Today's smartphones are a ubiquitous source of private and confidential data. At the same
time, smartphone users are plagued by carelessly programmed apps that leak important …

We present a new approach to static analysis for security vetting of Android apps and a
general framework called Amandroid. Amandroid determines points-to information for all …

We present Apposcopy, a new semantics-based approach for identifying a prevalent class of
Android malware that steals private user information. Apposcopy incorporates (i) a high …

How do we know a program does what it claims to do? After clustering Android apps by their
description topics, we identify outliers in each cluster with respect to their API usage. A" …

Android smartphones are becoming increasingly popular. The open nature of Android
allows users to install miscellaneous applications, including the malicious ones, from third …

Methods, devices and systems for detecting suspicious or performance-degrading mobile
device behaviors intelligently, dynamically, and/or adaptively determine computing device …

The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …

We propose a type-based taint analysis for Android. Concretely, we present DFlow, a
context-sensitive information flow type system, and DroidInfer, the corresponding type …

Most application code evolves incrementally, and especially so when being maintained after
the applications have been deployed. Yet, most data-flow analyses do not take advantage of …

Implicit or indirect control flow is a transfer of control between procedures using some
mechanism other than an explicit procedure call. Implicit control flow is a staple design …