{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T00:55:11Z","timestamp":1772844911081,"version":"3.50.1"},"reference-count":170,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/100017584","name":"SRM Institute of Science and Technology","doi-asserted-by":"publisher","award":["SRMAP\/URG\/SEED\/2024-25\/047"],"award-info":[{"award-number":["SRMAP\/URG\/SEED\/2024-25\/047"]}],"id":[{"id":"10.13039\/100017584","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers and Electrical Engineering"],"published-print":{"date-parts":[[2025,10]]},"DOI":"10.1016\/j.compeleceng.2025.110620","type":"journal-article","created":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T17:18:32Z","timestamp":1755883112000},"page":"110620","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":1,"special_numbering":"PB","title":["Unveiling Android security testing: A Comprehensive overview of techniques, challenges, and mitigation strategies"],"prefix":"10.1016","volume":"127","author":[{"given":"Durga Viswanath","family":"Palutla","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8801-4292","authenticated-orcid":false,"given":"Sriramulu","family":"Bojjagani","sequence":"additional","affiliation":[]},{"given":"Sai Charan Reddy","family":"Mula","sequence":"additional","affiliation":[]},{"given":"Ravi","family":"Uyyala","sequence":"additional","affiliation":[]},{"given":"Neeraj Kumar","family":"Sharma","sequence":"additional","affiliation":[]},{"given":"Mahesh Kumar","family":"Morampudi","sequence":"additional","affiliation":[]},{"given":"Muhammad Khurram","family":"Khan","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"key":"10.1016\/j.compeleceng.2025.110620_b1","series-title":"2023 3rd international conference on smart data intelligence","first-page":"216","article-title":"Security analysis on android application through penetration testing using reverse engineering","author":"Katoch","year":"2023"},{"issue":"4","key":"10.1016\/j.compeleceng.2025.110620_b2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3017427","article-title":"The evolution of android malware and android analysis techniques","volume":"49","author":"Tam","year":"2017","journal-title":"ACM Comput Surv"},{"key":"10.1016\/j.compeleceng.2025.110620_b3","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.102087","article-title":"Android security assessment: A review, taxonomy and research gap study","volume":"100","author":"Garg","year":"2021","journal-title":"Comput Secur"},{"key":"10.1016\/j.compeleceng.2025.110620_b4","first-page":"123","article-title":"Enhancing mobile security through comprehensive penetration testing","volume":"45","author":"Roshanaei","year":"2023","journal-title":"SpringerLink"},{"key":"10.1016\/j.compeleceng.2025.110620_b5","doi-asserted-by":"crossref","DOI":"10.1016\/j.cosrev.2023.100551","article-title":"Research communities in cyber security vulnerability assessments: A comprehensive literature review","volume":"48","author":"Heiding","year":"2023","journal-title":"Comput Sci Rev","ISSN":"https:\/\/id.crossref.org\/issn\/1574-0137","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2025.110620_b6","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1007\/s11416-014-0231-x","article-title":"An overview of vulnerability assessment and penetration testing techniques","volume":"11","author":"Shah","year":"2014","journal-title":"J Comput Virol Hacking Tech"},{"key":"10.1016\/j.compeleceng.2025.110620_b7","series-title":"Advances in signal processing and intelligent recognition systems","first-page":"671","article-title":"STAMBA: Security testing for android mobile banking apps","author":"Bojjagani","year":"2016"},{"key":"10.1016\/j.compeleceng.2025.110620_b8","series-title":"VAPTAi: A threat model for vulnerability assessment and penetration testing of android and iOS mobile banking apps","first-page":"77","author":"Bojjagani","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b9","doi-asserted-by":"crossref","DOI":"10.1016\/j.teler.2024.100130","article-title":"Android malware detection and identification frameworks by leveraging the machine and deep learning techniques: A comprehensive review","volume":"14","author":"Smmarwar","year":"2024","journal-title":"Telemat Inform Rep","ISSN":"https:\/\/id.crossref.org\/issn\/2772-5030","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2025.110620_b10","series-title":"BinderCracker: Assessing the robustness of android system services","author":"Feng","year":"2016"},{"key":"10.1016\/j.compeleceng.2025.110620_b11","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102833","article-title":"An in-depth review of machine learning based android malware detection","volume":"121","author":"Muzaffar","year":"2022","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2025.110620_b12","series-title":"Problem-space evasion attacks in the android OS: a survey","author":"Berger","year":"2022"},{"issue":"5","key":"10.1016\/j.compeleceng.2025.110620_b13","doi-asserted-by":"crossref","first-page":"543","DOI":"10.1016\/j.jksuci.2018.07.004","article-title":"Android data storage security: A review","volume":"32","author":"Altuwaijri","year":"2020","journal-title":"J King Saud Univ - Comput Inf