4, pp. 503–513, 2022.
M. Busch, A. Machiry, C. Spensky, G. Vigna, C. Kruegel, and M. Payer, ‘‘TEEzz: Fuzzing trusted applications on COTS Android devices,’’ in Proc. IEEE Symp. Secur. Privacy (SP), May 2023, pp. 220–235.
J. Gamba, M. Rashed, A. Razaghpanah, J. Tapiador, and N. Vallina-Rodriguez, ‘‘An analysis of pre-installed Android software,’’ in Proc. IEEE Symp. Secur. Privacy (SP), May 2020, pp. 1039–1055.
Google. (2023). Network Security Configuration. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://developer.android.com/training/articles/security-config
(2023). 360 App Store. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://zhushou.360.cn/
J. Jacky. (2022). Pymodel. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://github.com/zlorb/PyModel
W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, ‘‘TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones,’’ ACM Trans. Comput. Syst., vol. 32, no. 2, pp. 1–29, Jun. 2014, doi: 10.1145/2619091.
(2023). Fiddler Network Proxy. MISC. Accessed: Jan. 31, 2023. [Online]. Available: https://www.telerik.com/fiddler
N. Viennot, E. Garcia, and J. Nieh, ‘‘A measurement study of Google play,’’ ACM SIGMETRICS Perform. Eval. Rev., vol. 42, no. 1, pp. 221–233, Jun. 2014, doi: 10.1145/2637364.2592003.
M. Luo, O. Starov, N. Honarmand, and N. Nikiforakis, ‘‘Hindsight: Understanding the evolution of UI vulnerabilities in mobile browsers,’’ in Proc. ACM SIGSAC Conf. Comput. Commun. Secur. New York, NY, USA: Association for Computing Machinery, Oct. 2017, pp. 149–162, doi: 10.1145/3133956.3133987.
Microsoft. (2023). Malware Names. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/malware-naming?view=o365-worldwide
MITRE. (2022). Malware Attribute Enumeration and Characterization (MAEC). MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://maecproject.github.io/
Kaspersky. (2023). Types of Malware. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://usa.kaspersky.com/resource-center/threats/malware-classifications
Google. (2023). Malware Categories. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://developers.google.com/android/playprotect/phacategories
Y. Liu, C. Tantithamthavorn, L. Li, and Y. Liu, ‘‘Deep learning for Android malware defenses: A systematic literature review,’’ ACM Comput. Surv., vol. 55, no. 8, pp. 1–36, Dec. 2022, doi: 10.1145/3544968.
D. Arp, M. Spreitzenbarth, M. Hübner, H. Gascon, and K. Rieck, ‘‘DREBIN: Effective and explainable detection of Android malware in your pocket,’’ in Proc. NDDS, vol. 14, 2014, pp. 23–26.
Virustotal. (2023). Yara in a Nutshell. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://github.com/VirusTotal/yara
Security With Dynamically Loaded Code. Accessed: Apr. 18, 2024. [Online]. Available: https://developer.android.com/training/articles/ security-tips#DynamicCode
Safer Dynamic Code Loading. Accessed: Apr. 18, 2024. [Online]. Available: https://developer.android.com/about/versions/14/behavior-changes-14#safer-dynamic-code-loading
K. Tam, S. Khan, A. Fattori, and L. Cavallaro, ‘‘CopperDroid: Automatic reconstruction of Android malware behaviors,’’ in Proc. NDSS, Jan. 2015, pp. 1–15.
Y. Fratantonio, A. Bianchi, W. Robertson, E. Kirda, C. Kruegel, and G. Vigna, ‘‘TriggerScope: Towards detecting logic bombs in Android applications,’’ in Proc. IEEE Symp. Secur. Privacy (SP), May 2016, pp. 377–396.
