English
Related papers

Related papers: Call Graph Soundness in Android Static Analysis

200 papers

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a…

Cryptography and Security · Computer Science 2013-03-21 Alexandre Bartel , Jacques Klein , Martin Monperrus , Yves Le Traon

App quality has been shown to be the most important indicator of app adoption. To assure quality, developers mainly use testing to find bugs in app and apply structural and GUI test coverage criteria. However, mobile apps have more…

Software Engineering · Computer Science 2019-11-22 Danilo Dominguez Perez , Wei Le

Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of…

Software Engineering · Computer Science 2023-11-14 Georgios Liargkovas , Evangelia Panourgia , Diomidis Spinellis

Analyzing Android applications for malicious behavior is an important area of research, and is made difficult, in part, by the increasingly large number of applications available for the platform. While techniques exist to perform static…

Cryptography and Security · Computer Science 2014-10-29 Michael Bierma , Eric Gustafson , Jeremy Erickson , David Fritz , Yung Ryn Choe

Android apps must work correctly even if their execution is interrupted by external events. For instance, an app must work properly even if a phone call is received, or after its layout is redrawn because the smartphone has been rotated.…

Software Engineering · Computer Science 2020-10-13 Oliviero Riganelli , Simone Paolo Mottadelli , Claudio Rota , Daniela Micucci , Leonardo Mariani

The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of…

Software Engineering · Computer Science 2024-01-17 Feiyang Tang , Bjarte M. Østvold

Android is becoming ubiquitous and currently has the largest share of the mobile OS market with billions of application downloads from the official app market. It has also become the platform most targeted by mobile malware that are…

Cryptography and Security · Computer Science 2016-07-28 Mohammed K. Alzaylaee , Suleiman Y. Yerima , Sakir Sezer

The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to…

Cryptography and Security · Computer Science 2020-06-03 Mohammad Ghafari , Pascal Gadient , Oscar Nierstrasz

Static code analysis is a powerful approach to detect quality deficiencies such as performance bottlenecks, safety violations or security vulnerabilities already during a software system's implementation. Yet, as current software systems…

Software Engineering · Computer Science 2017-10-23 Eric Bodden

Despite its widespread use in Android apps, reflection poses graving problems for static security analysis. Currently, string inference is applied to handle reflection, resulting in significantly missed security vulnerabilities. In this…

Cryptography and Security · Computer Science 2016-12-19 Yifei Zhang , Tian Tan , Yue Li , Jingling Xue

Without quantitative data, deciding whether and how to use static analysis in a development workflow is a matter of expert opinion and guesswork rather than an engineering trade-off. Moreover, relevant data collected under real-world…

Software Engineering · Computer Science 2020-03-09 William R. Nichols

Java 7 introduced programmable dynamic linking in the form of the invokedynamic framework. Static analysis of code containing programmable dynamic linking has often been cited as a significant source of unsoundness in the analysis of Java…

Programming Languages · Computer Science 2020-01-09 George Fourtounis , Yannis Smaragdakis

As the complexity of mobile applications grows exponentially and the fragmentation of user device environments intensifies, ensuring online application stability faces unprecedented challenges. Traditional methods, such as static logging…

Software Engineering · Computer Science 2025-12-29 Qi Hu , Jiangchao Liu , Xin Yu , Lin Zhang , Edward Jiang

Static analysis is a growing application of software engineering, leading to a range of essential security tools, bug-finding tools, as well as software verification. Recent years show an increase of universal static analysis tools that…

Programming Languages · Computer Science 2024-04-22 Avi Hayoun , Veselin Raychev , Jack Hair

Today most developers utilize source code written by other parties. Because the code is modified frequently, the developers need to grasp the impact of the modification repeatedly. A call graph and especially its special type, a call path,…

Data Structures and Algorithms · Computer Science 2016-02-15 Koji Yamamoto , Taka Matsutsuka

Android User Interface (UI) testing is a critical research area due to the ubiquity of apps and the challenges faced by developers. Record and replay (R&R) tools facilitate manual and automated UI testing by recording UI actions to execute…

Software Engineering · Computer Science 2025-04-30 Zihe Song , S M Hasan Mansur , Ravishka Rathnasuriya , Yumna Fatima , Wei Yang , Kevin Moran , Wing Lam

Static analysis of structures is a fundamental step for determining the stability of structures. Both linear and non-linear static analyses consist of the resolution of sparse linear systems obtained by the finite element method. The…

Machine Learning · Computer Science 2022-01-17 Luca Grementieri , Francesco Finelli

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may…

Cryptography and Security · Computer Science 2012-05-01 Steffen Bartsch , Karsten Sohr , Michaela Bunke , Oliver Hofrichter , Bernhard Berger

Ethereum smart contracts are distributed programs running on top of the Ethereum blockchain. Since program flaws can cause significant monetary losses and can hardly be fixed due to the immutable nature of the blockchain, there is a strong…

Cryptography and Security · Computer Science 2021-01-15 Clara Schneidewind , Markus Scherer , Matteo Maffei

Background. Evidence suggests that mobile applications are not thoroughly tested as their desktop counterparts. In particular GUI testing is generally limited. Like web-based applications, mobile apps suffer from GUI test fragility, i.e.…

Software Engineering · Computer Science 2017-11-13 Riccardo Coppola , Maurizio Morisio , Marco Torchiano