| CARVIEW |
Select Language
HTTP/2 301
server: GitHub.com
content-type: text/html
location: https://lilicoding.github.io/SA3Repo/
x-github-request-id: A3A1:292AC1:886255:993A42:69523D46
accept-ranges: bytes
age: 0
date: Mon, 29 Dec 2025 08:35:18 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210025-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1766997318.488584,VS0,VE199
vary: Accept-Encoding
x-fastly-request-id: 1d09291bfb394b41438bf1000186b2c681131851
content-length: 162
HTTP/2 200
server: GitHub.com
content-type: text/html; charset=utf-8
last-modified: Wed, 02 Nov 2016 17:07:39 GMT
access-control-allow-origin: *
etag: W/"581a1d5b-b7f"
expires: Mon, 29 Dec 2025 08:45:18 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 6152:272D88:893FFD:9A15FE:69523D45
accept-ranges: bytes
age: 0
date: Mon, 29 Dec 2025 08:35:18 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210025-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1766997319.717012,VS0,VE220
vary: Accept-Encoding
x-fastly-request-id: e1645cabe5917d03be15752214771cda57bcce9e
content-length: 1416
Repository of Static Analysis of Android Apps
SA3Repo: Static Analysis of Android Apps Repository
* This repository will be continously maintained and updated. If you have any suggestion (e.g., reporting errors, updating some items, or proposing new relevant publications), please let us know through the github issue system (GO).
Context
Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps.Objective
We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put and enumerate the key aspects where future researches are still needed.Method
We have performed a systematic literature review which involves studying around 124 research papers published in software engineering, programming languages and security venues. This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed.Results
Our in-depth examination have led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available.Conclusion
The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers.