English
Related papers

Related papers: A Systematic Study of Android Non-SDK (Hidden) Ser…

200 papers

The Android permission system is a set of controls to regulate access to sensitive data and platform resources (e.g., camera). The fast evolving nature of Android permissions, coupled with inadequate documentation, results in numerous…

Software Engineering · Computer Science 2023-11-02 Sahrima Jannat Oishwee , Natalia Stakhanova , Zadia Codabux

Resource leak bugs in Android apps are pervasive and can cause serious performance degradation and system crashes. In recent years, several resource leak detection techniques have been proposed to assist Android developers in correctly…

Software Engineering · Computer Science 2016-11-28 Yepang Liu , Lili Wei , Chang Xu , Shing-Chi Cheung

Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity…

Cryptography and Security · Computer Science 2023-03-27 Anna-Katharina Wickert , Lars Baumgärtner , Michael Schlichtig , Krishna Narasimhan , Mira Mezini

This report summarizes our findings regarding a severe weakness in implementations of the Open Mobile API deployed on several Android devices. The vulnerability allows arbitrary code coming from a specially crafted Android application…

Cryptography and Security · Computer Science 2016-01-25 Michael Roland

Unlike the Web where each web page has a global URL to reach, a specific "content page" inside a mobile app cannot be opened unless the user explores the app with several operations from the landing page. Recently, deep links have been…

Software Engineering · Computer Science 2017-12-04 Yun Ma , Ziniu Hu , Dian Yang , Xuanzhe Liu

Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide…

Cryptography and Security · Computer Science 2022-10-21 Xiaoyu Sun , Xiao Chen , Li Li , Haipeng Cai , John Grundy , Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the…

Software Engineering · Computer Science 2023-03-20 Mugdha Khedkar

Android is among the most targeted platform by attackers. While attackers are improving their techniques, traditional solutions based on static and dynamic analysis have been also evolving. In addition to the application code, Android…

Cryptography and Security · Computer Science 2021-07-08 Sevil Sen , Burcu Can

Android apps can hold secret strings of themselves such as cloud service credentials or encryption keys. Leakage of such secret strings can induce unprecedented consequences like monetary losses or leakage of user private information. In…

Cryptography and Security · Computer Science 2025-01-15 Lili Wei , Heqing Huang , Shing-Chi Cheung , Kevin Li

User tracking is critical in the mobile ecosystem, which relies on device identifiers to build clear user profiles. In earlier ages, Android allowed easy access to non-resettable device identifiers like device serial numbers and IMEI by…

Cryptography and Security · Computer Science 2025-02-24 Zikan Dong , Liu Wang , Guoai Xu , Haoyu Wang

Existing Android vulnerability detection tools overwhelm teams with thousands of low-signal warnings yet uncover few true positives. Analysts spend days triaging these results, creating a bottleneck in the security pipeline. Meanwhile,…

Cryptography and Security · Computer Science 2025-09-01 Ziyue Wang , Liyi Zhou

Online services like Google provide a variety of application programming interfaces (APIs). These online APIs enable authenticated third-party services and applications (apps) to access a user's account data for tasks such as single sign-on…

Cryptography and Security · Computer Science 2021-11-08 David G. Balash , Xiaoyuan Wu , Miles Grant , Irwin Reyes , Adam J. Aviv

The Android ecosystem is vulnerable to issues such as app repackaging, counterfeiting, and piracy, threatening both developers and users. To mitigate these risks, developers often employ code obfuscation techniques. However, while effective…

Cryptography and Security · Computer Science 2025-02-10 Akila Niroshan , Suranga Seneviratne , Aruna Seneviratne

Android devices are equipped with many pre-installed applications which have the capability of tracking and monitoring users. Although applications coming pre-installed pose a great danger to user security and privacy, they have received…

Cryptography and Security · Computer Science 2023-01-31 Abdullah Ozbay , Kemal Bicakci

Android's permission system is designed to balance usability with informed consent, yet two legacy mechanisms still undermine that balance in Android 16: (i) permission groups that silently auto-grant new permissions within a group after a…

Cryptography and Security · Computer Science 2026-05-28 Olawale Amos Akanji , Manuel Egele , Gianluca Stringhini

Android introduces a new permission model that allows apps to request permissions at runtime rather than at the installation time since 6.0 (Marshmallow, API level 23). While this runtime permission model provides users with greater…

Software Engineering · Computer Science 2021-06-25 Ying Wang , Yibo Wang , Sinan Wang , Yepang Liu , Chang Xu , Shing-Chi Cheung , Hai Yu , Zhiliang Zhu

Google has mandated developers to use Data Safety Sections (DSS) to increase transparency in data collection and sharing practices. In this paper, we present a comprehensive analysis of Google's Data Safety Section (DSS) using both…

Computers and Society · Computer Science 2023-06-16 Rishabh Khandelwal , Asmit Nayak , Paul Chung , Kassem Fawaz

Fragmentation is a serious problem in the Android ecosystem. This problem is mainly caused by the fast evolution of the system itself and the various customizations independently maintained by different smartphone manufacturers. Many…

Software Engineering · Computer Science 2022-06-01 Pei Liu , Yanjie Zhao , Haipeng Cai , Mattia Fazzini , John Grundy , Li Li

The permission mechanism in the Android Framework is integral to safeguarding the privacy of users by managing users' and processes' access to sensitive resources and operations. As such, developers need to be equipped with an in-depth…

Software Engineering · Computer Science 2025-10-07 Han Hu , Wei Minn , Yonghui Liu , Jiakun Liu , Ferdian Thung , Terry Yue Zhuo , Lwin Khin Shar , Debin Gao , David Lo

Tools focused on cryptographic API misuse often detect the most basic expressions of the vulnerable use, and are unable to detect non-trivial variants. The question of whether tools should be designed to detect such variants can only be…

Cryptography and Security · Computer Science 2025-10-16 Victor Olaiya , Adwait Nadkarni