REFERENCES applications,"in Proceedings of the 2017 1Ith Joint Meeting on Foundations of Sofware Engineering.ESEC/FSE 2017.Paderborn. [I]A.P.Felt,H.J.Wang.A.Moshchuk,S.Hanna,and E.Chin Germany.September 4-8.2017.2017.pp.661-671.[Online]. "Permission re-delegation:Attacks and defenses,"in 20th USENIX Available:http://doi.acm.org/10.1145/3106237.3106286 Security Symposium.San Francisco.CA.USA.August 8-12,2011. Proceedings.2011.[Onlinel.Available:http://static.usenix.org/events/ secl1/tech/full_papers/Felt.pdf [2]J.Yan,X.Deng.P.Wang,T.Wu,J.Yan,and J.Zhang,"Characterizing and identifying misexposed activities in android applications,"in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering.ASE 2018,Montpellier.France. September 3-7.2018,2018,pp.691-701.[Online].Available: htps/doi.org/10.1145/3238147.3238164 [3]M.C.Grace.Y.Zhou.Z.Wang.and X.Jiang,"Systematic detection of capability leaks in stock android smartphones,"in 19th Annual Network and Distributed System Security Symposium.NDSS 2012.San Diego,California,USA.February 5-8,2012.2012 [Online].Available:https://www.ndss-symposium.org/ndss2012/ systematic-detection-capability-leaks-stock-android-smartphones [4]"Z3 wiki,"https://github.com/Z3Prover/z3/wiki. [51 "Soot."https://sable.github.io/soot/. [6]S.Arzt,S.Rasthofer.C.Fritz,E.Bodden,A.Bartel,J.Klein, Y.L.Traon,D.Octeau,and P.D.McDaniel,"Flowdroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android apps,"in ACM SIGPLAN Conference on Programming Language Design and Implementation,PLDI '14.Edinburgh,United Kingdom June 09.11.2014.2014.pp.259-269.[Online]. Available:http://doi.acm.org/10.1145/2594291.2594299 [7]L.Li,A.Bartel,T.F.Bissyande,J.Klein,Y.L.Traon,S.Arzt, S.Rasthofer,E.Bodden.D.Octeau.and P.D.McDaniel,"Iccta Detecting inter-component privacy leaks in android apps"in37h IEEE/ACM International Conference on Software Engineering,ICSE 1 IOnlimel Avable:hps/dorC0 2015.Florence.Italy.May 16-24.2015.Volume 1.2015. [8]A.Desnos er al.,"Androguard:Reverse engineering.malware and goodware analysis of android applications,"URL code.google com/p/androguard,p.153.2013. [9]S.Rasthofer,S.Arzt,and E.Bodden,"A machine-learning for classifving and categorizing android sources and sinks. Annual Network and Distributed System Security Symposium,NDSS 2014.San Diego,Califoria.USA.February 23-26.2014.2014. [Online].Available: https://www.ndss-symposium.org/ndss2014/ machine-learning-approach-classifying-and-categorizing-android- sources-and-sinks [10]"Reaching definition wiki,"https://en.wikipedia.org/wiki/Reaching_ definition. [11]"Dexguard."https://www.guardsquare.com/en/products/dexguard. [12]A.Bartel,J.Klein,Y.L.Traon,and M.Monperrus,"Dexpler converting android dalvik bytecode to jimple for static analysis with soot,"in Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis,SOAP 2012. Beijing.China,June 14,2012,2012.pp.27-38.[Online].Available: https:/ldoi.org/10.1145/2259051.2259056 [13]Y.He and Q.Li,"Detecting and defending against inter-app permission leaks in android apps."in 35th IEEE International Performance Computing and Communications Conference,IPCCC 2016.Las Vegas,NV.USA,December 9-11,2016,2016.pp.1-7. [Online].Available:https://doi.org/10.1109/PCCC.2016.7820624 [14]E.Chin.A.P.Felt.K.Greenwood,and D.A.Wagner."Analyzing inter-application communication in android,"in Proceedings of the 9th International Conference on Mobile Systems,Applications, and Services (MobiSys 2011).Bethesda,MD.USA.June 28- July 01.2011,2011.pp.239-252.[Online].Available:http: /doi.acm.org/10.1145/1999995.2000018 [15]F.Liu,H.Cai,G.Wang,D.Yao.K.O.Elish,and B.G.Ryder,"Mr- droid:A scalable and prioritized analysis of inter-app communication risks."in 2017 IEEE Security and Privacy Workshops.SP Workshops 2017.San Jose,CA.USA.May 25.2017.2017.pp. 189-198. [Online].Available:https://doi.org/10.1109/SPW.2017.12 [16]X.Zhong.F.Zeng.Z.Cheng,N.Xie,X.Qin,and S.Guo,"Privilege escalation detecting in android applications,"in 3rd International Conference on Big Data Computing and Communications,BIGCOM 2017,.Chengdu.China,.August10-1,2017,2017.pp.3944. [Online].Available:https://doi.org/10.1109/BIGCOM.2017.21 [17]J.Garcia,M.Hammad,N.Ghorbani,and S.Malek,"Automatic generation of inter-component communication exploits for android 