DroidReach++: Exploring the reachability of native code in android applications

Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPU-intensive tasks or interact at a low level with specific hardware, such as performing specialized GPU rendering. Recent research on Android security has revealed that these libraries are frequentl...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security Vol. 159; p. 104657
Main Authors: Borzacchiello, Luca, Cornacchia, Matteo, Maiorca, Davide, Giacinto, Giorgio, Coppa, Emilio
Format: Journal Article
Language:English
Published: Elsevier Ltd 01.12.2025
Subjects:
Android
Mobile security
Static analysis
Mobile security
Static analysis
Android
ISSN:0167-4048
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPU-intensive tasks or interact at a low level with specific hardware, such as performing specialized GPU rendering. Recent research on Android security has revealed that these libraries are frequently adopted by third-party developers and may pose security risks if not regularly updated, as publicly disclosed vulnerabilities in outdated libraries can be exploited by malicious actors. To determine whether these known vulnerabilities represent an immediate and tangible threat, it is essential to assess whether the vulnerable functions can be executed during application runtime – a research problem commonly known as function reachability. In this article, we introduce DroidReach++, a novel static analysis approach for evaluating the reachability of native function calls in Android applications. Our framework overcomes the limitations of existing state-of-the-art methods by combining heuristics with symbolic execution, enabling a more precise reconstruction of Inter-procedural Control-Flow Graphs (ICFGs). When applied to the top 500 applications from the Google Play Store, DroidReach++ identifies a significantly higher number of execution paths compared to previous techniques. Finally, two case studies demonstrate how DroidReach++ serves as an effective tool for vulnerability assessment.
AbstractList Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPU-intensive tasks or interact at a low level with specific hardware, such as performing specialized GPU rendering. Recent research on Android security has revealed that these libraries are frequently adopted by third-party developers and may pose security risks if not regularly updated, as publicly disclosed vulnerabilities in outdated libraries can be exploited by malicious actors. To determine whether these known vulnerabilities represent an immediate and tangible threat, it is essential to assess whether the vulnerable functions can be executed during application runtime – a research problem commonly known as function reachability. In this article, we introduce DroidReach++, a novel static analysis approach for evaluating the reachability of native function calls in Android applications. Our framework overcomes the limitations of existing state-of-the-art methods by combining heuristics with symbolic execution, enabling a more precise reconstruction of Inter-procedural Control-Flow Graphs (ICFGs). When applied to the top 500 applications from the Google Play Store, DroidReach++ identifies a significantly higher number of execution paths compared to previous techniques. Finally, two case studies demonstrate how DroidReach++ serves as an effective tool for vulnerability assessment.
ArticleNumber 104657
Author Maiorca, Davide
Coppa, Emilio
Borzacchiello, Luca
Cornacchia, Matteo
Giacinto, Giorgio
Author_xml – sequence: 1
  givenname: Luca
  orcidid: 0000-0001-7198-5175
  surname: Borzacchiello
  fullname: Borzacchiello, Luca
  email: borzacchiello@diag.uniroma1.it
  organization: Sapienza University of Rome, Italy
– sequence: 2
  givenname: Matteo
  orcidid: 0009-0007-1217-5237
  surname: Cornacchia
  fullname: Cornacchia, Matteo
  email: cornacchia@diag.uniroma1.it
  organization: Sapienza University of Rome, Italy
– sequence: 3
  givenname: Davide
  orcidid: 0000-0003-2640-4663
  surname: Maiorca
  fullname: Maiorca, Davide
  email: davide.maiorca@unica.it
  organization: University of Cagliari, Italy
– sequence: 4
  givenname: Giorgio
  orcidid: 0000-0002-5759-3017
  surname: Giacinto
  fullname: Giacinto, Giorgio
  email: giacinto@unica.it
  organization: University of Cagliari, Italy
– sequence: 5
  givenname: Emilio
  orcidid: 0000-0002-8094-871X
  surname: Coppa
  fullname: Coppa, Emilio
  email: ecoppa@luiss.it
  organization: LUISS University, Italy
BookMark eNp9kE1LAzEQhnOoYKv-AU-5l61Jmv0SL1LrBxQKoueQTiY2ZU2WZCn235ulnj0NvC_PMPPMyMQHj4TccrbgjFd3hwWEhAvBRJkDWZX1hExzUReSyeaSzFI6MMbrqmmmZPsUgzPvqGE_n9_T9U_fhej8Fx32SOMY653r3HCiwVKvB3dECsEgdZ5qb0aY6r7vHOQu-HRNLqzuEt78zSvy-bz-WL0Wm-3L2-pxU4Dgoi6MKZcNVMa2tV5azWtmpNzlk9tGalFKAAO83OVOGgaykm1-gEswVrS2gnZ5RcR5L8SQUkSr-ui-dTwpztSoQR3UqEGNGtRZQ4YezhDmy44Oo0rg0AMaFxEGZYL7D_8FzhpqNQ
Cites_doi 10.1109/TIFS.2018.2866347
10.1016/j.future.2012.02.006
10.1145/2619091
10.1016/j.cose.2021.102368
10.14722/ndss.2017.23096
10.1145/3183575
10.1145/3569936
ContentType Journal Article
Copyright 2025 The Authors
Copyright_xml – notice: 2025 The Authors
DBID 6I.