Sci"},{"key":"10.1016\/j.compeleceng.2025.110620_b14","series-title":"BabelView: Evaluating the impact of code injection attacks in mobile webviews","author":"Rizzo","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b15","first-page":"1","article-title":"Assessment of zero-day vulnerability using machine learning approach","volume":"10","author":"Sakthimurugan","year":"2024","journal-title":"EAI Endorsed Trans Internet Things"},{"key":"10.1016\/j.compeleceng.2025.110620_b16","series-title":"2017 IEEE\/ACM 39th international conference on software engineering","first-page":"300","article-title":"Making malory behave maliciously: Targeted fuzzing of android execution environments","author":"Rasthofer","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b17","series-title":"Mobile cloud computing and its security, privacy and trust management challenges","first-page":"384","author":"Takabi","year":"2013"},{"issue":"1","key":"10.1016\/j.compeleceng.2025.110620_b18","first-page":"29","article-title":"FedDroid: Federated learning-based malware detection for android security","volume":"10","author":"Zhao","year":"2024","journal-title":"Trans Mob AI Secur"},{"issue":"4","key":"10.1016\/j.compeleceng.2025.110620_b19","first-page":"60","article-title":"Graph-based machine learning for anomaly detection in android security","volume":"15","author":"Xie","year":"2024","journal-title":"J Artif Intell Cybersecur"},{"issue":"5","key":"10.1016\/j.compeleceng.2025.110620_b20","article-title":"Mobile security: A comprehensive analysis of security analysis tools for android and iOS applications","volume":"11","author":"Kaur","year":"2020","journal-title":"Int J Adv Comput Sci Applications (IJACSA)"},{"key":"10.1016\/j.compeleceng.2025.110620_b21","article-title":"Developing a framework for enhancing security testing of android applications","volume":"23","author":"Lamina","year":"2024","journal-title":"World J Adv Res Rev"},{"key":"10.1016\/j.compeleceng.2025.110620_b22","series-title":"DroidFuzzer: Fuzzing the android apps with intent-filter tag","author":"Ye","year":"2013"},{"key":"10.1016\/j.compeleceng.2025.110620_b23","series-title":"Optimized security authentication protocols for network access nodes: A detailed performance and vulnerability assessment","author":"Ahamed","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b24","series-title":"2012 IEEE sixth international conference on software security and reliability companion","first-page":"35","article-title":"A framework for automated security testing of android applications on the cloud","author":"Malek","year":"2012"},{"key":"10.1016\/j.compeleceng.2025.110620_b25","unstructured":"Bonett R, Kafle K, Moran K, Nadkarni A, Poshyvanyk D. Discovering flaws in {Security\u2212Focused} static analysis tools for android using systematic mutation. In: 27th USeNIX security symposium. 2018, p. 1263\u201380."},{"key":"10.1016\/j.compeleceng.2025.110620_b26","unstructured":"Wang J, Li Y, Zhang Q. APIAnalyzer: Analyzing API Exposure in Android Applications. In: Proceedings of the 2022 IEEE international conference on mobile software engineering and systems. 2022."},{"key":"10.1016\/j.compeleceng.2025.110620_b27","series-title":"Banking ransomware attack data","author":"Cox","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b28","series-title":"A case study of penetration testing for android devices","author":"Muka","year":"2019"},{"key":"10.1016\/j.compeleceng.2025.110620_b29","series-title":"Popular android app with over 5 million downloads exposes user data","author":"Murphy","year":"2022"},{"issue":"8","key":"10.1016\/j.compeleceng.2025.110620_b30","first-page":"1","article-title":"Deep learning for android malware defenses: a systematic literature review","volume":"55","author":"Liu","year":"2022","journal-title":"ACM Comput Surv"},{"key":"10.1016\/j.compeleceng.2025.110620_b31","series-title":"Scareware ransomware attacks: The digital nightmare unveiled","author":"Boss","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b32","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2024.3453433","article-title":"A systematic review on blockchain-enabled internet of vehicles (biov): challenges, defences and future research directions","author":"Surapaneni","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.compeleceng.2025.110620_b33","series-title":"2017 international conference on cyber security and protection of digital services (cyber security)","first-page":"1","article-title":"Improving dynamic analysis of android apps using hybrid test input generation","author":"Alzaylaee","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b34","series-title":"Android mobile device forensics: A review","first-page":"1","author":"Alsaadawi","year":"2019"},{"key":"10.1016\/j.compeleceng.2025.110620_b35","series-title":"Xenomorph banking trojan: A new variant targeting 35+ U.S. financial institutions","author":"Lakshmanan","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b36","series-title":"The art of deception: controlling the human element of security","author":"Mitnick","year":"2002"},{"issue":"1","key":"10.1016\/j.compeleceng.2025.110620_b37","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1109\/TR.2018.2865733","article-title":"Automated