295REFERENCES [1] A. P. Felt, H. J. Wang, A. Moshchuk, S. Hanna, and E. Chin, “Permission re-delegation: Attacks and defenses,” in 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-12, 2011, Proceedings, 2011. [Online]. Available: http://static.usenix.org/events/ sec11/tech/full papers/Felt.pdf [2] J. Yan, X. Deng, P. Wang, T. Wu, J. Yan, and J. Zhang, “Characterizing and identifying misexposed activities in android applications,” in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE 2018, Montpellier, France, September 3-7, 2018, 2018, pp. 691–701. [Online]. Available: https://doi.org/10.1145/3238147.3238164 [3] M. C. Grace, Y. Zhou, Z. Wang, and X. Jiang, “Systematic detection of capability leaks in stock android smartphones,” in 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5-8, 2012, 2012. [Online]. Available: https://www.ndss-symposium.org/ndss2012/ systematic-detection-capability-leaks-stock-android-smartphones [4] “Z3 wiki,” https://github.com/Z3Prover/z3/wiki. [5] “Soot,” https://sable.github.io/soot/. [6] S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. L. Traon, D. Octeau, and P. D. McDaniel, “Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps,” in ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014, 2014, pp. 259–269. [Online]. Available: http://doi.acm.org/10.1145/2594291.2594299 [7] L. Li, A. Bartel, T. F. Bissyande, J. Klein, Y. L. Traon, S. Arzt, ´ S. Rasthofer, E. Bodden, D. Octeau, and P. D. McDaniel, “Iccta: Detecting inter-component privacy leaks in android apps,” in 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, Volume 1, 2015, pp. 280–291. [Online]. Available: https://doi.org/10.1109/ICSE.2015.48 [8] A. Desnos et al., “Androguard: Reverse engineering, malware and goodware analysis of android applications,” URL code. google. com/p/androguard, p. 153, 2013. [9] S. Rasthofer, S. Arzt, and E. Bodden, “A machine-learning approach for classifying and categorizing android sources and sinks,” in 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014, 2014. [Online]. Available: https://www.ndss-symposium.org/ndss2014/ machine-learning-approach-classifying-and-categorizing-android￾sources-and-sinks [10] “Reaching definition wiki,” https://en.wikipedia.org/wiki/Reaching definition. [11] “Dexguard,” https://www.guardsquare.com/en/products/dexguard. [12] A. Bartel, J. Klein, Y. L. Traon, and M. Monperrus, “Dexpler: converting android dalvik bytecode to jimple for static analysis with soot,” in Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis, SOAP 2012, Beijing, China, June 14, 2012, 2012, pp. 27–38. [Online]. Available: https://doi.org/10.1145/2259051.2259056 [13] Y. He and Q. Li, “Detecting and defending against inter-app permission leaks in android apps,” in 35th IEEE International Performance Computing and Communications Conference, IPCCC 2016, Las Vegas, NV, USA, December 9-11, 2016, 2016, pp. 1–7. [Online]. Available: https://doi.org/10.1109/PCCC.2016.7820624 [14] E. Chin, A. P. Felt, K. Greenwood, and D. A. Wagner, “Analyzing inter-application communication in android,” in Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services (MobiSys 2011), Bethesda, MD, USA, June 28 - July 01, 2011, 2011, pp. 239–252. [Online]. Available: http: //doi.acm.org/10.1145/1999995.2000018 [15] F. Liu, H. Cai, G. Wang, D. Yao, K. O. Elish, and B. G. Ryder, “Mr￾droid: A scalable and prioritized analysis of inter-app communication risks,” in 2017 IEEE Security and Privacy Workshops, SP Workshops 2017, San Jose, CA, USA, May 25, 2017, 2017, pp. 189–198. [Online]. Available: https://doi.org/10.1109/SPW.2017.12 [16] X. Zhong, F. Zeng, Z. Cheng, N. Xie, X. Qin, and S. Guo, “Privilege escalation detecting in android applications,” in 3rd International Conference on Big Data Computing and Communications, BIGCOM 2017, Chengdu, China, August 10-11, 2017, 2017, pp. 39–44. [Online]. Available: https://doi.org/10.1109/BIGCOM.2017.21 [17] J. Garcia, M. Hammad, N. Ghorbani, and S. Malek, “Automatic generation of inter-component communication exploits for android applications,” in Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2017, Paderborn, Germany, September 4-8, 2017, 2017, pp. 661–671. [Online]. Available: http://doi.acm.org/10.1145/3106237.3106286 295