{"id":"https://openalex.org/W4406536165","doi":"https://doi.org/10.1145/3712308","title":"The Dark Side of Native Code on Android","display_name":"The Dark Side of Native Code on Android","publication_year":2025,"publication_date":"2025-01-17","ids":{"openalex":"https://openalex.org/W4406536165","doi":"https://doi.org/10.1145/3712308"},"language":"en","primary_location":{"id":"doi:10.1145/3712308","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3712308","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3712308","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5086859505","display_name":"Antonio Ruggia","orcid":"https://orcid.org/0000-0003-2435-9993"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Antonio Ruggia","raw_affiliation_strings":["EURECOM - Campus SophiaTech, Sophia Antipolis, France"],"raw_orcid":"https://orcid.org/0000-0003-2435-9993","affiliations":[{"raw_affiliation_string":"EURECOM - Campus SophiaTech, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008696869","display_name":"Andrea Possemato","orcid":"https://orcid.org/0000-0003-1223-0658"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Andrea Possemato","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France"],"raw_orcid":"https://orcid.org/0000-0003-1223-0658","affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025601945","display_name":"Savino Dambra","orcid":"https://orcid.org/0000-0002-0988-9366"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Savino Dambra","raw_affiliation_strings":["GenDigital, Sophia Antipolis, France"],"raw_orcid":"https://orcid.org/0000-0002-0988-9366","affiliations":[{"raw_affiliation_string":"GenDigital, Sophia Antipolis, France","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077703323","display_name":"Alessio Merlo","orcid":"https://orcid.org/0000-0002-2272-2376"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alessio Merlo","raw_affiliation_strings":["CASD - School of Advanced Defense Studies, Rome, Italy","CASD - School of Advanced Defense Studies, Rome Italy"],"raw_orcid":"https://orcid.org/0000-0002-2272-2376","affiliations":[{"raw_affiliation_string":"CASD - School of Advanced Defense Studies, Rome, Italy","institution_ids":[]},{"raw_affiliation_string":"CASD - School of Advanced Defense Studies, Rome Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030403848","display_name":"Simone Aonzo","orcid":"https://orcid.org/0000-0001-9547-3502"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Simone Aonzo","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France"],"raw_orcid":"https://orcid.org/0000-0001-9547-3502","affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5002025561","display_name":"Davide Balzarotti","orcid":"https://orcid.org/0000-0001-5957-6213"},"institutions":[{"id":"https://openalex.org/I1902872","display_name":"EURECOM","ror":"https://ror.org/00sse7z02","country_code":"FR","type":"education","lineage":["https://openalex.org/I1902872","https://openalex.org/I205703379"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Davide Balzarotti","raw_affiliation_strings":["EURECOM, Sophia Antipolis, France"],"raw_orcid":"https://orcid.org/0000-0001-5957-6213","affiliations":[{"raw_affiliation_string":"EURECOM, Sophia Antipolis, France","institution_ids":["https://openalex.org/I1902872"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":3.1921,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.89890365,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"28","issue":"2","first_page":"1","last_page":"33"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9681000113487244,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/great-rift","display_name":"Great Rift","score":0.7407945394515991},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6441404819488525},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4676375389099121},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3602714240550995},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.1506907343864441},{"id":"https://openalex.org/keywords/astronomy","display_name":"Astronomy","score":0.09878513216972351}],"concepts":[{"id":"https://openalex.org/C99394141","wikidata":"https://www.wikidata.org/wiki/Q1085203","display_name":"Great Rift","level":2,"score":0.7407945394515991},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6441404819488525},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4676375389099121},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3602714240550995},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.1506907343864441},{"id":"https://openalex.org/C1276947","wikidata":"https://www.wikidata.org/wiki/Q333","display_name":"Astronomy","level":1,"score":0.09878513216972351}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3712308","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3712308","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3712308","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3712308","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by-nc-sa","license_id":"https://openalex.org/licenses/cc-by-nc-sa","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W2017025011","https://openalex.org/W2027538101","https://openalex.org/W2080696000","https://openalex.org/W2106349977","https://openalex.org/W2343325785","https://openalex.org/W2407313496","https://openalex.org/W2533311740","https://openalex.org/W2557385690","https://openalex.org/W2577540292","https://openalex.org/W2620844046","https://openalex.org/W2765363641","https://openalex.org/W2890190663","https://openalex.org/W2891458271","https://openalex.org/W2957722460","https://openalex.org/W3042563546","https://openalex.org/W3111533025","https://openalex.org/W3114617537","https://openalex.org/W3188145288","https://openalex.org/W4242210993","https://openalex.org/W4244726870","https://openalex.org/W4245027182","https://openalex.org/W4245586948","https://openalex.org/W4405380708"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W3044357648","https://openalex.org/W630280895","https://openalex.org/W3203871998","https://openalex.org/W4280531227","https://openalex.org/W2841057185","https://openalex.org/W2155812076","https://openalex.org/W1565885216"],"abstract_inverted_index":{"From":[0],"a":[1,30,48,107,112,154,179,237,296,307,312,326],"little":[2],"research":[3],"experiment":[4],"to":[5,85,145,157,167,227,230,280,338],"an":[6,198],"essential":[7],"component":[8],"of":[9,69,201,224,240,268,329],"military":[10],"arsenals,":[11],"malicious":[12,73,147,232,252],"software":[13],"has":[14,58,64,106],"constantly":[15],"been":[16,65],"growing":[17],"and":[18,122,128,131,137,192,196,248,273,289,305,341],"evolving":[19],"for":[20,51,206,299,311],"more":[21],"than":[22],"three":[23],"decades.":[24],"On":[25],"the":[26,34,40,67,86,190,193,212,215,225,244,250,259,277,282],"other":[27],"hand,":[28],"from":[29,111],"negligible":[31],"market":[32],"share,":[33],"Android":[35,74,76,91,104,160,241],"operating":[36,45],"system":[37],"is":[38],"nowadays":[39],"most":[41],"widely":[42],"used":[43],"mobile":[44],"system,":[46],"becoming":[47],"desirable":[49],"target":[50],"large-scale":[52],"malware":[53,242],"distribution.":[54],"While":[55,99],"scientific":[56],"literature":[57],"followed":[59],"this":[60,150],"trend,":[61],"one":[62],"aspect":[63],"understudied:":[66],"role":[68],"native":[70,95,101,123,168,194,278],"code":[71,102,124,172,203,226,287],"in":[72,80,103],"apps.":[75],"apps":[77,105,161,257],"are":[78,142],"written":[79],"high-level":[81],"languages,":[82],"but":[83],"thanks":[84],"Java":[87],"Native":[88],"Interface":[89],"(JNI),":[90],"also":[92],"supports":[93],"calling":[94],"(C/C++)":[96],"library":[97],"functions.":[98],"allowing":[100],"strong":[108],"positive":[109],"impact":[110],"performance":[113],"perspective,":[114],"it":[115,275],"dramatically":[116],"complicates":[117],"its":[118,271],"analysis":[119,129,181,200,239],"because":[120],"bytecode":[121],"need":[125],"different":[126,135],"abstractions":[127],"algorithms,":[130],"they":[132,219],"thus":[133],"pose":[134],"challenges":[136],"limitations.":[138],"Consequently,":[139],"these":[140],"difficulties":[141],"often":[143],"(ab)used":[144],"hide":[146],"payloads.":[148],"In":[149],"work,":[151],"we":[152,235,294,303],"propose":[153],"novel":[155,290],"methodology":[156,334],"reverse":[158,216],"engineering":[159,217],"focusing":[162],"on":[163,184,229,258],"suspicious":[164,207,301,318],"patterns":[165],"related":[166],"components,":[169],"i.e.,":[170],"surreptitious":[171],"that":[173,332],"requires":[174],"further":[175],"inspection.":[176],"We":[177],"implemented":[178],"static":[180],"tool":[182],"based":[183],"such":[185],"methodology,":[186],"which":[187,222],"can":[188,335],"bridge":[189],"\u201cJava\u201d":[191],"worlds":[195],"perform":[197],"in-depth":[199],"tag":[202],"blocks":[204],"responsible":[205],"behavior.":[208],"These":[209],"tags":[210],"benefit":[211],"human":[213],"facing":[214],"task:":[218],"clearly":[220],"indicate":[221],"part":[223],"focus":[228],"find":[231],"code.":[233],"Then,":[234],"performed":[236],"longitudinal":[238],"over":[243],"past":[245],"10":[246],"years":[247],"compared":[249],"recent":[251],"samples":[253],"with":[254,285],"actual":[255],"top":[256],"Google":[260],"Play":[261],"Store.":[262],"Our":[263],"work":[264],"depicts":[265],"typical":[266],"behaviors":[267],"modern":[269],"malware,":[270],"evolution,":[272],"how":[274],"abuses":[276],"layer":[279],"complicate":[281],"analysis,":[283],"especially":[284],"dynamic":[286],"loading":[288],"anti-analysis":[291],"techniques.":[292],"Finally,":[293],"show":[295],"use":[297],"case":[298],"our":[300,323,333],"tags:":[302],"trained":[304],"tested":[306],"machine":[308],"learning":[309],"algorithm":[310],"binary":[313],"classification":[314],"task.":[315],"Even":[316],"if":[317],"does":[319],"not":[320],"imply":[321],"malicious,":[322],"classifier":[324],"obtained":[325],"remarkable":[327],"F1-score":[328],"0.97,":[330],"showing":[331],"be":[336],"helpful":[337],"both":[339],"humans":[340],"machines.":[342]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}