testing of android apps: A systematic literature review","volume":"68","author":"Kong","year":"2019","journal-title":"IEEE Trans Reliab"},{"key":"10.1016\/j.compeleceng.2025.110620_b38","doi-asserted-by":"crossref","DOI":"10.1109\/TITS.2025.3545755","article-title":"Dynamic-trust: blockchain-enhanced trust for secure vehicle transitions in intelligent transport systems","author":"Surapaneni","year":"2025","journal-title":"IEEE Trans Intell Trans Syst"},{"key":"10.1016\/j.compeleceng.2025.110620_b39","series-title":"2012 IEEE symposium on security and privacy","first-page":"95","article-title":"Dissecting android malware: Characterization and evolution","author":"Zhou","year":"2012"},{"key":"10.1016\/j.compeleceng.2025.110620_b40","series-title":"2023 international conference on engineering applied and nano sciences","first-page":"13","article-title":"Analysis of SQLMAP efficacy in exploiting SQL injection vulnerabilities in web applications: A case study on DVWA","author":"Abdullah","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b41","series-title":"OWASP mobile application security verification standard (MASVS)","author":"OWASP","year":"2018"},{"key":"10.1016\/j.compeleceng.2025.110620_b42","series-title":"Advanced penetration testing: hacking the world\u2019s most secure networks","author":"Allsopp","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b43","article-title":"A taxonomy of security testing for android applications","author":"Enck","year":"2019","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.compeleceng.2025.110620_b44","series-title":"Threat modeling: designing for security","author":"Shostack","year":"2018"},{"key":"10.1016\/j.compeleceng.2025.110620_b45","series-title":"Technical guide to information security testing and assessment","author":"NIST","year":"2008"},{"key":"10.1016\/j.compeleceng.2025.110620_b46","series-title":"Penetration testing execution standard (PTES)","author":"Organization","year":"2014"},{"key":"10.1016\/j.compeleceng.2025.110620_b47","series-title":"OWASP testing guide v4","author":"pentest standard","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b48","doi-asserted-by":"crossref","unstructured":"Felt AP, Chin E, Hanna S. Android Permissions Demystified. In: Proceedings of the 18th ACM conference on computer and communications security. 2011, p. 627\u201338.","DOI":"10.1145\/2046707.2046779"},{"key":"10.1016\/j.compeleceng.2025.110620_b49","series-title":"STRIDE threat model","author":"Lifecycle","year":"2014"},{"key":"10.1016\/j.compeleceng.2025.110620_b50","series-title":"PASTA threat modeling methodology","author":"OWASP","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b51","series-title":"DREAD threat model","author":"SDL","year":"2005"},{"key":"10.1016\/j.compeleceng.2025.110620_b52","series-title":"Threat modeling security engineering","author":"Microsoft","year":"2015"},{"key":"10.1016\/j.compeleceng.2025.110620_b53","series-title":"PLDI","article-title":"FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis","author":"Arzt","year":"2014"},{"issue":"3","key":"10.1016\/j.compeleceng.2025.110620_b54","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3183575","article-title":"Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps","volume":"21","author":"Wei","year":"2018","journal-title":"ACM Trans Priv Secur (TOPS)"},{"key":"10.1016\/j.compeleceng.2025.110620_b55","series-title":"ICSE","article-title":"IC3: Inter-component communication analysis tool","author":"Li","year":"2015"},{"key":"10.1016\/j.compeleceng.2025.110620_b56","series-title":"BlackHat USA","article-title":"ProGuard: Pitfalls and security implications","author":"Peles","year":"2019"},{"key":"10.1016\/j.compeleceng.2025.110620_b57","series-title":"NDSS","article-title":"Drebin: Effective and explainable detection of android malware","author":"Arp","year":"2014"},{"key":"10.1016\/j.compeleceng.2025.110620_b58","doi-asserted-by":"crossref","DOI":"10.1016\/j.diin.2016.04.013","article-title":"Fingerprinting android packaging: Generating DNAs for malware detection","volume":"18","author":"Karbab","year":"2016","journal-title":"Digit Investig"},{"key":"10.1016\/j.compeleceng.2025.110620_b59","article-title":"Hybrid analysis for android malware detection","author":"Zhou","year":"2018","journal-title":"IEEE security and privacy"},{"key":"10.1016\/j.compeleceng.2025.110620_b60","series-title":"OSDI","article-title":"TaintDroid: An information-flow tracking system for realtime privacy monitoring","author":"Enck","year":"2010"},{"key":"10.1016\/j.compeleceng.2025.110620_b61","series-title":"Metasploit framework","author":"Rapid7","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b62","series-title":"Penetration testing with kali linux","author":"Loveless","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b63","series-title":"Cloud-based mobile malware detection","author":"Oberheide","year":"2012"},{"key":"10.1016\/j.compeleceng.2025.110620_b64","series-title":"OWASP top 10 application security risks","author":"van Wichers","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b65","article-title":"Security analysis of android app components","author":"Zhu","year":"2014","journal-title":"IEEE Commun Surv Tutorials"},{"key":"10.1016\/j.compeleceng.2025.110620_b66","article-title":"Automated analysis and exploitation of android apps","author":"Li","year":"2020","journal-title":"J Syst Softw"},{"key":"10.1016\/j.compeleceng.2025.110620_b67","series-title":"CCS","article-title":"Apposcopy: Semantics-based detection of android malware","author":"Feng","year":"2014"},{"key":"10.1016\/j.compeleceng.2025.110620_b68","article-title":"Analyzing inter-application communication in android","author":"Chin","year":"2011","journal-title":"MobiSys"},{"key":"10.1016\/j.compeleceng.2025.110620_b69","article-title":"Session hijacking attack and countermeasures","author":"Guri","year":"2015","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.compeleceng.2025.110620_b70","series-title":"Metasploit: The penetration tester\u2019s guide","author":"Moore","year":"2011"},{"key":"10.1016\/j.compeleceng.2025.110620_b71","series-title":"CVSS: Common vulnerability scoring system v3","author":"Organization","year":"2019"},{"key":"10.1016\/j.compeleceng.2025.110620_b72","series-title":"Threat modeling","author":"Swiderski","year":"2004"},{"key":"10.1016\/j.compeleceng.2025.110620_b73","series-title":"COBIT 5 for information security","author":"ISACA","year":"2012"},{"key":"10.1016\/j.compeleceng.2025.110620_b74","series-title":"PenTestersLab academy","author":"PenTestersLab","year":"2022"},{"key":"10.1016\/j.compeleceng.2025.110620_b75","series-title":"Payment card industry data security standard v4","author":"SSC","year":"2022"},{"key":"10.1016\/j.compeleceng.2025.110620_b76","article-title":"MASHaal: Enabling secure app distribution","author":"Amrutkar","year":"2015","journal-title":"IEEE Trans Mob Comput"},{"key":"10.1016\/j.compeleceng.2025.110620_b77","series-title":"Bishop fox red team field manual","author":"Fox","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b78","article-title":"Piotr: Fine-grained policy enforcement for android apps","author":"Egele","year":"2011","journal-title":"NDSS"},{"key":"10.1016\/j.compeleceng.2025.110620_b79","series-title":"Android security paper 2024","author":"Developers","year":"2024"},{"key":"10.1016\/j.compeleceng.2025.110620_b80","first-page":"12009","article-title":"A comprehensive survey on security vulnerabilities in android applications","volume":"9","author":"Usama","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.compeleceng.2025.110620_b81","unstructured":"Chen J, Li X, Zhang Y. SecretScanner: Detecting Hardcoded Secrets in Android Applications. In: Proceedings of the 2021 ACM conference on computer and communications security. 2021."},{"issue":"12","key":"10.1016\/j.compeleceng.2025.110620_b82","doi-asserted-by":"crossref","first-page":"384","DOI":"10.1109\/TSE.2024.3488041","article-title":"A comprehensive study on static application security testing (SAST) tools for android","volume":"50","author":"Zhu","year":"2024","journal-title":"IEEE Trans Softw Eng"},{"key":"10.1016\/j.compeleceng.2025.110620_b83","first-page":"154","article-title":"Security testing of android applications: A survey","volume":"37","author":"Kora","year":"2022","journal-title":"J Comput Sci Tech"},{"key":"10.1016\/j.compeleceng.2025.110620_b84","unstructured":"Nmap The network mapper, Online resource. URL https:\/\/nmap.org\/."},{"key":"10.1016\/j.compeleceng.2025.110620_b85","unstructured":"Burp Suite by PortSwigger, Online resource. URL https:\/\/portswigger.net\/burp."},{"key":"10.1016\/j.compeleceng.2025.110620_b86","unstructured":"Popescu A, Hurni D, Dumitru I, Buda C. Android Security: An Analysis of Android Mobile Platform Security Vulnerabilities. In: Proceedings of the 2014 international conference on system safety and security. 2014."},{"key":"10.1016\/j.compeleceng.2025.110620_b87","series-title":"Software security: building security in","author":"McGraw","year":"2006"},{"key":"10.1016\/j.compeleceng.2025.110620_b88","series-title":"Nessus documentation","author":"Tenable","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b89","series-title":"Wireshark","author":"Wireshark Foundation","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b90","series-title":"Social-engineer toolkit SET: A penetration testing framework","author":"Kennedy","year":"2010"},{"issue":"4","key":"10.1016\/j.compeleceng.2025.110620_b91","doi-asserted-by":"crossref","first-page":"2091","DOI":"10.1109\/SURV.2013.032213.00009","article-title":"Phishing detection: A literature survey","volume":"15","author":"M. Khonji","year":"2013","journal-title":"IEEE Commun Surv Tutorials"},{"issue":"3","key":"10.1016\/j.compeleceng.2025.110620_b92","first-page":"464","article-title":"Open source intelligence (OSINT): Issues and opportunities","volume":"32","author":"Hulbert","year":"2019","journal-title":"Int J Intell CounterIntelligence"},{"key":"10.1016\/j.compeleceng.2025.110620_b93","series-title":"Core impact: Advanced penetration testing tools","author":"Technologies","year":"2023"},{"issue":"3","key":"10.1016\/j.compeleceng.2025.110620_b94","article-title":"Artificial intelligence techniques for web security: A review","volume":"4","author":"Wang","year":"2021","journal-title":"Secur Priv"},{"key":"10.1016\/j.compeleceng.2025.110620_b95","series-title":"Continuous monitoring: closing the gap between attack and detection","author":"Johnson","year":"2014"},{"issue":"4","key":"10.1016\/j.compeleceng.2025.110620_b96","first-page":"228","article-title":"SQL injection detection techniques: A survey","volume":"32","author":"B. Halfond","year":"2006","journal-title":"IEEE Trans Softw Eng"},{"key":"10.1016\/j.compeleceng.2025.110620_b97","series-title":"Openvas documentation","author":"Greenbone Networks","year":"2023"},{"issue":"1","key":"10.1016\/j.compeleceng.2025.110620_b98","article-title":"Penetration testing as a service (ptaas): Trends and challenges","volume":"8","author":"Smith","year":"2022","journal-title":"J Cybersecur"},{"key":"10.1016\/j.compeleceng.2025.110620_b99","series-title":"Systematically detecting access control flaws in the android framework","author":"El-Rewini","year":"2022"},{"key":"10.1016\/j.compeleceng.2025.110620_b100","series-title":"Vulnerability assessment and penetration testing: A portable solution implementation","first-page":"398","author":"Pandey","year":"2020"},{"key":"10.1016\/j.compeleceng.2025.110620_b101","series-title":"Tales from the Git: Automating the detection of secrets on code and assessing developers\u2019 passwords choices","first-page":"68","author":"Lykousas","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b102","doi-asserted-by":"crossref","unstructured":"Fahl S, Harbach M, Perl K, Smith M, Sadeghi A-R, Dornseif M. Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security. In: Proceedings of the 21st USeNIX security symposium. 2012.","DOI":"10.1145\/2382196.2382205"},{"key":"10.1016\/j.compeleceng.2025.110620_b103","unstructured":"Rastogi A, Ristenpart T, Shmatikov V. Catching Android Intents in the Wild. In: Proceedings of the 19th ACM Conference on Computer and Communications Security. 2013."},{"key":"10.1016\/j.compeleceng.2025.110620_b104","unstructured":"Wei W, Wu S, Xiao Y, Chen W, Zhang X. Android: A Security Review and Analysis of the Android Operating System. In: Proceedings of the 17th international conference on information security. 2012."},{"key":"10.1016\/j.compeleceng.2025.110620_b105","unstructured":"Chen Z, Zhang Y, Wu Q, Xu D. Android Deserialization Vulnerabilities: Analysis and Mitigation. In: Proceedings of the 2016 IEEE international conference on computer security and privacy. 2016."},{"key":"10.1016\/j.compeleceng.2025.110620_b106","series-title":"A09:2021 \u2013 security logging and monitoring failures","author":"Foundation","year":"2025"},{"key":"10.1016\/j.compeleceng.2025.110620_b107","unstructured":"Zhang Y, Li X, Wang H. Insecure Inter-Component Communication Detection in Android Applications. In: Proceedings of the 2022 IEEE international conference on software security and assurance. 2022."},{"key":"10.1016\/j.compeleceng.2025.110620_b108","unstructured":"Shabtai A, Fledel Y, Elovici Y. AndroGuard: A Comprehensive Framework for Analyzing Android Applications. In: Proceedings of the 2017 ACM conference on computer and communications security. 2017."},{"key":"10.1016\/j.compeleceng.2025.110620_b109","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.104262","article-title":"MPDroid: A multimodal pre-training android malware detection method with static and dynamic features","volume":"150","author":"Zhang","year":"2025","journal-title":"Comput Secur","ISSN":"https:\/\/id.crossref.org\/issn\/0167-4048","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2025.110620_b110","series-title":"2023 IEEE 34th international symposium on software reliability engineering","first-page":"403","article-title":"Effectively finding ICC-related bugs in android apps via reinforcement learning","author":"Guo","year":"2023"},{"issue":"3","key":"10.1016\/j.compeleceng.2025.110620_b111","doi-asserted-by":"crossref","DOI":"10.3390\/s25030700","article-title":"A review on secure authentication mechanisms for mobile security","volume":"25","author":"Hasan","year":"2025","journal-title":"Sensors"},{"key":"10.1016\/j.compeleceng.2025.110620_b112","series-title":"2021 international conference on software engineering & computer systems and 4th international conference on computational science and information management","first-page":"427","article-title":"Secure storage of data on devices-android based","author":"Saeed","year":"2021"},{"key":"10.1016\/j.compeleceng.2025.110620_b113","series-title":"2024 IEEE\/ACM 46th international conference on software engineering: companion proceedings","first-page":"99","article-title":"APICIA: An API change impact analyzer for android apps","author":"Mahmud","year":"2024"},{"key":"10.1016\/j.compeleceng.2025.110620_b114","series-title":"2020 international conference on computer, control, electrical, and electronics engineering","first-page":"1","article-title":"A new system for user authentication using android application","author":"Mohammed","year":"2021"},{"key":"10.1016\/j.compeleceng.2025.110620_b115","series-title":"2013 international conference on privacy and security in mobile systems","first-page":"1","article-title":"SecureDroid: An android security framework extension for context-aware policy enforcement","author":"Arena","year":"2013"},{"key":"10.1016\/j.compeleceng.2025.110620_b116","series-title":"2012 32nd international conference on distributed computing systems workshops","first-page":"608","article-title":"Analysis of malicious and benign android applications","author":"Alazab","year":"2012"},{"key":"10.1016\/j.compeleceng.2025.110620_b117","series-title":"2019 34th IEEE\/ACM international conference on automated software engineering workshop","first-page":"19","article-title":"SeMA: A design methodology for building secure android apps","author":"Mitra","year":"2019"},{"key":"10.1016\/j.compeleceng.2025.110620_b118","series-title":"2021 IEEE symposium on security and privacy","first-page":"1972","article-title":"CRYLOGGER: Detecting crypto misuses dynamically","author":"Piccolboni","year":"2021"},{"key":"10.1016\/j.compeleceng.2025.110620_b119","series-title":"2017 IEEE\/ACM 4th international conference on mobile software engineering and systems","first-page":"58","article-title":"Towards architectural styles for android app software product lines","author":"D\u00fcrschmid","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b120","unstructured":"Zhang H, Li Y, Wang J. SecureDesign: Integrating Security into the Android Application Design Phase. In: Proceedings of the 2021 ACM conference on software engineering. 2021."},{"key":"10.1016\/j.compeleceng.2025.110620_b121","doi-asserted-by":"crossref","unstructured":"Chaudhari S, Maurya V, Singh V, Tomar S, Rajan A, Rawat A. Real time logs and traffic monitoring, analysis and visualization setup for IT security enhancement. In: 5th international conference on next generation computing technologies. 2020.","DOI":"10.2139\/ssrn.3527383"},{"key":"10.1016\/j.compeleceng.2025.110620_b122","series-title":"A comparative analysis of certificate pinning in Android & iOS","isbn-type":"print","author":"Pradeep","year":"2022","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450392594"},{"key":"10.1016\/j.compeleceng.2025.110620_b123","series-title":"2023 International conference on networking and communications (ICNWC)","first-page":"1","article-title":"A secure mechanism for prevention of vishing attack in banking system","author":"Brabin","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b124","series-title":"2020 IEEE international conference for innovation in technology","first-page":"1","article-title":"Cloud storage security risks, practices and measures: A review","author":"Syed","year":"2020"},{"key":"10.1016\/j.compeleceng.2025.110620_b125","series-title":"Proceedings of the 2023 ACM SIGSOFT international symposium on software testing and analysis","article-title":"Comparison and evaluation on static application security testing (SAST) tools for java","author":"Papers","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b126","series-title":"An empirical study of static analysis tools for secure code review","author":"Charoenwet","year":"2024"},{"key":"10.1016\/j.compeleceng.2025.110620_b127","first-page":"422","article-title":"Marvin: Efficient and comprehensive mobile app classification through static and dynamic analysis","volume":"vol. 2","author":"Lindorfer","year":"2015"},{"key":"10.1016\/j.compeleceng.2025.110620_b128","article-title":"Dynamic security analysis on android: A systematic literature review","author":"Sutter","year":"2024","journal-title":"Digit Collect"},{"key":"10.1016\/j.compeleceng.2025.110620_b129","series-title":"Automated dynamic analysis of ransomware: Benefits, limitations and use for detection","author":"Sgandurra","year":"2016"},{"key":"10.1016\/j.compeleceng.2025.110620_b130","series-title":"Security and privacy in communication networks","article-title":"Detection of configuration vulnerabilities in distributed (web) environments","author":"Casalino","year":"2013"},{"key":"10.1016\/j.compeleceng.2025.110620_b131","doi-asserted-by":"crossref","first-page":"2372","DOI":"10.1016\/j.procs.2017.08.216","article-title":"Evaluating convolutional neural network for effective mobile malware detection","volume":"112","author":"Martinelli","year":"2017","journal-title":"Procedia Comput Sci"},{"key":"10.1016\/j.compeleceng.2025.110620_b132","unstructured":"Bodden E, Lakhani A. FlowDroid: Precise dynamic taint analysis for Android. In: Proceedings of the international conference on automated software engineering. 2014, p. 255\u201366."},{"issue":"1","key":"10.1016\/j.compeleceng.2025.110620_b133","doi-asserted-by":"crossref","DOI":"10.1111\/exsy.13488","article-title":"Android malware analysis and detection: A systematic review","volume":"42","author":"Dahiya","year":"2025","journal-title":"Expert Syst"},{"issue":"2","key":"10.1016\/j.compeleceng.2025.110620_b134","doi-asserted-by":"crossref","DOI":"10.1002\/spy2.361","article-title":"Enhancing android application security: A novel approach using DroidXGB for malware detection based on permission analysis","volume":"7","author":"Kumar","year":"2023","journal-title":"Security Privacy"},{"issue":"5","key":"10.1016\/j.compeleceng.2025.110620_b135","doi-asserted-by":"crossref","first-page":"543","DOI":"10.1016\/j.jksuci.2018.07.004","article-title":"Android data storage security: A review","volume":"32","author":"Altuwaijri","year":"2020","journal-title":"J King Saud University-Computer Inf Sci"},{"key":"10.1016\/j.compeleceng.2025.110620_b136","series-title":"2014 IEEE\/ACS 11th international conference on computer systems and applications","first-page":"253","article-title":"Mobile malware exposed","author":"Salman","year":"2014"},{"key":"10.1016\/j.compeleceng.2025.110620_b137","unstructured":"Cheng J, Wang J. AppMon: Hybrid Android app security analysis. In: Proceedings of the international conference on computer science and software engineering. 2015, p. 332\u20139."},{"key":"10.1016\/j.compeleceng.2025.110620_b138","unstructured":"Qu Z, Alam S, Chen Y, Zhou X, Hong W, Riley R. DyDroid: Measuring Dynamic Code Loading and Its Security Implications in Android Applications. In: Proceedings of the 22nd ACM on symposium on access control models and technologies. 2017, p. 1\u201312."},{"key":"10.1016\/j.compeleceng.2025.110620_b139","series-title":"2023 IEEE\/ACM 10th international conference on mobile software engineering and systems","first-page":"12","article-title":"FirmwareDroid: Towards automated static analysis of pre-installed android apps","author":"Sutter","year":"2023"},{"key":"10.1016\/j.compeleceng.2025.110620_b140","series-title":"AUSERA: Automated Security Vulnerability Detection for Android Apps","isbn-type":"print","author":"Chen","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450394758"},{"key":"10.1016\/j.compeleceng.2025.110620_b141","series-title":"2021 IEEE\/ACM 18th international conference on mining software repositories","first-page":"600","article-title":"Andror2: A dataset of manually-reproduced bug reports for android apps","author":"Wendland","year":"2021"},{"key":"10.1016\/j.compeleceng.2025.110620_b142","series-title":"2017 IEEE\/ACM 4th international conference on mobile software engineering and systems","first-page":"13","article-title":"The soot-based toolchain for analyzing android apps","author":"Arzt","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b143","series-title":"Corporate cybersecurity: identifying risks and the bug bounty program","first-page":"13","article-title":"Assessing current vulnerability management processes","author":"Jackson","year":"2022"},{"key":"10.1016\/j.compeleceng.2025.110620_b144","series-title":"2016 IEEE international conference on computer and information technology","first-page":"476","article-title":"An android malware detection approach using Bayesian inference","author":"Liu","year":"2016"},{"key":"10.1016\/j.compeleceng.2025.110620_b145","series-title":"2021 IEEE\/ACM 18th international conference on mining software repositories","first-page":"131","article-title":"An empirical study of OSS-fuzz bugs","author":"Ding","year":"2021"},{"key":"10.1016\/j.compeleceng.2025.110620_b146","series-title":"Advances in Signal Processing and Intelligent Recognition Systems: Proceedings of Second International Symposium on Signal Processing and Intelligent Recognition Systems (SIRS-2015) December 16-19, 2015, Trivandrum, India","first-page":"671","article-title":"Stamba: security testing for android mobile banking apps","author":"Bojjagani","year":"2015"},{"key":"10.1016\/j.compeleceng.2025.110620_b147","series-title":"2022 6th international conference on electronics, communication and aerospace technology","first-page":"651","article-title":"Burp suite extension for script based attacks for web applications","author":"Kore","year":"2022"},{"key":"10.1016\/j.compeleceng.2025.110620_b148","series-title":"2022 IEEE 6th advanced information technology, electronic and automation control conference","first-page":"586","article-title":"Research on personal privacy security detection technology for android application","author":"Chao","year":"2022"},{"key":"10.1016\/j.compeleceng.2025.110620_b149","series-title":"2021 11th IFIP international conference on new technologies, mobility and security","first-page":"1","article-title":"Security assessment for zenbo robot using drozer and mobsf frameworks","author":"Yankson","year":"2021"},{"issue":"12","key":"10.1016\/j.compeleceng.2025.110620_b150","first-page":"407","article-title":"Frida: A framework for android runtime instrumentation","volume":"8","author":"Rafique","year":"2017","journal-title":"Int J Adv Comput Sci Applications (IJACSA)"},{"key":"10.1016\/j.compeleceng.2025.110620_b151","doi-asserted-by":"crossref","DOI":"10.1016\/j.jisa.2024.103741","article-title":"Defendroid: Real-time android code vulnerability detection via blockchain federated neural network with XAI","volume":"82","author":"Senanayake","year":"2024","journal-title":"J Inf Secur Appl","ISSN":"https:\/\/id.crossref.org\/issn\/2214-2126","issn-type":"print"},{"key":"10.1016\/j.compeleceng.2025.110620_b152","doi-asserted-by":"crossref","unstructured":"Amir S, Priambodo DF, Ajhari AA, Widyasuri A. Analysis of Fraud Attacks Using Android Package Kit in Indonesia. In: 2024 international conference on computer, control, informatics and its applications. 2024.","DOI":"10.1109\/IC3INA64086.2024.10732435"},{"key":"10.1016\/j.compeleceng.2025.110620_b153","doi-asserted-by":"crossref","unstructured":"Abdullah H, Zeebaree SRM. Android Mobile Applications Vulnerabilities and Prevention Methods: A Review. In: 2021 2nd information technology to enhance e-learning and other application. 