Google. (2023). Manifest.permission. MISC. Accessed: Apr. 26, 2023. [Online]. Available: https://developer.android.com/reference/android/Manifest.permission
K. Allix, T. F. Bissyande, J. Klein, and Y. Le Traon, ‘‘AndroZoo: Collecting millions of Android apps for the research community,’’ in Proc. 13th Int. Conf. Mining Softw. Repositories, New York, NY, USA, 2016, pp. 468–471, doi: 10.1145/2901739.2903508.
X. Wang, H. Edison, D. Khanna, and U. Rafiq, ‘‘How many papers should you review? A research synthesis of systematic literature reviews in software engineering,’’ in Proc. ACM/IEEE Int. Symp. Empirical Softw. Eng. Meas. (ESEM), Oct. 2023, pp. 1–6.
J. Senanayake, H. Kalutarage, M. O. Al-Kadri, A. Petrovski, and L. Piras, ‘‘Android source code vulnerability detection: A systematic literature review,’’ ACM Comput. Surv., vol. 55, no. 9, pp. 1–37, Jan. 2023, doi: 10.1145/3556974.
S. Garg and N. Baliyan, ‘‘Android security assessment: A review, taxonomy and research gap study,’’ Comput. Secur., vol. 100, Jan. 2021, Art. no. 102087. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404820303606
J. Qiu, J. Zhang, W. Luo, L. Pan, S. Nepal, and Y. Xiang, ‘‘A survey of Android malware detection with deep neural models,’’ ACM Comput. Surveys, vol. 53, no. 6, pp. 1–36, Dec. 2020, doi: 10.1145/3417978.
T. Sharma and D. Rattan, ‘‘Malicious application detection in Android—A systematic literature review,’’ Comput. Sci. Rev., vol. 40, May 2021, Art. no. 100373. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1574013721000137
A. Ehsan, C. Catal, and A. Mishra, ‘‘Detecting malware by analyzing app permissions on Android platform: A systematic literature review,’’ Sensors, vol. 22, no. 20, p. 7928, 2022. [Online]. Available: https://www.mdpi.com/1424-8220/22/20/7928
D. D. Dave and D. Rathod, ‘‘Systematic review on various techniques of Android malware detection,’’ in Computing Science, Communication and Security, N. Chaubey, S. M. Thampi, and N. Z. Jhanjhi, Eds. Cham, Switzerland: Springer, 2022, pp. 82–99.
P. Yan and Z. Yan, ‘‘A survey on dynamic mobile malware detection,’’ Softw. Quality J., vol. 26, no. 3, pp. 891–919, Sep. 2018.
A. Razgallah, R. Khoury, S. Hallé, and K. Khanmohammadi, ‘‘A survey of malware detection in Android apps: Recommendations and perspectives for future research,’’ Comput. Sci. Rev., vol. 39, Feb. 2021, Art. no. 100358.
S. Acharya, U. Rawat, and R. Bhatnagar, ‘‘A comprehensive review of Android security: Threats, vulnerabilities, malware detection, and analysis,’’ Secur. Commun. Netw., vol. 2022, pp. 1–34, Jun. 2022, doi: 10.1155/2022/7775917.
X. Zhan, T. Liu, L. Fan, L. Li, S. Chen, X. Luo, and Y. Liu, ‘‘Research on third-party libraries in Android apps: A taxonomy and systematic literature review,’’ IEEE Trans. Softw. Eng., vol. 48, no. 10, pp. 4181–4213, Oct. 2022.
L. Nie, K. S. Said, L. Ma, Y. Zheng, and Y. Zhao, ‘‘A systematic mapping study for graphical user interface testing on mobile apps,’’ IET Softw., vol. 17, no. 3, pp. 249–267, 2023.
P. Kong, L. Li, J. Gao, K. Liu, T. F. Bissyandé, and J. Klein, ‘‘Automated testing of Android apps: A systematic literature review,’’ IEEE Trans. Rel., vol. 68, no. 1, pp. 45–66, Mar. 2019.
M. Nass, E. Alégroth, and R. Feldt, ‘‘Why many challenges with GUI test automation (will) remain,’’ Inf. Softw. Technol., vol. 138, Oct. 2021, Art. no. 106625. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0950584921000963