AAFTH
AAYXX
CITATION
DOI 10.1016/j.cose.2025.104657
DatabaseName ScienceDirect Open Access Titles
Elsevier:ScienceDirect:Open Access
CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
ExternalDocumentID 10_1016_j_cose_2025_104657
S0167404825003463
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1RT
1~.
1~5
29F
4.4
457
4G.
5GY
5VS
6I.
7-5
71M
8P~
9DU
9JN
AAEDT
AAEDW
AAFTH
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AATTM
AAXKI
AAXUO
AAYFN
AAYWO
ABBOA
ABFSI
ABJNI
ABMAC
ABWVN
ABXDB
ACDAQ
ACGFO
ACGFS
ACLOT
ACNNM
ACRLP
ACRPL
ACVFH
ACZNC
ADBBV
ADCNI
ADEZE
ADHUB
ADJOM
ADMUD
ADNMO
AEBSH
AEIPS
AEKER
AENEX
AEUPX
AFFNX
AFJKZ
AFPUW
AFTJW
AGHFR
AGQPQ
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIGII
AIIUN
AIKHN
AITUG
AKBMS
AKRWK
AKYEP
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ANKPU
AOUOD
APXCP
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFKBS
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-2
G-Q
GBLVA
GBOLZ
HLX
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG8
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RNS
ROL
RPZ
RXW
SBC
SBM
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TAE
TN5
TWZ
WH7
WUQ
XJE
XPP
XSW
YK3
ZMT
~G-
~HD
AAYXX
CITATION
ID FETCH-LOGICAL-c2127-dd538c6df97a3fa170d44b202984a254ccdc15ba3f4d0c464901614cdf29f6c93
ISSN 0167-4048
IngestDate Thu Nov 27 01:01:01 EST 2025
Sat Nov 29 17:02:14 EST 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Keywords Mobile security
Static analysis
Android
Language English
License This is an open access article under the CC BY license.
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c2127-dd538c6df97a3fa170d44b202984a254ccdc15ba3f4d0c464901614cdf29f6c93
ORCID 0000-0002-5759-3017
0000-0002-8094-871X
0000-0001-7198-5175
0009-0007-1217-5237
0000-0003-2640-4663
OpenAccessLink https://dx.doi.org/10.1016/j.cose.2025.104657
ParticipantIDs crossref_primary_10_1016_j_cose_2025_104657
elsevier_sciencedirect_doi_10_1016_j_cose_2025_104657
PublicationCentury 2000
PublicationDate December 2025
2025-12-00
PublicationDateYYYYMMDD 2025-12-01
PublicationDate_xml – month: 12
  year: 2025
  text: December 2025
PublicationDecade 2020
PublicationTitle Computers & security
PublicationYear 2025
Publisher Elsevier Ltd
Publisher_xml – name: Elsevier Ltd
References Sun, Wei, Lui (b41) 2016
NSA (b34) 2016
Borzacchiello, Coppa, Maiorca, Columbu, Demetrescu, Giacinto (b13) 2022; vol. 13556
Documentation (b20) 2021
Gao, Yang, Fu, Jiang, Shi, Sun (b23) 2018
Borzacchiello (b10) 2022
Eschweiler, Yakdan, Gerhards-Padilla (b22) 2016
Bosu, Liu, Yao, Wang (b14) 2017
Oxgalz (b35) 2021
Gordon, Kim, Perkins, Gilham, Nguyen, Rinard (b24) 2015
Yuanchun Li, Ziyue Yang, Yao Guo, Xiangqun Chen (b53) 2017
CVE (b17) 2016
Derr, Bugiel, Fahl, Acar, Backes (b18) 2017
Borzacchiello, Coppa, Demetrescu (b11) 2021
Schwartz, Cohen, Duggan, Gennari, Havrilla, Hines (b37) 2018
Xue, Qian, Zhou, Luo, Zhou, Shao, Chan (b50) 2019
Android (b5) 2021
Wei, Roy, Ou, Robby (b46) 2018
Amalfitano, Fasolino, Tramontana, De Carmine, Memon (b4) 2012
Tan, Croft (b43) 2008
Bello, Pistoia (b8) 2018
Wang, Zhu, Zhou, Yang (b44) 2017
Tan, G., Chakradhar, S., Srivaths, R., Wang, R.D., 2006. Safe Java native interface. In: In Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering. pp. 97–106.
Ming, J., Xu, D., Jiang, Y., Wu, D., 2017. BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In: 26th USENIX Security Symposium. USENIX Security 17.
Lee, Lee, Ryu (b29) 2020
Xue, Zhou, Chen, Luo, Gu (b51) 2017
Gu, Sun, Su, Li, Lu, Ying, Feng (b25) 2017
Li, Tan (b31) 2009
Yan, L.K., Yin, H., 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: 21st USENIX Security Symposium. USENIX Security 12.
Abraham, Andriatsimandefitra, Brunelat, Lalande, Tong (b1) 2015
Xu, Xu, Chen, Song, Liu, Liu (b49) 2020
Almanee, Ünal, Payer, Garcia (b3) 2021
sirmabus (b39) 2021
Hao, Liu, Nath, Halfond, Govindan (b26) 2014
Strelsky (b40) 2021
Wong, Lie (b48) 2016
Zhang, Heaps, Slavin, Niu, Breaux, Wang (b54) 2023; 32
Desnos (b19) 2021
Almanee (b2) 2021
Hwang, Lee, Kim, Ryu (b27) 2021
Pawlowski, A., Contag, M., van der Veen, V., Ouwehand, C., Holz, T., Bos, H., Athanasopoulos, E., Giuffrida, C., 2017. MARX: Uncovering Class Hierarchies in C++ Programs. In: 24th Annual Network and Distributed System Security Symposium. NDSS ’17.
Li, Bartel, Bissyandé, Klein, Le Traon, Arzt, Rasthofer, Bodden, Octeau, McDaniel (b30) 2015
Wen, Zhou, Luo, Russello, Dietrich (b47) 2024
Chen, Zhang, Guo, Li, Wu (b15) 2013
Enck, Gilbert, Han, Tendulkar, Chun, Cox, Jung, McDaniel, Sheth (b21) 2014
Liao, Cai, Zhu, Yin, Li (b32) 2018
Shoshitaishvili, Wang, Salls, Stephens, Polino, Dutcher, Grosen, Feng, Hauser, Krügel, Vigna (b38) 2016
Klieber, Flynn, Bhosale, Jia, Bauer (b28) 2014
Android Developers (b6) 2021
Arzt, Rasthofer, Fritz, Bodden, Bartel, Klein, Le Traon, Octeau, McDaniel (b7) 2014
Wei, Lin, Ou, Chen, Zhang (b45) 2018
Choi, Necula, Sen (b16) 2013
Borzacchiello, Coppa, Demetrescu (b12) 2021
Borzacchiello (b9) 2022
Borzacchiello (10.1016/j.cose.2025.104657_b13) 2022; vol. 13556
Borzacchiello (10.1016/j.cose.2025.104657_b10) 2022
NSA (10.1016/j.cose.2025.104657_b34) 2016
Borzacchiello (10.1016/j.cose.2025.104657_b9) 2022
Gao (10.1016/j.cose.2025.104657_b23) 2018
Bosu (10.1016/j.cose.2025.104657_b14) 2017
sirmabus (10.1016/j.cose.2025.104657_b39) 2021
Abraham (10.1016/j.cose.2025.104657_b1) 2015
Hwang (10.1016/j.cose.2025.104657_b27) 2021
10.1016/j.cose.2025.104657_b33
Xue (10.1016/j.cose.2025.104657_b50) 2019
10.1016/j.cose.2025.104657_b36
Almanee (10.1016/j.cose.2025.104657_b2) 2021
Bello (10.1016/j.cose.2025.104657_b8) 2018
Chen (10.1016/j.cose.2025.104657_b15) 2013
Wen (10.1016/j.cose.2025.104657_b47) 2024
Android (10.1016/j.cose.2025.104657_b5) 2021
Xu (10.1016/j.cose.2025.104657_b49) 2020
Wong (10.1016/j.cose.2025.104657_b48) 2016
CVE (10.1016/j.cose.2025.104657_b17) 2016
Desnos (10.1016/j.cose.2025.104657_b19) 2021
Almanee (10.1016/j.cose.2025.104657_b3) 2021
Documentation (10.1016/j.cose.2025.104657_b20) 2021
Lee (10.1016/j.cose.2025.104657_b29) 2020
Zhang (10.1016/j.cose.2025.104657_b54) 2023; 32
Derr (10.1016/j.cose.2025.104657_b18) 2017
Hao (10.1016/j.cose.2025.104657_b26) 2014
10.1016/j.cose.2025.104657_b42
Shoshitaishvili (10.1016/j.cose.2025.104657_b38) 2016
Choi (10.1016/j.cose.2025.104657_b16) 2013
Li (10.1016/j.cose.2025.104657_b30) 2015
Borzacchiello (10.1016/j.cose.2025.104657_b12) 2021
Arzt (10.1016/j.cose.2025.104657_b7) 2014
Liao (10.1016/j.cose.2025.104657_b32) 2018
Sun (10.1016/j.cose.2025.104657_b41) 2016
Amalfitano (10.1016/j.cose.2025.104657_b4) 2012
Gu (10.1016/j.cose.2025.104657_b25) 2017
10.1016/j.cose.2025.104657_b52
Wei (10.1016/j.cose.2025.104657_b46) 2018
Borzacchiello (10.1016/j.cose.2025.104657_b11) 2021
Oxgalz (10.1016/j.cose.2025.104657_b35) 2021
Strelsky (10.1016/j.cose.2025.104657_b40) 2021
Wang (10.1016/j.cose.2025.104657_b44) 2017
Android Developers (10.1016/j.cose.2025.104657_b6) 2021
Klieber (10.1016/j.cose.2025.104657_b28) 2014
Schwartz (10.1016/j.cose.2025.104657_b37) 2018
Xue (10.1016/j.cose.2025.104657_b51) 2017
Yuanchun Li (10.1016/j.cose.2025.104657_b53) 2017
Wei (10.1016/j.cose.2025.104657_b45) 2018
Enck (10.1016/j.cose.2025.104657_b21) 2014
Eschweiler (10.1016/j.cose.2025.104657_b22) 2016
Li (10.1016/j.cose.2025.104657_b31) 2009
Tan (10.1016/j.cose.2025.104657_b43) 2008
Gordon (10.1016/j.cose.2025.104657_b24) 2015
References_xml – year: 2021
  ident: b11
  article-title: Fuzzing symbolic expressions
  publication-title: Proc. of the 43rd Int. Conf. on Soft. Eng.
– start-page: 442
  year: 2009
  end-page: 452
  ident: b31
  article-title: Finding bugs in exceptional situations of JNI programs
  publication-title: Proceedings of the 16th ACM Conference on Computer and Communications Security
– year: 2018
  ident: b46
  article-title: Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps
  publication-title: ACM Trans. Priv. Secur.
– year: 2017
  ident: b53
  article-title: DroidBot: a lightweight UI-Guided test input generator for Android
  publication-title: 2017 IEEE/ACM 39th Int. Conf. on Software Engineering
– year: 2016
  ident: b34
  article-title: Ghidra
– year: 2016
  ident: b48
  article-title: IntelliDroid: A targeted input generator for the dynamic analysis of Android malware
  publication-title: Proceedings 2016 Network and Distributed System Security Symposium
– start-page: 427
  year: 2017
  end-page: 438
  ident: b25
  article-title: JGRE: An analysis of JNI global reference exhaustion vulnerabilities in android
  publication-title: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
– year: 2018
  ident: b37
  article-title: Using logic programming to recover C++ classes and methods from compiled executables
  publication-title: Proc. of the 2018 ACM SIGSAC Conf. on Comp. and Com. Sec.
– volume: 32
  year: 2023
  ident: b54
  article-title: DAISY: Dynamic-analysis-induced source discovery for sensitive data
  publication-title: ACM Trans. Softw. Eng. Methodol.
– year: 2021
  ident: b5
  article-title: Native libraries
– year: 2021
  ident: b27
  article-title: JUSTGen: Effective test generation for unspecified JNI behaviors on JVMs
  publication-title: 2021 43rd Int. Conf. on Soft. Eng.
– year: 2021
  ident: b19
  article-title: Androguard
– year: 2012
  ident: b4
  article-title: Using GUI ripping for automated testing of android applications
  publication-title: Proceedings of the 27th IEEE/ACM Int. Conf. on Automated Software Engineering
– year: 2022
  ident: b10
  article-title: DroidReach Benchmarks
– year: 2020
  ident: b29
  article-title: Broadening horizons of multilingual static analysis: Semantic summary extraction from C code for JNI program analysis
  publication-title: 2020 35th IEEE/ACM Int. Conf. on Automated Software Engineering
– year: 2021
  ident: b2
  article-title: Librarian dataset
– year: 2013
  ident: b16
  article-title: Guided GUI testing of android apps with minimal restart and approximate learning
  publication-title: Proc. of the 2013 ACM SIGPLAN Int. Conf. on Object Oriented Programming Systems Languages & Applications
– start-page: 361
  year: 2024
  end-page: 372
  ident: b47
  article-title: Keep me updated: An empirical study on embedded JavaScript engines in android apps
  publication-title: 2024 IEEE/ACM 21st International Conference on Mining Software Repositories
– year: 2008
  ident: b43
  article-title: An Empirical Security Study of the Native Code in the JDK
  publication-title: Proc. of the 17th Conf. on Security Symposium
– year: 2013
  ident: b15
  article-title: State of the art: Dynamic symbolic execution for automated test generation
  publication-title: Future Gener. Comput. Syst.
– year: 2017
  ident: b14
  article-title: Collusive data leak and more: Large-scale threat analysis of inter-app communications
  publication-title: Proc. of the 2017 ACM on Asia Conf. on Computer and Communications Security
– year: 2014
  ident: b26
  article-title: PUMA: Programmable UI-automation for large-scale dynamic analysis of mobile apps
  publication-title: Proc. of the 12th Annual Int. Conf. on Mobile Systems, Applications, and Services
– year: 2016
  ident: b22
  article-title: discovRE: Efficient cross-architecture identification of bugs in binary code
  publication-title: 23rd Annual Network and Distr. Sys. Sec. Symp.
– reference: Ming, J., Xu, D., Jiang, Y., Wu, D., 2017. BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In: 26th USENIX Security Symposium. USENIX Security 17.
– year: 2021
  ident: b40
  article-title: Ghidra C++ class and run time type information analyzer
– year: 2021
  ident: b3
  article-title: Too quiet in the library: An empirical study of security updates in Android apps’ native code
  publication-title: 43rd IEEE/ACM Int. Conf. on Software Engineering
– year: 2014
  ident: b28
  article-title: Android taint flow analysis for app sets
  publication-title: Proc. of the 3rd ACM SIGPLAN Int. Workshop on the State of the Art in Java Program Analysis
– reference: Tan, G., Chakradhar, S., Srivaths, R., Wang, R.D., 2006. Safe Java native interface. In: In Proceedings of the 2006 IEEE International Symposium on Secure Software Engineering. pp. 97–106.
– year: 2021
  ident: b12
  article-title: FUZZOLIC: mixing fuzzing and concolic execution
  publication-title: Comput. Secur.