2021.","DOI":"10.1109\/IT-ELA52201.2021.9773615"},{"key":"10.1016\/j.compeleceng.2025.110620_b154","series-title":"Needle: A penetration testing tool for iOS","author":"WithSecureLabs","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b155","series-title":"2021 51st annual IEEE\/iFIP international conference on dependable systems and networks","first-page":"543","article-title":"When program analysis meets bytecode search: Targeted and efficient inter-procedural analysis of modern android apps in BackDroid","author":"Wu","year":"2021"},{"key":"10.1016\/j.compeleceng.2025.110620_b156","series-title":"JEB decompiler: A reverse engineering tool for android APKs","author":"Software","year":"2015"},{"key":"10.1016\/j.compeleceng.2025.110620_b157","doi-asserted-by":"crossref","unstructured":"Graa M, Boulahia NC, Cuppens F, Cavalliy A. Protection against Code Obfuscation Attacks Based on Control Dependencies in Android Systems. In: 2014 IEEE eighth international conference on software security and reliability-companion. 2014.","DOI":"10.1109\/SERE-C.2014.33"},{"key":"10.1016\/j.compeleceng.2025.110620_b158","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2018.2883973","article-title":"Function recognition in stripped binary of embedded devices","author":"Yin","year":"2018","journal-title":"IEEE Access"},{"key":"10.1016\/j.compeleceng.2025.110620_b159","unstructured":"Giori G, Manchado F. IDA Pro: A comprehensive disassembler and debugger for security testing."},{"key":"10.1016\/j.compeleceng.2025.110620_b160","doi-asserted-by":"crossref","DOI":"10.1109\/ACCESS.2018.2808340","article-title":"A comparison of android reverse engineering tools via program behaviors validation based on intermediate languages transformation","author":"Arnatovich","year":"2018","journal-title":"IEEE Access"},{"issue":"3","key":"10.1016\/j.compeleceng.2025.110620_b161","first-page":"25","article-title":"Ghidra: A software reverse engineering tool by the NSA","volume":"17","author":"Farrell","year":"2019","journal-title":"IEEE Secur Priv"},{"key":"10.1016\/j.compeleceng.2025.110620_b162","series-title":"Network security principles and practices","author":"Malik","year":"2003"},{"key":"10.1016\/j.compeleceng.2025.110620_b163","series-title":"Guide to internet cryptography: security protocols and real-world attack implications","first-page":"267","article-title":"Attacks on SSL and TLS","author":"Schwenk","year":"2022"},{"issue":"3","key":"10.1016\/j.compeleceng.2025.110620_b164","doi-asserted-by":"crossref","DOI":"10.1002\/spy2.370","article-title":"Analysis of SQL injection attacks in the cloud and in WEB applications","volume":"7","author":"Kumar","year":"2024","journal-title":"Security Privacy"},{"key":"10.1016\/j.compeleceng.2025.110620_b165","unstructured":"Zhao Y, Li J, Zhang H. SessionGuard: Enhancing Session Management Security in Android Applications. In: Proceedings of the 2022 IEEE European symposium on security and privacy. 2022."},{"key":"10.1016\/j.compeleceng.2025.110620_b166","series-title":"Proceedings of the internet measurement conference","first-page":"1","article-title":"Analyzing the cross-platform pinning policy of applications using SSL pinning","author":"Bhandari","year":"2017"},{"key":"10.1016\/j.compeleceng.2025.110620_b167","series-title":"Cross-site scripting attacks on android WebView","author":"Bhavani","year":"2013"},{"key":"10.1016\/j.compeleceng.2025.110620_b168","unstructured":"Wang Y, Li X, Zhang L. CryptoChecker: Detecting Cryptographic Weaknesses in Android Applications. In: Proceedings of the 2021 IEEE international conference on software security and assurance. 2021."},{"key":"10.1016\/j.compeleceng.2025.110620_b169","unstructured":"Li Z, Wang X, Zhang Y. SecPolicyChecker: Verifying Security Policies in Android Applications. In: Proceedings of the 2023 ACM conference on computer and communications security. 2023."},{"issue":"2","key":"10.1016\/j.compeleceng.2025.110620_b170","first-page":"46","article-title":"Cryptographic algorithms: A review of the literature, weaknesses and open challenges","volume":"16","author":"Salami","year":"2023","journal-title":"J Comput Robot"}],"container-title":["Computers and Electrical Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0045790625005634?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0045790625005634?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T14:43:48Z","timestamp":1772808228000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0045790625005634"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10]]},"references-count":170,"alternative-id":["S0045790625005634"],"URL":"https:\/\/doi.org\/10.1016\/j.compeleceng.2025.110620","relation":{},"ISSN":["0045-7906"],"issn-type":[{"value":"0045-7906","type":"print"}],"subject":[],"published":{"date-parts":[[2025,10]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Unveiling Android security testing: A Comprehensive overview of techniques, challenges, and mitigation strategies","name":"articletitle","label":"Article Title"},{"value":"Computers and Electrical Engineering","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.compeleceng.2025.110620","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2025 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"110620"}}