Android permissions demystified

Short paper: a look at smartphone permission models

Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices

Detecting repackaged smartphone applications in third-party android marketplaces

Proceedings of the second ACM conference on Data and Application Security and Privacy

Defending users against smartphone apps: techniques and future directions

ICISS'11 Proceedings of the 7th international conference on Information Systems Security

Unsafe exposure analysis of mobile in-app advertisements

Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks

Is this app safe?: a large scale study on application permissions and risk signals

Proceedings of the 21st international conference on World Wide Web

Runtime verification meets android security

NFM'12 Proceedings of the 4th international conference on NASA Formal Methods

Android permissions: a perspective combining risks and benefits

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

RiskRanker: scalable and accurate zero-day android malware detection

Proceedings of the 10th international conference on Mobile systems, applications, and services

Android permissions: user attention, comprehension, and behavior

Proceedings of the Eighth Symposium on Usable Privacy and Security

ProfileDroid: multi-layer profiling of android applications

Proceedings of the 18th annual international conference on Mobile computing and networking

User-aware privacy control via extended static-information-flow analysis

Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering

Automatically securing permission-based software by reducing the attack surface: an application to Android

Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering

An evaluation of the Google Chrome extension security architecture

Security'12 Proceedings of the 21st USENIX conference on Security symposium

Aurasium: practical policy enforcement for Android applications

Security'12 Proceedings of the 21st USENIX conference on Security symposium

AdSplit: separating smartphone advertising from applications

Security'12 Proceedings of the 21st USENIX conference on Security symposium

AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing

Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing

Proceedings of the 2012 ACM Conference on Ubiquitous Computing

Dr. Android and Mr. Hide: fine-grained permissions in android applications

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Short paper: rethinking permissions for mobile web apps: barriers and the road ahead

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Short paper: enhancing users' comprehension of android permissions

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Short paper: enhancing mobile application permissions with runtime feedback and constraints

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Reducing attack surfaces for intra-application communication in android

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Understanding and improving app installation security mechanisms through empirical analysis of android

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications

Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices

Why eve and mallory love android: an analysis of android SSL (in)security

Proceedings of the 2012 ACM conference on Computer and communications security

PScout: analyzing the Android permission specification

Proceedings of the 2012 ACM conference on Computer and communications security

CHEX: statically vetting Android apps for component hijacking vulnerabilities

Proceedings of the 2012 ACM conference on Computer and communications security

Using probabilistic generative models for ranking risks of Android apps

Proceedings of the 2012 ACM conference on Computer and communications security

Towards verifying android apps for the absence of no-sleep energy bugs

HotPower'12 Proceedings of the 2012 USENIX conference on Power-Aware Computing and Systems

Automated concolic testing of smartphone apps

Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

Exposing security risks for commercial mobile devices

MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security

How expensive are free smartphone apps?

ACM SIGMOBILE Mobile Computing and Communications Review

Permission evolution in the Android ecosystem

Proceedings of the 28th Annual Computer Security Applications Conference

A conundrum of permissions: installing applications on an android smartphone

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security

Fast, scalable detection of "Piggybacked" mobile applications

Proceedings of the third ACM conference on Data and application security and privacy

AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users

Proceedings of the third ACM conference on Data and application security and privacy

A proposal for the privacy leakage verification tool for Android application developers

Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication

Towards unified authorization for android

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems

Towards an understanding of the impact of advertising on data leaks

International Journal of Security and Networks

MAST: triage for market-scale mobile malware analysis

Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks

ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing

Proceeding of the 11th annual international conference on Mobile systems, applications, and services

RetroSkeleton: retrofitting android apps

Proceeding of the 11th annual international conference on Mobile systems, applications, and services

A multi-dimensional measure for intrusion: the intrusiveness quality attribute

Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures

Privacy as part of the app decision-making process

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Mobile-sandbox: having a deeper look into android applications

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Slicing droids: program slicing for smali code

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Supporting visual security cues for WebView-based Android apps

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Juxtapp: a scalable system for detecting code reuse among android applications

DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

ADAM: an automatic and extensible platform to stress test android anti-virus systems

DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

MeadDroid: detecting monetary theft attacks in android by DVM monitoring

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

πBox: a platform for privacy-preserving apps

nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation

On the effectiveness of API-level access control using bytecode rewriting in Android

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security

Real-time detection and prevention of android SMS permission abuses

Proceedings of the first international workshop on Security in embedded systems and smartphones

Role mining algorithm evaluation and improvement in large volume android applications

Proceedings of the first international workshop on Security in embedded systems and smartphones

Asking for (and about) permissions used by Android apps

Proceedings of the 10th Working Conference on Mining Software Repositories

Is this app safe for children?: a comparison study of maturity ratings on Android and iOS applications

Proceedings of the 22nd international conference on World Wide Web

When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources

Proceedings of the Ninth Symposium on Usable Privacy and Security

Rise of the planet of the apps: a systematic study of the mobile app ecosystem

Proceedings of the 2013 conference on Internet measurement conference

Rethinking SSL development in an appified world

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Identity, location, disease and more: inferring your secrets from android public resources

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Vetting undesirable behaviors in android apps with permission use analysis

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

An empirical study of cryptographic misuse in android applications

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

The impact of vendor customizations on android security

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices

Sound and precise malware analysis for android via pushdown reachability and entry-point saturation

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices

Sleeping android: the danger of dormant permissions

Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices

Structural detection of android malware using embedded call graphs

Proceedings of the 2013 ACM workshop on Artificial intelligence and security

AndroSimilar: robust statistical feature signature for Android malware detection

Proceedings of the 6th International Conference on Security of Information and Networks

AFrame: isolating advertisements from mobile applications in Android

Proceedings of the 29th Annual Computer Security Applications Conference

FireDroid: hardening security in almost-stock Android

Proceedings of the 29th Annual Computer Security Applications Conference

Quantitative security risk assessment of android permissions and applications

DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII

The permission-based malicious behaviors monitoring model for the android OS

ICCSA'13 Proceedings of the 13th international conference on Computational Science and Its Applications - Volume 1

WHYPER: towards automating risk assessment of mobile applications

SEC'13 Proceedings of the 22nd USENIX conference on Security

Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis

SEC'13 Proceedings of the 22nd USENIX conference on Security

VeriDroid: automating Android application verification

Proceedings of the 2013 Middleware Doctoral Symposium

An operational semantics for android activities

Proceedings of the ACM SIGPLAN 2014 Workshop on Partial Evaluation and Program Manipulation

Wi-Fi access denial of service attack to smartphones

International Journal of Security and Networks

RiskMon: continuous and automated risk assessment of mobile applications

Proceedings of the 4th ACM conference on Data and application security and privacy

Systematic audit of third-party android phones

Proceedings of the 4th ACM conference on Data and application security and privacy

Compac: enforce component-level access control in android

Proceedings of the 4th ACM conference on Data and application security and privacy

Detecting mobile malware threats to homeland security through static analysis

Journal of Network and Computer Applications

Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?

Proceedings of the 23rd international conference on World wide web

A taxonomy of privilege escalation attacks in Android applications

International Journal of Security and Networks

Automatic detection of inter-application permission leaks in Android applications

IBM Journal of Research and Development

ipShield: a framework for enforcing context-aware privacy

NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation