LiteratureReview.md

Malware Detection

• Static Analysis

  • SCanDroid: Automated Security Certification of Android Applications, Technical Report, 2009
  • Static Analysis of Executables for Collaborative Malware Detection on Android, ICC 2009
  • RiskRanker: Scalable and Accurate Zero-day Android Malware Detection, MobiSys 2012
  • Static Analysis of Android Programs, Information and Software Technolog, 2012
  • Systematic Detection of Capability Leaks in Stock Android Smartphones, NDSS 2012
  • CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities, CCS 2012
  • SCADAL: Static Analyzer for Detecting Privacy Leaks in Android Applications, MoST 2012
  • Structural Detection of Android Malware Using Embedded Call Graphs, AISec 2013 (tool: Adagio)
  • Targeted and Depth-first Exploration for Systematic Testing of Android Apps, OOPSLA 2013 (tool: A3E)
  • Detecting Passive Content Leaks and Pollution in Android Applications, NDSS 2013
  • Slicing Droids: Program Slicing for Smali Code, SAC 2013 (tool: SAAF)
  • Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation, SPSM 2013 (tool: Anadroid)
  • FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps, PLDI 2014
  • Apposcopy: Semantics-based Detection of Android Malware Through Static Analysis, FSE 2014
  • Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps, CCS 2014
  • AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts, ICSE 2014
  • AsDroid: Detecting Stealthy Behaviors in Android Applications by User Interface and Program Behavior Constradiction, ICSE 2014
  • Android Taint Flow Analysis for App Sets, SOAP 2014
  • Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale, USENIX Security 2015 (tool: MassVet)
  • Information Flow Analysis of Android Applications in DroidSafe, NDSS 2015
  • EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework, NDSS 2015
  • IccTA: Detecting Inter-Component Privacy Leaks in Android Apps, ICSE 2015
  • Static Control-Flow Analysis of User-Driven Callbacks in Android Applications, ICSE 2015
  • DroidJust: Automated Functionality-Aware Privacy Leakage Analysis for Android Applications, WiSec 2015 (tool: DroidJust)
  • DroidEagle: Seamless Detection of Visually Similar Android Apps, WiSec 2015 (tool: DroidEagle)
  • Profiling User-Trigger Dependence for Android Malware Detection, Computer&Security 2015
  • Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques, NDSS 2016 (tool: HARVESTER)
  • HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving, Euro S&P 2016
  • StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework, ICSE 2016
  • Toward a Framework for Detecting Privacy Policy Violation in Android Application Code, ICSE 2016
  • R-Droid: Leveraging Android App Analysis with Static Slice Optimization, AsiaCCS 2016 (tool: R-Droid)
  • Semantic Modelling of Android Malware for Effective Malware Comprehension, Detection and Classification, ISSTA 2016 (tool: SMART)
  • DroidRA: Taming Reflection to Support Whole-Program Analysis of Android Apps, ISSTA 2016 (tool: DroidRA)
  • TaintART: A Practical Multi-level Information-Flow Tracking System for Android RunTime, CCS 2016 (tool: TaintART)
  • ICCDetector: ICC-Based Malware Detection on Android, TIFS 2016 (tool: ICCDetector)
  • Software Architectural Principles in Contemporary Mobile Software: from Conception to Practice, Journal of Systems and Software, 2016
  • Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis, NDSS 2017
  • MaMaDroid: Detecting Android Malware by Building Markov Chains of Behavioral Models, NDSS 2017 (tool: MaMaDroid)
  • A SEALANT for Inter-App Security Holes in Android, ICSE 2017 (tool: SEALANT)
  • Adaptive Unpacking of Android Apps, ICSE 2017 (tool: PackerGrind)
  • An Efficient, Robust, and Scalable Approach for Analyzing Interacting Android Apps, ICSE 2017 (tool: JITANA)
  • LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications, arxiv 2017 (tool: LeakSemantic)
  • TriFlow: Triaging Android Applications using Speculative Information Flows, AsiaCCS 2017 (tool: TriFlow)
  • Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications, AsiaCCS 2017 (tool: DIALDroid)  + A Monte Carlo Tree Search approach to Active Malware Analysis, IJCAI 2017
  • Android Malware Clustering through Malicious Payload Mining, RAID 2017
  • Detection of Repackaged Android Malware with Code-Heterogeneity Features, TDSC 2017 (tool: DR-Droid)

• Dynamic Analysis

  • TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones, OSDI 2010
  • Crowdroid: Behavior-based Malware Detection System for Android, SPSM 2011
  • XManDroid: A New Android Evolution to Mitigate Privilege Escalation Attacks, Technical Report, 2011
  • DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, USENIX Security 2012
  • AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detector, SPSM 2013
  • PUMA: Programmable UI-automation for Large-scale Dynamic Analysis of Mobile Apps, MobiSys 2014 (tool: PUMA)
  • Checking Interation-Based Declassification Policies for Android Using Symbolic Execution, ESORICS 2015 (tool: ClickRelease)
  • BareDroid: Large-Scale Analysis of Android Apps on Real Devices, ACSAC 2015 (tool: BareDroid)
  • CopperDroid: Automatic Reconstruction of Android Malware Behaviors, NDSS 2015
  • Harvesting Runtime Values in Android Applications That Feature Anti-Analysis Techniques, NDSS 2016 (tool: HARVESTER)
  • IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware, NDSS 2016
  • DroidScribe: Classifying Android Malware Based on Runtime Behavior, MoST 2016 (tool: DroidScribe)
  • LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications, arxiv 2017 (tool: LeakSemantic)
  • DroidForensics: Accurate Reconstruction of Android Attacks via Multi-layer Forensic Logging, AsiaCCS 2017 (tool: DroidForensics)

• Machine Learning

  • Crowdroid: Behavior-based Malware Detection System for Android, SPSM 2011
  • "Andromaly": a Behavioral Malware Detection Framework for Android Devices, Journal of Intelligent Information Systems 2012
  • A Machine Learning Approach to Android Malware Detection, EISIC 2012
  • DroidAPIMiner: Mining API-Level Features for Robust Malware Detection in Android, Security and Privacy in Communication Networks, 2013
  • MAST: Triage for Market-scale Mobile Malware Analysis, 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2013
  • Machine Learning for Android Malware Detection Using Permission and API Calls, ICTAI 2013
  • Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis, CCS 2013
  • Structural Detection of Android Malware Using Embedded Call Graphs, AISec 2013 (tool: Adagio)
  • Rapid Permissions-Based Detection and Analysis of Mobile Malware Using Random Decision Forests, MILCOM 2013
  • DroidMiner: Automated Mining and Characterization of Fine-grained Malicious Behaviors in Android Applications, ESORICS 2014
  • Semantics-Aware Android Malware Classification Using Weighted Contextual API Dependency Graphs, CCS 2014
  • Drebin: Effective and Explainable Detection of Android Malware in Your Pocket, NDSS 2014
  • AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts, ICSE 2014
  • RiskMon: Continuous and Automated Risk Assessment of Mobile Applications, CODASPY 2014 (tool: RiskMon)
  • Machine Learning-Based Malware Detection for Android Applications: History Matters! Technical Report, 2014
  • Linear SVM-Based Android Malware Detection, Frontier and Innovation in Future Computing and Communications 2014
  • Mining Apps for Abnormal Usage of Sensitive Data, ICSE 2015
  • Obfuscation-Resilient, Efficient, and Accurate Detection and Family Identification of Android Malware, Technical Report, 2015 (tool: RevealDroid)
  • Heldroid: Fast and Efficient Linguistic-Based Ransomware Detection, UIC Master Disseration, 2015 (tool: Heldroid)
  • StormDroid: A Streaminglized Machine Learning-based System for Detecting Android Malware, AsiaCCS 2016
  • DroidScribe: Classifying Android Malware Based on Runtime Behavior, MoST 2016 (tool: DroidScribe)
  • LUNA: Quantifying and Leveraging Uncertainy in Android Malware Analysis through Bayesian Machine Learning, Euro S&P 2017 (tool: LUNA)
  • Dark Hazard: Learning-based, Large-Scale Discovery of Hidden Sensitive Operations in Android Apps, NDSS 2017
  • LeakSemantic: Identifying Abnormal Sensitive Network Transmissions in Mobile Applications, arxiv 2017 (tool: LeakSemantic
  • HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network, KDD 2017 (tool: HinDroid)
  • Detection of Repackaged Android Malware with Code-Heterogeneity Features, TDSC 2017 (tool: DR-Droid)

• Fingerprint & matching

  • Get Off of My Market: Detecting Malcious Apps in Official and ALternative Android Markets, NDSS 2012 (tool: DroidRanger)
  • DroidAnalytics: A Signature Based Analytic System to Collect, Extract, Analyze and Associate Android Malware, TRUSTCOM 2013
  • AppInk: Watermarking Android Apps for Repacking Deterrence, AsiaCCS 2013

• Formal Method & Symoblic Execution

  • New Privacy Issues in Mobile Telephony: Fix and Verification, CCS 2012
  • Contextual Policy Enforcement in Android Applications with Permission Event Graphs, NDSS 2012
  • Efficient Runtime Monitoring with Metric Temporal Logic: A Case Study in the Android Operating System, FM 2013
  • Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation, SPSM 2013 (tool: Anadroid)
  • AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection, CCS 2013
  • Checking Interation-Based Declassification Policies for Android Using Symbolic Execution, ESORICS 2015 (tool: ClickRelease)
  • HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving, Euro S&P 2016
  • Practical, Formal Synthesis and Autonomic Enforcement of Security Policies for Android, DSN 2016
  • Towards Model Checking Android Applications, TSE 2017 (tool: DroidPF)

• Realtime Monitoring

  • On Lightweight Mobile Phone Application Certification, CCS 2009 (tool: Kirin)
  • "Andromaly": a Behavioral Malware Detection Framework for Android Devices, Journal of Intelligent Information Systems 2012
  • Efficient Runtime Monitoring with Metric Temporal Logic: A Case Study in the Android Operating System, FM 2013
  • AppsPlayground: Automatic Security Analysis of Smartphone Applications, CODASPY 2013 (tool: AppsPlayground)
  • ARTist: The Android Runtime Instrumentation and Security Toolkit, Euro S&P 2017 (tool: ARTist)

• Testing

  • A GUI Crawling-based technique for Android Mobile Application Testing, ICSTW 2011
  • Experiences of System-Level Model-based GUI Testing of an Android Application, ICST 2011
  • Using GUI Ripping for Automated Testing of Android Applications, ASE 2012 (tool: AndroidRipper)
  • Testing Android Apps Through Symbolic Execution, ACM SIGSOFT Software Engineering Notes 2012
  • Automated Concolic Testing of Smartphone Apps, FSE 2012
  • Systematic Testing for Resource Leaks in Android Applications, ISSRE 2013
  • Automated Testing with Targeted Event Sequence Generation, ISSTA 2013 (tool: Collider)
  • Dynodroid: An Input Generation System for Android Apps, ESEC/FSE 2013 (tool: Dynodroid)
  • Automated Test Input Generation for Android: Are We There Yet? ASE 2015
  • Systematic Execution of Android Test Suites in Adverse Conditions, ISSTA 2015
  • Reducing Combinatorics in GUI Testing of Android Applications, ICSE 2016 (tool: TrimDroid)
  • Sapienz: Multi-objective Automated Testing for Android Applications, ISSTA 2016 (tool: Sapienz)
  • Energy-Aware Test-Suite Minimization for Android Apps, ISSTA 2016
  • Lifecycle and Event-based Testing for Android Applications, Ph.D Dissertation (author: GRAZIUSSI, SIMONE)
  • Automatic Input Generation for Mobile Testing, ICSE 2017
  • Guided, Stochastic Model-Based GUI Testing of Android Apps, FSE 2017 (tool: Stoat)
  • µDroid: An Energy-Aware Mutation Testing Framework for Android, FSE 2017 (tool: µDroid)
  • PATDroid: Permission-Aware GUI Testing of Android, FSE 2017 (tool: PATDroid)
  • Enabling Mutation Testing for Android Apps, FSE 2017 (tool: MDroid+)

Native Code Analysis

• Finding Bugs in Java Native Interface Programs, ISSTA 2008
• Robusta: Taming the Native Beast of the JVM, CCS 2010
• Native Code Execution Control for Attack Mitigation on Android, SPSM 2013
• NativeGuard: Protecting Android Applicaions from Third-Party Native Libraries, WiSec 2014
• Towards Bridging the Gap Between Dalvik Bytecode and Native Code During Static Analysis of Android Applications, IWCMC 2015
• Going Native: Using a Large-Scale Analysis of Android Apps to Create a Practical Native-Code Sandboxing Policy, NDSS 2016
• DroidNative: Semantic-Based Detection of Android, arXiv 2016 (tool: DroidNative)

Clone Analysis

• Juxtapp: A Scalable System for Detecting Code Resuse Among Android Applications, DIMVA 2012
• Attack of the Clones: Detecting Cloned Applications on Android Markets, ESORICS 2012
• Detecting Repackaged Smartphone Applications in Third-party Android Marketplaces, 2nd ACM Conference on Data and Application Security and Privacy, 2012 (tool: DroidMOSS)
• Plagiarizing Smartphone Applications: Attack Strategies and Defense Techniques, ESSoS 2012
• Fast, Scalable Detection of "Piggybacked" Mobile Applications, 3rd ACM Conference on Data and Application Security and Privacy, 2013
• Achieving Accuracy and Scalability Simultaneously in Detecting Application Clones on Android Markets, ICSE 2014
• ViewDoird: Towards Obfuscation-Resilient Mobile Application Repackaging Detection, WiSec 2014
• WuKong: A Scalable and Accurate Two-Phase Approach to Android App Clone Detection, ISSTA 2015
• CodeMatch: Obfuscation Won’t Conceal Your Repackaged App, FSE 2017 (tool: CodeMatch)

Network Traffic Analysis

• NetworkProfiler: Towards Automatic Fingerprinting of Android Apps, INFOCOM 2013
• AndroGenerator: An Automated and Configurable Android App Network Traffic Generation System, Security and Communication Networks 2015 (tool: AndroGenerator)
• I Know What You Did on Your Smartphone: Inferring App Usage Over Encrypted Data Traffic, CNS 2015

Ads & Libraries Analysis

• Unsafe Exposure Analysis of Mobile In-App Advertisements, WISEC 2012 (tool: AdRisk)
• AdSplit: Separating Smartphone Advertising from Applications, USENIX Security 2012 (tool: AdSplit)
• AdDroid: Privilege Separation for Applications and Advertisers in Android, AsiaCCS 2012 (tool: AdDroid)
• DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps, NSDI 2014 (tool: DECAF)
• An Investigation into the Use of Common Libraries in Android Apps, arXir 2015
• An Empirical Study of Mobile Ad Targeting, arXir 2015
• MAdScope: Characterizing Mobile In-App Targeted Ads, MobiSys 2015 (tool: MAdScope)
• Are these Ads Safe: Detecting Hidden Attacks through the Mobile App-Web Interfaces, NDSS 2016
• The Price of Free: Privacy Leakage in Personalized Mobile In-Apps Ads, NDSS 2016
• Free for All! Assessing User Data Exposure to Advertising Libraries on Android, NDSS 2016 (tool: Pluto)
• Following Devil’s Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS, S&P 2016 (tool: PhaLib)
• Reliable Third-Party Library Detection in Android and its Security Applications, CCS 2016
• LibD: Scalable and Precise Third-party Library Detection in Android Markets, ICSE 2017 (tool: LibD)

