{"id":"https://openalex.org/W4402442206","doi":"https://doi.org/10.1145/3650212.3680333","title":"Call Graph Soundness in Android Static Analysis","display_name":"Call Graph Soundness in Android Static Analysis","publication_year":2024,"publication_date":"2024-09-11","ids":{"openalex":"https://openalex.org/W4402442206","doi":"https://doi.org/10.1145/3650212.3680333"},"language":"en","primary_location":{"id":"doi:10.1145/3650212.3680333","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3650212.3680333","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://orbilu.uni.lu/bitstream/10993/62496/1/callgraph_soudness.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090389831","display_name":"Jordan Samhi","orcid":"https://orcid.org/0000-0001-6052-6184"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Jordan Samhi","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbrucken, Germany"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbrucken, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088079823","display_name":"Ren\u00e9 Just","orcid":"https://orcid.org/0000-0002-5982-275X"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]},{"id":"https://openalex.org/I58610484","display_name":"Seattle University","ror":"https://ror.org/02jqc0m91","country_code":"US","type":"education","lineage":["https://openalex.org/I58610484"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ren\u00e9 Just","raw_affiliation_strings":["University of Washington, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"University of Washington, Seattle, USA","institution_ids":["https://openalex.org/I201448701","https://openalex.org/I58610484"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082835974","display_name":"Tegawend\u00e9 F. Bissyand\u00e9","orcid":"https://orcid.org/0000-0001-7270-9869"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Tegawend\u00e9 F. Bissyand\u00e9","raw_affiliation_strings":["University of Luxembourg, Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032068969","display_name":"Michael D. Ernst","orcid":"https://orcid.org/0000-0001-9379-277X"},"institutions":[{"id":"https://openalex.org/I201448701","display_name":"University of Washington","ror":"https://ror.org/00cvxb145","country_code":"US","type":"education","lineage":["https://openalex.org/I201448701"]},{"id":"https://openalex.org/I58610484","display_name":"Seattle University","ror":"https://ror.org/02jqc0m91","country_code":"US","type":"education","lineage":["https://openalex.org/I58610484"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael D. Ernst","raw_affiliation_strings":["University of Washington, Seattle, USA"],"affiliations":[{"raw_affiliation_string":"University of Washington, Seattle, USA","institution_ids":["https://openalex.org/I201448701","https://openalex.org/I58610484"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5040326968","display_name":"Jacques Klein","orcid":"https://orcid.org/0000-0003-4052-475X"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Jacques Klein","raw_affiliation_strings":["University of Luxembourg, Luxembourg, Luxembourg"],"affiliations":[{"raw_affiliation_string":"University of Luxembourg, Luxembourg, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5090389831"],"corresponding_institution_ids":["https://openalex.org/I4210128801"],"apc_list":null,"apc_paid":null,"fwci":2.8034,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.91522097,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"945","last_page":"957"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9854000210762024,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/soundness","display_name":"Soundness","score":0.9319958686828613},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7569098472595215},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6229695081710815},{"id":"https://openalex.org/keywords/call-graph","display_name":"Call graph","score":0.6177822351455688},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.5689264535903931},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.5644140839576721},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4566582143306732},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.32268357276916504},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.27027273178100586}],"concepts":[{"id":"https://openalex.org/C39920170","wikidata":"https://www.wikidata.org/wiki/Q693083","display_name":"Soundness","level":2,"score":0.9319958686828613},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7569098472595215},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6229695081710815},{"id":"https://openalex.org/C102379954","wikidata":"https://www.wikidata.org/wiki/Q2589940","display_name":"Call graph","level":2,"score":0.6177822351455688},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.5689264535903931},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.5644140839576721},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4566582143306732},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.32268357276916504},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.27027273178100586}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3650212.3680333","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3650212.3680333","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},{"id":"pmh:oai:orbilu.uni.lu:10993/62496","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/62496","pdf_url":"https://orbilu.uni.lu/bitstream/10993/62496/1/callgraph_soudness.pdf","source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISSTA 2024 - Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (2024-09-11); Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, Vienna, Aut [Aut], 16-09-2024 => 20-09-2024","raw_type":"peer reviewed"},{"id":"pmh:oai:figshare.com:article/26302426","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Call_Graph_Soundness_in_Android_Static_Analysis/26302426","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"doi:10.60882/cispa.26302426.v1","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.26302426.