– year: 2016
  ident: b38
  article-title: SOK: (state of) the art of war: Offensive techniques in binary analysis
  publication-title: IEEE SP’16
– year: 2018
  ident: b45
  article-title: JN-SAF: Precise and efficient NDK/JNI-Aware inter-language static analysis framework for security vetting of Android applications with native code
  publication-title: Proc. of the 2018 ACM SIGSAC Conf. on Computer and Communications Security
– year: 2015
  ident: b1
  article-title: GroddDroid: a gorilla for triggering malicious behaviors
  publication-title: 10th Int. Conf. on Malicious and Unwanted Software
– year: 2017
  ident: b18
  article-title: Keep me updated: An empirical study of third-party library updatability on Android
  publication-title: Proc. of the 2017 ACM SIGSAC Conf. on Computer and Communications Security
– year: 2020
  ident: b49
  article-title: Patch based vulnerability matching for binary programs
  publication-title: Proc. of the 29th ACM SIGSOFT Int. Symp. on Software Testing and Analysis
– year: 2021
  ident: b20
  article-title: Pointer to a native structure in a java field
– year: 2017
  ident: b51
  article-title: Malton: Towards on-device non-invasive mobile malware analysis for ART
  publication-title: 26th USENIX Security Symposium
– year: 2022
  ident: b9
  article-title: DroidReach
– year: 2016
  ident: b17
  article-title: CVE-2016–2182
– reference: Pawlowski, A., Contag, M., van der Veen, V., Ouwehand, C., Holz, T., Bos, H., Athanasopoulos, E., Giuffrida, C., 2017. MARX: Uncovering Class Hierarchies in C++ Programs. In: 24th Annual Network and Distributed System Security Symposium. NDSS ’17.
– year: 2021
  ident: b39
  article-title: IDA CI plugin
– year: 2021
  ident: b6
  article-title: UI/Application exerciser monkey
– year: 2016
  ident: b41
  article-title: TaintART: A practical multi-level information-flow tracking system for Android RunTime
  publication-title: Proc. of the 2016 Conf. on Comp. and Com. Sec.
– year: 2015
  ident: b24
  article-title: Information-flow analysis of Android applications in DroidSafe
  publication-title: Proceedings 2015 Network and Distributed System Security Symposium
– year: 2014
  ident: b7
  article-title: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
  publication-title: Proc. of the 35th ACM SIGPLAN Conf. on Programming Language Design and Implementation
– year: 2014
  ident: b21
  article-title: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones
  publication-title: ACM Trans. Comput. Syst.
– year: 2018
  ident: b23
  article-title: VulSeeker-pro: Enhanced semantic learning based binary vulnerability seeker with emulation
  publication-title: Proc. of the 2018 Eur. Soft. Eng. Conf. and Symp. on the Foundations of Soft. Eng.
– volume: vol. 13556
  start-page: 701
  year: 2022
  end-page: 722
  ident: b13
  article-title: Reach me if you can: On native vulnerability reachability in android apps
  publication-title: Computer Security - ESORICS 2022 - 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26-30, 2022, Proceedings, Part III
– year: 2021
  ident: b35
  article-title: Virtuailor
– year: 2017
  ident: b44
  article-title: Droid-AntiRM: Taming control flow anti-analysis to support automated dynamic analysis of Android malware
  publication-title: Proc. of the 33rd Annual Computer Security Applications Conference
– year: 2018
  ident: b8
  article-title: ARES: Triggering payload of evasive Android malware
  publication-title: Proc. of the 5th Int. Conf. on Mobile Software Engineering and Systems
– year: 2015
  ident: b30
  article-title: IccTA: Detecting inter-component privacy leaks in Android apps
  publication-title: 37th IEEE Int. Conf. on Soft. Eng
– year: 2019
  ident: b50
  article-title: NDroid: Toward tracking information flows across multiple Android contexts
  publication-title: IEEE Trans. Inf. Forensics Secur.
– reference: Yan, L.K., Yin, H., 2012. DroidScope: Seamlessly Reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In: 21st USENIX Security Symposium. USENIX Security 12.
– year: 2018
  ident: b32
  article-title: MobileFindr: Function similarity identification for reversing mobile binaries
  publication-title: ESORICS 2018: Computer Security
– year: 2018
  ident: 10.1016/j.cose.2025.104657_b32
  article-title: MobileFindr: Function similarity identification for reversing mobile binaries
– ident: 10.1016/j.cose.2025.104657_b42
– year: 2019
  ident: 10.1016/j.cose.2025.104657_b50
  article-title: NDroid: Toward tracking information flows across multiple Android contexts
  publication-title: IEEE Trans. Inf. Forensics Secur.
  doi: 10.1109/TIFS.2018.2866347
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b3
  article-title: Too quiet in the library: An empirical study of security updates in Android apps’ native code
– year: 2016
  ident: 10.1016/j.cose.2025.104657_b22
  article-title: discovRE: Efficient cross-architecture identification of bugs in binary code
– year: 2017
  ident: 10.1016/j.cose.2025.104657_b53
  article-title: DroidBot: a lightweight UI-Guided test input generator for Android
– ident: 10.1016/j.cose.2025.104657_b52
– year: 2017
  ident: 10.1016/j.cose.2025.104657_b44
  article-title: Droid-AntiRM: Taming control flow anti-analysis to support automated dynamic analysis of Android malware
– year: 2013
  ident: 10.1016/j.cose.2025.104657_b16
  article-title: Guided GUI testing of android apps with minimal restart and approximate learning
– year: 2018
  ident: 10.1016/j.cose.2025.104657_b45
  article-title: JN-SAF: Precise and efficient NDK/JNI-Aware inter-language static analysis framework for security vetting of Android applications with native code
– year: 2013
  ident: 10.1016/j.cose.2025.104657_b15
  article-title: State of the art: Dynamic symbolic execution for automated test generation
  publication-title: Future Gener. Comput. Syst.
  doi: 10.1016/j.future.2012.02.006
– year: 2014
  ident: 10.1016/j.cose.2025.104657_b21
  article-title: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones
  publication-title: ACM Trans. Comput. Syst.
  doi: 10.1145/2619091
– year: 2016
  ident: 10.1016/j.cose.2025.104657_b17
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b5
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b39
– year: 2022
  ident: 10.1016/j.cose.2025.104657_b9
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b12
  article-title: FUZZOLIC: mixing fuzzing and concolic execution
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2021.102368
– year: 2016
  ident: 10.1016/j.cose.2025.104657_b34
– year: 2018
  ident: 10.1016/j.cose.2025.104657_b23
  article-title: VulSeeker-pro: Enhanced semantic learning based binary vulnerability seeker with emulation
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b40
– start-page: 361
  year: 2024
  ident: 10.1016/j.cose.2025.104657_b47
  article-title: Keep me updated: An empirical study on embedded JavaScript engines in android apps
– year: 2020
  ident: 10.1016/j.cose.2025.104657_b49
  article-title: Patch based vulnerability matching for binary programs
– ident: 10.1016/j.cose.2025.104657_b33
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b2
– year: 2014
  ident: 10.1016/j.cose.2025.104657_b26
  article-title: PUMA: Programmable UI-automation for large-scale dynamic analysis of mobile apps
– year: 2014
  ident: 10.1016/j.cose.2025.104657_b7
  article-title: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps
– year: 2016
  ident: 10.1016/j.cose.2025.104657_b41
  article-title: TaintART: A practical multi-level information-flow tracking system for Android RunTime
– year: 2018
  ident: 10.1016/j.cose.2025.104657_b37
  article-title: Using logic programming to recover C++ classes and methods from compiled executables
– start-page: 427
  year: 2017
  ident: 10.1016/j.cose.2025.104657_b25
  article-title: JGRE: An analysis of JNI global reference exhaustion vulnerabilities in android
– year: 2012
  ident: 10.1016/j.cose.2025.104657_b4
  article-title: Using GUI ripping for automated testing of android applications
– year: 2018
  ident: 10.1016/j.cose.2025.104657_b8
  article-title: ARES: Triggering payload of evasive Android malware
– year: 2015
  ident: 10.1016/j.cose.2025.104657_b24
  article-title: Information-flow analysis of Android applications in DroidSafe
– year: 2017
  ident: 10.1016/j.cose.2025.104657_b14
  article-title: Collusive data leak and more: Large-scale threat analysis of inter-app communications
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b11
  article-title: Fuzzing symbolic expressions
– year: 2015
  ident: 10.1016/j.cose.2025.104657_b1
  article-title: GroddDroid: a gorilla for triggering malicious behaviors
– year: 2016
  ident: 10.1016/j.cose.2025.104657_b38
  article-title: SOK: (state of) the art of war: Offensive techniques in binary analysis
– year: 2014
  ident: 10.1016/j.cose.2025.104657_b28
  article-title: Android taint flow analysis for app sets
– year: 2017
  ident: 10.1016/j.cose.2025.104657_b51
  article-title: Malton: Towards on-device non-invasive mobile malware analysis for ART
– ident: 10.1016/j.cose.2025.104657_b36
  doi: 10.14722/ndss.2017.23096
– year: 2022
  ident: 10.1016/j.cose.2025.104657_b10
– year: 2008
  ident: 10.1016/j.cose.2025.104657_b43
  article-title: An Empirical Security Study of the Native Code in the JDK
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b35
– year: 2020
  ident: 10.1016/j.cose.2025.104657_b29
  article-title: Broadening horizons of multilingual static analysis: Semantic summary extraction from C code for JNI program analysis
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b6
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b20
– year: 2018
  ident: 10.1016/j.cose.2025.104657_b46
  article-title: Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps
  publication-title: ACM Trans. Priv. Secur.