Inter-Component Communication Analysis

• Analyzing Inter-Application Communication in Android, MobiSys 2011 (tool: ComDroid)
• Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis, USENIX Security 2013
• An Empirical Study of the Robustness of Intercomponent Commmunication in Android, DSN 2012
• Scippa: System-Centric IPC Provenance on Android, ACSAC 2014 (tool: Scippa)
• Combining Static Analysis with Probabilistic Models to Enable Market-Scale Android Inter-component Analysis, POPL 2016 (tool: PRIMO [http://siis.cse.psu.edu/primo/])
• DroidDisintegrator: Intra-Application Information Flow Control in Android Apps, AsiaCCS 2016
• Checking Intent-based Communication in Android with Intent Space Analysis, AsiaCCS 2016

Android OS Enhancement

• Enhancing Security of Linux-based Android Devices, 15th international linux system technology conference, 2008
• Semantically Rich Application-CEntric Security in Android, ACSAC 2009 (tool: Saint)
• Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints, AsiaCCS 2011 (tool: Apex)
• YAASE: Yet Another Android Security Extension, IEEE International Conference on Privacy, Security, Risk and Trust, and IEEE International Conference on Social Computing 2011
• MockDroid: Trading Privacy for Application Functionality on Smartphones, HotMobile 2011 (tool: MockDroid)
• "These Aren't the Droids You're Looking For" Retrofitting Android to Protect Data from Imperious Applications, CCS 2011 (tool: AppFence)
• Aurasium: Practical Policy Enforcement for Android Applications, USENIX Security 2012
• RetroSkeleton: Retrofitting Android Apps, MobiSys 2013 (tool: RetroSkeleton)
• Flexible and Fine-grained Mandatory Access Control on Android for Devices Security and Privacy Policies, USENIX Security 2013 (tool: FlaskDroid)
• Security Enhanced (SE) Android: Bringing Flexible MAC to Android, NDSS 2013
• Android Security Framework: Extensible Multi-Layered Access Control on Android, ACSAC 2014 (framework: ASF)
• ASM: A Programmable Interface for Extending Android Security, USENIX Security, 2014
• A Bayesian Approach to Privacy Enforcement in Smartphones, USENIX Security 2014 (tool: BayesDroid)
• Surveying the Development of Biometric User Authentication on Mobile Phones, IEEE Communications Surveys & Tutorials, 2015
• DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices, NDSS 2015
• Boxify: Full-fledged App Sandboxing for Stock Android, USENIX Security 2015
• EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning, USENIX 2015
• FLEXDROID: Enforcing In-App Privilege Separation in Android, NDSS 2016
• Reference Hijacking: Patching, Protecting and Analyzing on Unmodified and Non-Rooted Android Devices, ICSE 2016 (prototype: PatchMan, ControlMan and TaintMan)
• Automated Partitioning of Android Applications for Trusted Execution Environments, ICSE 2016
• FLEX: A Flexible Code Authentication Framework for Delegating Mobile App Customization, AsiaCCS 2016
• WindowGuard: Systematic Protection of GUI Security in Android, NDSS 2017 (tool: WindowGuard)
• Adaptive Android Kernel Live Patching, USENIX Security 2017
• SPOKE: Scalable Knowledge Collection and Attack Surface Analysis of Access Control Policy for Security Enhanced Android, AsiaCCS 2017

Android Permission System

• A Formal Model to Analyze the Permission Authorization and Enforcement in the Android Framework, IEEE International Conference on Social Computing/IEEE International Conferene on Privacy, Security, Risk and Turst 2010
• Permission Re-Delegation: Attacks and Defenses, USENIX Security 2011
• Curbing Android Permission Creep, W2SP 2011
• Android Permissions Demystified, CCS 2011
• Is this App Safe? A Large Scale Study on Application Permissions and Risk Signals, WWW 2012
• Android Security Permissions - Can we trust them? S&P 2012
• PScout: Analyzing the Android Permission Specification, CCS 2012
• Permission based Android security: Issues and Countermeasures, Computers&Security 2014
• Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection, TIFS 2014
• Android Permission Remystified: A Field Study on Contextual Integrity, USENIX Security 2015
• Detection of Design Flaws in the Android Permission Protocol through Bounded Verification, FM 2015
• revDroid: Code Analysis of the Side Effects after Dynamic Permission Revocation of Android Apps, AsiaCCS 2016
• Small Changes, Big Changes: An Updated View on the Android Permission System, RAID 2016
• A Formal Approach for Detection of Security Flaws in the Android Permission System, Journal on Formal Aspects of Computing 2016

Anti-Malware Tool Auditing

• DroidChameleon: Evaluating Android Anti-malware Against Transformation Attacks, AsiaCCS 2013
• ADAM: An Automatic and Extensible Platform to Stree Test Android Anti-virus Systems, DIMVA 2013
• Enter Sandbox: Android Sandbox Comparison, IEEE Mobile Security Technologies (MoST) 2014
• Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks, IEEE TIFS 2014
• Towards Discovering and Understanding Unexpected Hazards in Tailoring Antivirus Software for Android, AsiaCCS 2015
• Uncovering the Dilemmas on Antivirus Software Design in Modern Mobile Platforms, ICST 2015
• How Current Android Malware Seeks to Evade Automated Code Analysis, Information Security Theory and Practice, 2016
• Mystique: Evolving Android Malware for Auditing Anti-Malware Tools, AsiaCCS 2016 (tool: Mystique)
• Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique, TIFS 2017 (tool: Mystique-S)