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:orbilu.uni.lu:10993/62496","is_oa":true,"landing_page_url":"https://orbilu.uni.lu/handle/10993/62496","pdf_url":"https://orbilu.uni.lu/bitstream/10993/62496/1/callgraph_soudness.pdf","source":{"id":"https://openalex.org/S4306401815","display_name":"Open Repository and Bibliography (University of Luxembourg)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I186903577","host_organization_name":"University of Luxembourg","host_organization_lineage":["https://openalex.org/I186903577"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISSTA 2024 - Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (2024-09-11); Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, Vienna, Aut [Aut], 16-09-2024 => 20-09-2024","raw_type":"peer reviewed"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321038","display_name":"Fonds National de la Recherche Luxembourg","ror":"https://ror.org/039z13y21"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4402442206.pdf","grobid_xml":"https://content.openalex.org/works/W4402442206.grobid-xml"},"referenced_works_count":43,"referenced_works":["https://openalex.org/W1985752637","https://openalex.org/W2017025011","https://openalex.org/W2027538101","https://openalex.org/W2077202047","https://openalex.org/W2113115074","https://openalex.org/W2127723417","https://openalex.org/W2134732158","https://openalex.org/W2167363133","https://openalex.org/W2241404614","https://openalex.org/W2334597393","https://openalex.org/W2377819450","https://openalex.org/W2407313496","https://openalex.org/W2470899015","https://openalex.org/W2486032082","https://openalex.org/W2514626402","https://openalex.org/W2619760961","https://openalex.org/W2791028228","https://openalex.org/W2882999093","https://openalex.org/W2884888633","https://openalex.org/W2888272748","https://openalex.org/W2897025578","https://openalex.org/W2946175705","https://openalex.org/W2959352824","https://openalex.org/W2962992787","https://openalex.org/W2963204406","https://openalex.org/W2969874374","https://openalex.org/W2997903896","https://openalex.org/W3160974549","https://openalex.org/W3181963574","https://openalex.org/W3188145288","https://openalex.org/W3217382519","https://openalex.org/W3217712194","https://openalex.org/W4221141798","https://openalex.org/W4225594804","https://openalex.org/W4240601173","https://openalex.org/W4244726870","https://openalex.org/W4251541794","https://openalex.org/W4282829159","https://openalex.org/W4284664658","https://openalex.org/W4284673343","https://openalex.org/W4308641639","https://openalex.org/W4312737594","https://openalex.org/W4400484297"],"related_works":["https://openalex.org/W2867457158","https://openalex.org/W2159846532","https://openalex.org/W2979331965","https://openalex.org/W2791662519","https://openalex.org/W4389273713","https://openalex.org/W3089825636","https://openalex.org/W3036603968","https://openalex.org/W2767357856","https://openalex.org/W1567493346","https://openalex.org/W2334842536"],"abstract_inverted_index":{"Static":[0],"analysis":[1,77,82,92,98,121,157],"is":[2,22,35,53,62,99,141],"sound":[3],"in":[4,89,95,137,185],"theory,":[5],"but":[6,93],"an":[7,100],"implementation":[8],"may":[9],"unsoundly":[10],"fail":[11],"to":[12,26,38,124,171],"analyze":[13],"all":[14,183],"of":[15,29,42,60,127,135,148],"a":[16,23,80,96,142,145,165],"program's":[17],"code.":[18],"Any":[19,87],"such":[20,168,179],"omission":[21],"serious":[24],"threat":[25],"the":[27,30,36,40,65,90,105,118,128,186],"validity":[28],"tool's":[31],"output.":[32],"Our":[33,102],"work":[34],"first":[37],"measure":[39],"prevalence":[41],"these":[43,68],"omissions.":[44,69],"Previously,":[45],"researchers":[46],"and":[47,79],"analysts":[48],"did":[49],"not":[50,94],"know":[51],"what":[52,58],"missed":[54],"by":[55],"static":[56,97,114,120,156],"analysis,":[57],"sort":[59],"code":[61],"missed,":[63],"or":[64],"reasons":[66],"behind":[67],"To":[70],"address":[71,172],"this":[72],"gap,":[73],"we":[74],"ran":[75],"13static":[76],"tools":[78,122],"dynamic":[81,91],"on":[83],"1000":[84],"Android":[85,187],"apps.":[86],"method":[88],"unsoundness.":[101,149],"findings":[103],"include":[104],"following.":[106],"(1)":[107],"Apps":[108],"built":[109],"around":[110],"external":[111],"frameworks":[112],"challenge":[113],"analyzers.":[115],"On":[116],"average,":[117],"13":[119],"failed":[123],"capture":[125],"61%":[126],"dynamically-executed":[129],"methods.":[130],"(2)":[131],"A":[132],"high":[133,146],"level":[134,147],"precision":[136],"call":[138,196],"graph":[139,197],"construction":[140,198],"synonym":[143],"for":[144,164],"(3)":[150],"No":[151],"existing":[152],"approach":[153],"significantly":[154],"improves":[155],"soundness.":[158,201],"This":[159],"includes":[160,176],"those":[161],"specifically":[162],"tailored":[163],"given":[166],"mechanism,":[167],"as":[169,180],"DroidRA":[170],"reflection.":[173],"It":[174],"also":[175],"systematic":[177],"approaches,":[178],"EdgeMiner,":[181],"capturing":[182],"callbacks":[184],"framework":[188],"systematically.":[189],"(4)":[190],"Modeling":[191],"entry":[192],"point":[193],"methods":[194],"challenges":[195],"which":[199],"jeopardizes":[200]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2024-09-12T00:00:00"}