English
Related papers

Related papers: Call Graph Soundness in Android Static Analysis

200 papers

Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and…

Cryptography and Security · Computer Science 2018-06-29 Richard Bonett , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Building sound and precise static call graphs for real-world JavaScript applications poses an enormous challenge, due to many hard-to-analyze language features. Further, the relative importance of these features may vary depending on the…

Programming Languages · Computer Science 2022-05-16 Madhurima Chakraborty , Renzo Olivares , Manu Sridharan , Behnaz Hassanshahi

Never before has any OS been so popular as Android. Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking,…

Cryptography and Security · Computer Science 2023-02-16 Xiaoyu Sun

Mobile application security has been a major area of focus for security research over the course of the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However,…

Cryptography and Security · Computer Science 2021-07-20 Amit Seal Ami , Kaushal Kafle , Kevin Moran , Adwait Nadkarni , Denys Poshyvanyk

Many Android applications collect data from users. When they do, they must protect this collected data according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the…

Software Engineering · Computer Science 2023-03-20 Mugdha Khedkar

Following the increasing popularity of mobile ecosystems, cybercriminals have increasingly targeted them, designing and distributing malicious apps that steal information or cause harm to the device's owner. Aiming to counter them,…

Cryptography and Security · Computer Science 2018-07-16 Lucky Onwuzurike , Mario Almeida , Enrico Mariconti , Jeremy Blackburn , Gianluca Stringhini , Emiliano De Cristofaro

Java static analysis frameworks are commonly compared under the assumption that analysis algorithms and configurations compose monotonically and yield semantically comparable results across tools. In this work, we show that this assumption…

Software Engineering · Computer Science 2026-04-02 Fangtian Zhong , Ollie Wold , Joseph Windmann

The popularity and wide adoption of JavaScript both at the client and server side makes its code analysis more important than ever before. Most of the algorithms for vulnerability analysis, coding issue detection, or type inference rely on…

Software Engineering · Computer Science 2024-05-14 Gábor Antal , Péter Hegedűs , Zoltán Tóth , Rudolf Ferenc , Tibor Gyimóthy

Static analyses make the increasingly tenuous assumption that all source code is available for analysis; for example, large libraries often call into native code that cannot be analyzed. We propose a points-to analysis that initially makes…

Programming Languages · Computer Science 2017-11-10 Osbert Bastani , Lazaro Clapp , Saswat Anand , Rahul Sharma , Alex Aiken

Static analysis plays a key role in finding bugs, including security issues. A critical step in static analysis is building accurate call graphs that model function calls in a program. However, due to hard-to-analyze language features,…

Software Engineering · Computer Science 2025-06-24 Masudul Hasan Masud Bhuiyan , Gianluca De Stefano , Giancarlo Pellegrino , Cristian-Alexandru Staicu

Security of Android devices is now paramount, given their wide adoption among consumers. As researchers develop tools for statically or dynamically detecting suspicious apps, malware writers regularly update their attack mechanisms to hide…

Cryptography and Security · Computer Science 2022-10-21 Xiaoyu Sun , Xiao Chen , Li Li , Haipeng Cai , John Grundy , Jordan Samhi , Tegawendé F. Bissyandé , Jacques Klein

Asynchrony has become an inherent element of JavaScript, as an effort to improve the scalability and performance of modern web applications. To this end, JavaScript provides programmers with a wide range of constructs and features for…

Programming Languages · Computer Science 2019-01-14 Thodoris Sotiropoulos , Benjamin Livshits

Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since the European Union rolled out the General Data Protection Regulation…

Software Engineering · Computer Science 2024-02-13 Mugdha Khedkar , Eric Bodden

The Android mining sandbox approach consists in running dynamic analysis tools on a benign version of an Android app and recording every call to sensitive APIs. Later, one can use this information to (a) prevent calls to other sensitive…

The present paper proposes the first static analysis for Android applications which is both flow-sensitive on the heap abstraction and provably sound with respect to a rich formal model of the Android platform. We formulate the analysis as…

Cryptography and Security · Computer Science 2017-06-13 Stefano Calzavara , Ilya Grishchenko , Adrien Koutsos , Matteo Maffei

Relying on ubiquitous Internet connectivity, applications on mobile devices frequently perform web requests during their execution. They fetch data for users to interact with, invoke remote functionalities, or send user-generated content or…

Software Engineering · Computer Science 2017-05-22 Marianna Rapoport , Philippe Suter , Erik Wittern , Ondřej Lhoták , Julian Dolby

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they…

Software Engineering · Computer Science 2023-05-05 Alexandre Bartel , Jacques Klein , Martin Monperrus , Yves Le Traon

Dynamically executing specific target methods in Android applications remains a critical and unresolved challenge. Despite notable advancements in GUI testing, current tools are insufficient for reliably driving execution toward specific…

Software Engineering · Computer Science 2026-01-21 Samuele Doria , Eleonora Losiouk

Static analyses aspire to explore all possible executions in order to achieve soundness. Yet, in practice, they fail to capture common dynamic behavior. Enhancing static analyses with dynamic information is a common pattern, with tools such…

Programming Languages · Computer Science 2019-05-07 Neville Grech , George Fourtounis , Adrian Francalanza , Yannis Smaragdakis

Mobile applications, often simply called "apps", are increasingly widespread, and we use them daily to perform a number of activities. Like all software, apps must be adequately tested to gain confidence that they behave correctly.…

Software Engineering · Computer Science 2015-04-01 Shauvik Roy Choudhary , Alessandra Gorla , Alessandro Orso
‹ Prev 1 2 3 10 Next ›