Characterization and Evolution

• Understanding Android Security, S&P 2009
• Language-Based Security on Android, PLAS 2009
• A Study of Android Application Security, USENIX Security 2011
• All Your Droid Are Belong To Us: A Survey of Current Android Attacks, USENIX WOOT 2011
• ProfileDroid: Multi-layer Profiling of Android Applications, MobiCom 2012
• Dissecting Android Malware: Characterization and Evoluation, S&P 2012
• An Empirical Study of API Stability and Adoption in the Android Ecosystem, ICSM 2013
• The Impact of Vendor Customizations on Android Security, CCS 2013
• An Empirical Study of Cryptographic Misuse in Android Applications, CCS 2013
• AndroSAT: Security Analysis Tool for Android Application, 8th International Conference on Emerging Security Information, System and Technologies, 2014
• A Taxonomy of Privilege Escalation Attacks in Android Applications, International Journal of Security and Networks 2014
• A Machine-learning Approach for Classifying and Categorizing Android Sources and Sinks, NDSS 2014
• Andrubis -- 1,000,000 Apps Later: A View on Current Android Malware Behaviors, BADGERS 2014 (tool: Andrubis)
• DroidRay: A Security Evaluation System for Customized Android Firmwares, AsiaCCS 2014 (tool: DroidRay)
• Securing Android: A Survey, Taxonomy, and Challenges, CSUR 2015
• Collaborative Security: A Survey and Taxonomy, CSUR 2015
• Android Malware Static Analysis Techniques, CISR 2015
• PRADA: Prioritizing Android Devices for Apps by Mining Large-Scale Usage Data, ICSE 2016 (It finds the prioritized devices for apps)
• SoK: Lessons Learned From Android Security Research For Appified Software Platforms, IEEE S&P 2016 (framework: SoK)
• A Taxonomy and Qualitative Comparison of Program Analysis Techniques for Security Assessment of Android Software, TSE 2016
• FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature, CCS 2016 (tool: FeatureSmith)
• *droid: Assessment and Evaluation of Android Application Analysis Tools, CSUR 2016 (tool: *droid)
• Toward Engineering a Secure Android Ecosystem: A Survey of Existing Techniques, CSUR 2016
• The Evolution of Android Malware and Android Analysis Techniques, CSUR 2017
• Understanding Android App Piggybacking: A Systematic Study of Malicious Code Grafting, TIFS 2017
• To Update or Not to Update: Insights From a Two-Year Study of Android App Evolution, AsiaCCS 2017

Automatic Malware Generation

• Automatic Generation of Mobile Malware Using Genetic Programming, Applications of Evolutionary Computation, 2015
• Mystique: Evolving Android Malware for Auditing Anti-Malware Tools, AsiaCCS 2016 (tool: Mystique)
• Auditing Anti-Malware Tools by Evolving Android Malware and Dynamic Loading Technique, TIFS 2017 (tool: Mystique-S)
• Automatic Generation of Inter-Component Communication Exploits for Android Applications, FSE 2017 (tool: LetterBomb)
• DroidPill: Pwn Your Daily-Use Apps, AsiaCCS 2017 (tool: DroidPill)

New vulnerabilities & Attacks

• Fuzzing the Phone in Your Phone, Black Hat USA 2009
• Privilege Escalation Attacks on Android, Information Security 2010
• Application Collusion Attack on the Permission-based Security Model and its Implications for Modern Smartphone Systems, REPORT 2011
• A Stealthy and Context-Aware Sound Trojan for Smartphones, NDSS 2011
• New Privacy Issues in Mobile Telephony: Fix and Verification, CCS 2012
• Why Eve and Mallory love Android: An analysis of Android SSL (in) security, CCS 2012
• UI Redressing Attacks on Android Devices, US BlackHat 2012 (vul: tapjacking)
• Upgrading Your Android, Elevating My Malware: Priviledge Escalation Through Mobile OS Updating, S&P 2014
• The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations, S&P 2014
• From Zygote to Morula: Fortifying Weakened ASLR on Android, S&P 2014
• Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks, USENIX Security 2014
• Gyrophone: Recognizing Speech From Gyroscope Signals, USENIX Security 2014
• Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services, CCS 2014
• Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications, NDSS 2014
• Divide-and-Conquer: Why Android Malware cannot be Stopped, ARES 2014 (tool:Sand-Finger)
• Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware, EuroSec 2014
• Evading Android Runtime Analysis via Sandbox Detection, AsiaCCS 2014
• Supor: Precise and Scalable Sensitive User Input Detection for Android Apps, USENIX 2014 (tool: Supor)
• AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications, NDSS 2014 (tool: AppSealer)
• You Shouldn't Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps, USENIX Security 2015
• COVERT: Compositional Analysis of Android Inter-App Permission Leakage, TSE 2015
• Grab'n Run: Practical and Safe Dynamic Code Loading in Android, Ph.D Disertation 2015
• From System Services Freezing to System Server Shutdown in Android: All You Need is a Loop in an App, CCS 2015 (tool: ASV-Hunter, vul:Android Stroke Vulnerabilies)
• Hare Hunting in the Wild Android: A Study on the Threat of Hanging Attribute References, CCS 2015 (tool: Harehunter, vul: hanging attribute references)
• Android Root and its Providers: A Double-Edged Sword, CCS 2015
• Leave Me Alone: App-Level Protection Against Runtime Information Gathering on Android, IEEE S&P 2015 (tool: App Guardian)
• An Investigation of the Android/BadAccents Malware which Exploits a new Android Tapjacking Attack, TechReport (TUD-CS-2015-0065), 2015
• Life after App Unistallation: Are the Data Still Alive? Data Residue Attacks on Android, NDSS 2016
• Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework, NDSS 2016 (tool: Kratos)
• MobiPlay: A Remote Execution Based Record-and-Replay Tool for Mobile Applications, ICSE 2016
• CDRep: Automatic Repair of Cryptographic-Misuses in Android Applications, AsiaCCS 2016
• Call Me Back! Attacks on System Server and System Apps in Android through Synchronous Callback, CCS 2016
• Android ION Hazard: the Curse of Customizable Memory Management System, CCS 2016
• The Misuse of Android Unix Domain Sockets and Security Implications, CCS 2016
• Show Me the Money! Finding Flawed Implementations of Third-party In-app Payment in Android Apps, NDSS 2017
• Semi-Automated Discovery of Server-Based Information Oversharing Vulnerabilities in Android Applications, ISSTA 2017
• BootStomp: On the Security of Bootloaders in Mobile Devices, USENIX Security 2017 (tool: BootStomp)
• Detecting Android Root Exploits by Learning from Root Providers, USENIX Security 2017
• An Autonomic and Permissionless Android Covert Channel, WiSec 2017
• DroidPill: Pwn Your Daily-Use Apps, AsiaCCS 2017 (tool: DroidPill)
• Secure Integration of Web Content and Applications on Commodity Mobile Operating Systems, AsiaCCS 2017 (tool: WIREFrame/WIRE)
• JGRE: An Analysis of JNI Global Reference Exhaustion Vulnerabilities in Android, DSN 2017 (tool: JGRE)
• System Service Call-oriented Symbolic Execution of Android Framework with Applications to Vulnerability Discovery and Exploit Generation, MobySys 2017 (tool: Centaur)
• Ghera: A Repository of Android App Vulnerability Benchmarks, PROMISE 2017 (tool: Ghera)
• Measuring the Insecurity of Mobile Deep Links of Android, USENIX Security 2017

Performance & Energy Analysis

• Accurate Online Power Estimation and Automatic Battery Behavior Based Power Model Generation for Smartphones, CODES+ISSS 2010(tool: PowerTutor)
• Monitoring Energy Consumption of Smartphones, iThings/CPSCom 2011(tool: SEMO)
• Bootstrapping Energy Debugging on Smartphones: A First Look at Energy Bugs in Mobile Devices, HotNets-X 2011
• Fine-Grained Power Modeling for Smartphones Using System Call Tracing, EuroSys 2011
• Where is the energy spent inside my app? Fine Grained Energy Accounting on Smartphones with Eprof, EuroSys 2012
• eDoctor: Automatically Diagnosing Abnormal Battery Drain Issues on Smartphones, USENIX 2013(tool: eDoctor)
• Calculating Source Line Level Energy Information for Android Applications, ISSTA 2013 (tool: vLens)
• GreenDroid: Automated Diagnosis of Energy Inefficiency for Smartphone Applications, TSE 2014
• Responsiveness Analysis Tool for Android Applications, DeMobile 2014
• Detecting Energy Bugs and Hotspots in Mobile Apps, FSE 2014
• SunCat: Helping Developers Understand and Predict Performance Problems in Smartphone Applications, ISSTA 2014 (tool: SunCat)
• Retrofitting Concurrency for Android Applications Through Refactoring, FSE 2014 (tool: Asynchronizer)
• Characterizing and Detecting Performance Bugs for Smartphone Applications, ICSE 2014 (tool: PerfChecker)
• Making Web Applications More Energy Efficient for OLED Smartphones, ICSE 2014 (tool: Nyx)
• Comparing Energy Profilers for Android, 21st Twente Student Conference on IT 2014
• Mining Energy-Greedy API Usage Patterns in Android Apps: An Empirical Study, MSR 2014
• An Empirical Study of the Energy Consumption of Android Applications, ICSME 2014
• Optimizing Energy of HTTP Requests in Android Applications, DeMobile 2015
• EnTrack: A System Facility for Analyzing Energy Consumption of Android System Services, UbiComp 2015
• Runtime Verification of Expected Energy Consumption in Smartphones, Model Checking Software 2015
• How Developers Detect and Fix Performance Bottlenecks in Android Apps, ICSME 2015
• PersisDroid: Android Performance Diagnosis via Anatomizing Asynchronous Executions, arXiv 2015
• CLAPP: Characterizing Loops in Android Applications, FSE 2015 (tool: CLAPP)
• Energy-Aware Test-Suite Minimization for Android Apps, ISSTA 2016
• Automatically Verifying and Reproducing Event-based Races in Android Apps, ISSTA 2016
• Battery-Aware Mobile Data Service, TMC 2016 (tool: B-MODS)
• Automated Energy Optimization of HTTP Requests for Mobile Applications, ICSE 2016 (tool: Bouquet)
• DefDroid: Towards a More Defensive Mobile OS Against Disruptive App Behavior, MobySys 2016 (tool: DefDroid)
• DiagDroid: Android Performance Diagnosis via Anatomizing Asynchronous Executions, FSE 2016 (tool: DiagDroid)
• Mining Test Repositories for Automatic Detection of UI Performance Regressions in Android Apps (tool: DUNE)
• Battery State-of-Health Estimation for Mobile Devices, ICCPS 2017 (tool: V-BASH)
• Hit by the Bus: QoS Degradation Attack on Android, AsiaCCS 2017
• µDroid: An Energy-Aware Mutation Testing Framework for Android, FSE 2017 (tool: µDroid)

Android GUI Analysis

• Automating GUI Testing for Android Applications, AST 2011
• SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications, SPSM 2012
• Finding Errors in Multi-threaded GUI Applications, ISSTA 2012
• A Grey-Box Approach for Automated GUI-model Generation of Mobile Applications, FASE 2013
• Guided GUI Testing of Android Apps with Minimal Restart and Approximate learning, OOPSLA 2013 (tool: Swift-Hand)
• Estimating Mobile Application Energy Consumption using Program Analysis, ICSE 2013 (tool: eLens)
• Static Window Transition Graphs for Android, ASE 2015
• What the App is That? Deception and Countermeasures in the Android User Interface, S&P 2015
• GUITAR: Piecing Together \Android App GUIs from Memory Images, CCS 2015
• Static Analysis of GUI Behavior in Android Applications, Ph.D Dissetation 2015
• Detecting Display Energy Hotspots in Android Apps, ICST 2015 (tool: dLens)
• Reducing Combinatorics in GUI Testing of Android Applications, ICSE 2016 (tool: TrimDroid)
• Attacks and Defence on Android Free Floating Windows, AsiaCCS 2016
• Automated Model-Based Android GUI Testing using Multi-level GUI Comparison Criteria, ASE 2016
• PATDroid: Permission-Aware GUI Testing of Android, FSE 2017 (tool: PATDroid)

Forensic Analysis

• WHYPER: Towards Automating Risk Assessment of Mobile Applications, USENIX Security 2013
• Checking App Behavior Against App Descriptions, ICSE 2014 (tool: CHABADA)
• A Forensic Analysis of Android Malware - How is Malware Written and How it Could be Detected? COMPSAC 2014
• Hey, NSA: Stay Away from my Market! Future Proofing App Markets against Powerful Attackers, CCS 2014
• VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images, CCS 2015
• Towards Automatic Generation of Security-Centric Descriptions for Android Apps, CCS 2015 (tool: DESCRIBEME)
• AUTOREB: Automatically Understanding the Review-to-Behavior Fidelity in Android Applications, CCS 2015 (tool: AUTOREB)
• On the Lack of Consensus in Anti-Virus Decisions Metrics and Insights on Building Ground Truths of Android Malware with VirusTotal, DIMVA 2016
• AVclass: A Tool for Massive Malware Labeling, RAID 2016 (tool: AVClass)
• Revisiting the Description-to-Behavior Fidelity in Android Applications, SANER 2016 (tool: TAPVerifier)
• Can We Trust the Privacy Policies of Android Apps? DSN 2016 (tool: PPChecker)
• Checking App User Interfaces against App Descriptions, WAMA 2016
• Automated Analysis of Privacy Requirements for Mobile Apps, NDSS 2017
• Recommending and Localizing Change Requests for Mobile Apps based on User Reviews, ICSE 2017
• Toward Detecting Collusive Ranking Manipulation Attackers in Mobile App Markets, AsiaCCS 2017
• Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks, AsiaCCS 2017
• Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy, TSE 2017 (tool: TAPVerifier)
• OASIS: Prioritizing Static Analysis Warnings for Android Apps Based on App User Reviews, FSE 2017 (tool: OASIS)

Obfuscation & Evasion Techniques

• Evading Android Runtime Analysis via Sandbox Detection, AsiaCCS 2014
• Rage Against the Virtual Machine: Hindering Dynamic Analysis of Android Malware, EuroSec 2014
• Stealth Attacks: An Extended Insight into the Obfuscation Effects on Android Malware, Computer & Science 2015
• Statistical Deobfuscation of Android Applications, CCS 2016

Fuzzing Test for Vulnerabilities

• Droidfuzzer: Fuzzing the Android Apps with Intent-filter Tag, MoMM 2013 (tool: Droidfuzzer)
• Intent Fuzzer: Crafting Intents of Death, WODA 2014
• Fuzzing Android System Services by Binder Call. (url: https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-BinderCall-To-Escalate-Privilege.pdf.)
• BinderCracker: Assessing the Robustness of Android System Services, arxiv 2016 (tool: BinderCracker)
• Making Malory Behave Maliciously: Targeted Fuzzing of Android Execution Environments, ICSE 2017 (tool: FuzzDroid)
• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, USENIX Security 2017 (tool: kAFL)

Analysis of Hybrid Android App

• Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks, NDSS 2014 (tool: NOFRAK)
• Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation, CCS 2014
• Reducing Attack Surface on Cordova-based Hybrid Mobile Apps, MobileDeli 2014
• Attack and Countermeasures for Webview on Mobile System, Dissertations 2014
• On the Static Analysis of Hybrid Mobile Apps, A Report on the State of Apache Cordova Nation, ESSoS 2016
• Automatic Permission Inference for Hybrid Mobile Apps, Journal of High Speed Networks 2016
• HybriDroid: Static Analysis Framework for Android Hybrid Applications, ASE 2016
• Fine-Grained Access Control for HTML5-Based Mobile Applications in Android, CCS 2016
• Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android, CCS 2016 (tool: Draco)

Android Compatibility Issues

• Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs, WCRE 2012
• Taming Android Fragmentation: Characterizing and Detecting Compatibility Issues for Android Apps, ASE 2016 (tool: FicFinder)

Large-Scale Android Malware Analysis

• Dissecting Android Malware: Characterization and Evoluation, S&P 2012
• AndRadar: Fast Discovery of Android Applications in Alternative Markets, DIMVA 2014 (tool: AndRadar)
• ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware Behaviors, BADGERS 2014 (tool: Andrubis)
• SherlockDroid: a Research Assistant to Spot Unknown Malware in Android Marketplaces, Journal of Computer Virology and Hacking Techniques 2015 (tool: SherlockDroid)
• DroidSearch: A Tool for Scaling Android App Triage to Real-world App Stores, SAI 2015 (tool: DroidSearch)
• Android Malware Development on Public Malware Scanning Platforms: A Large-scale Data-driven Study, IEEE BigData 2016 (tool: AMDHunter)

Sandbox Evasion

• Common Weakness of Android Malware Analysis Frameworks, NULL
• BareDroid: Large-Scale Analysis of Android Apps on Real Devices, ACSAC 2015 (tool: BareDroid)

Android Ransomware

• Heldroid: Fast and Efficient Linguistic-Based Ransomware Detection, UIC Master Disseration, 2015 (tool: Heldroid)

Financial App Analysis

• DroydSeuss: A Mobile Banking Trojan Tracker, TechReport? 2014 (tool: DroydSeuss)
• An Experimental Evaluation of Vulnerability of Branchless Banking Application in Android Environment, International Journal of Emerging Research in Management & Technology, 2016
• Repackaging Attack on Android Banking Applications and Its Countermeasures, Wireless Personal Communications
• Breaking Ad-hoc Runtime Integrity Protection Mechanisms in Android Financial Apps, AsiaCCS 2017 (tool: MERCIDroid)

Race Condition Analysis

• Effective Race Detection for Event-Driven Programs, OOPSLA 2013 (tool: EventRacer)
• Race Detection for Event-Driven Mobile Application, PLDI 2014 (tool: CAFA)
• SdnRacer: Detecting Concurrency Violations in Software-Defined Networks, SOSR 2015 (tool: SdnRacer)
• Scalable Race Detection in Android Applications, OOPSLA 2015
• Automatically Verifying and Reproducing Event-based Races in Android Apps, ISSTA 2016 (tool: ERVA)
• Efficient Race Detection in the Presence of Programmatic Event Loops, ISSTA 2016 (tool: SparseRacer)
• Generating Test Cases to Expose Concurrency Bugs in Android Applications, ASE 2016 (tool: RacerDroid)
• Stateless Model Checking with Data-Race Preemption Points, OOPSLA 2016 (tool: Quicksand)
• Partial Order Reduction for Event-Driven Multi-threaded Programs, TACAS 2016
• Precise and Maximal Race Detection from Incomplete Traces, OOPSLA 2016 (tool: RDIT)
• RDIT: Race Detection from Incomplete Traces, FSE 2016 (tool: RDIT)

IoT Stuff

• Analysis and Testing of Notifications in Android Wear Applications, ICSE 2017

Knowledge Mining

• An Empirical Analysis of Bug Reports and Bug Fixing in Open Source Android Apps, CSMR 2013
• Works For Me! Characterizing Non-reproducible Bug Reports, MSR 2014
• A Cross-platform Analysis of Bugs and Bug-fixing in Open Source Projects: Desktop vs. Android vs. iOS, EASE 2015
• An Empirical Study on Bug Reports of Android 3rd Party Libraries

Data & Code Protection

• Understanding Users’ Requirements for Data Protection in Smartphones, ICDEW 2012
• Code Protection in Android, MASTER Dissertation 2012
• AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware, RAID 2015 (tool: AppSpear)
• DexHunter: Toward Extracting Hidden Code from Packed Android Applications, ESORICS 2015 (tool: DexHunter)
• Cashtags: Protecting the Input and Display of Sensitive Data, USENIX Security 2015 (tool: Cashtags)
• SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps, USENIX Security 2015 (tool: SUPOR)
• UIPicker: User-Input Privacy Identification in Mobile Applications, USENIX Security 2015 (tool: UIPicker)
• AppShell: Making Data Protection Practical for Lost or Stolen Android Devices, NOMS 2016 (tool: AppShell)
• SchrodinText: Strong Protection of Sensitive Textual Content of Mobile Applications, MobiSys 2017 (tool: SchrodinText)
• UiRef: Analysis of Sensitive User Inputs in Android Applications, WiSec 2017 (tool: UiRef)
• Using Hover to Compromise the Confidentiality of User Input on Android, WiSec 2017 (tool: Hoover)
• Adaptive Unpacking of Android Apps, ICSE 2017
• Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions, arXiv 2017