  doi: 10.1145/3183575
– volume: 32
  issue: 4
  year: 2023
  ident: 10.1016/j.cose.2025.104657_b54
  article-title: DAISY: Dynamic-analysis-induced source discovery for sensitive data
  publication-title: ACM Trans. Softw. Eng. Methodol.
  doi: 10.1145/3569936
– year: 2015
  ident: 10.1016/j.cose.2025.104657_b30
  article-title: IccTA: Detecting inter-component privacy leaks in Android apps
– year: 2016
  ident: 10.1016/j.cose.2025.104657_b48
  article-title: IntelliDroid: A targeted input generator for the dynamic analysis of Android malware
– volume: vol. 13556
  start-page: 701
  year: 2022
  ident: 10.1016/j.cose.2025.104657_b13
  article-title: Reach me if you can: On native vulnerability reachability in android apps
– year: 2017
  ident: 10.1016/j.cose.2025.104657_b18
  article-title: Keep me updated: An empirical study of third-party library updatability on Android
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b27
  article-title: JUSTGen: Effective test generation for unspecified JNI behaviors on JVMs
– start-page: 442
  year: 2009
  ident: 10.1016/j.cose.2025.104657_b31
  article-title: Finding bugs in exceptional situations of JNI programs
– year: 2021
  ident: 10.1016/j.cose.2025.104657_b19
SSID ssj0017688
Score 2.4335644
Snippet Modern Android applications often incorporate numerous native C/C++ libraries to efficiently handle CPU-intensive tasks or interact at a low level with...
SourceID crossref
elsevier
SourceType Index Database
Publisher
StartPage 104657
SubjectTerms Android
Mobile security
Static analysis
Title DroidReach++: Exploring the reachability of native code in android applications
URI https://dx.doi.org/10.1016/j.cose.2025.104657
Volume 159
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  issn: 0167-4048
  databaseCode: AIEXJ
  dateStart: 19950101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://www.sciencedirect.com
  omitProxy: false
  ssIdentifier: ssj0017688
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1Lb9QwELaWlgMX3ogCRT7AKcpqN3Ye5tbSUkCoIFSkvUWOHyUVSqrstqo48dM7s3acUB6iB6RVtIqTSZT54ozHn78h5EUqLGOGsVgU1sRcVVks8qSIs7QqKs5llZpqXWwiPzwsFgvxaTL50a-FOf-WN01xcSFO_6urYR84G5fOXsPdwSjsgP_gdNiC22H7T47f69paf0aS5MtkF38w5h-YdmtGITY6fW6nJ-3Ev3F1O6Y_JGoY1Doaz22PY9i-EMRyDZulL4AXxvVt910q9bXuZ3U-nI3YQFgPGRulWye0Wpl2yInXbadkINoHxB3UUtXNutxTdADHHDvqWJ-rSNIR78OnL1Flfea0NUP_6yXBXQ-Kc85OsvqXzt3lGU6myOSfovnpcPDPStpXvnCBd9hT2k5KtFGijdLZuEE2kzwV0C9u7rzbX7wPM1EwHCuCPjzcuV945TiCV-_k98HNKGA5uktu-5EG3XEIuUcmprlP7vTOo75Tf0A-DoCJolc0QIUCVOgYKrS11EGFIlRo3VAPFTqGykPy5c3-0eu3sS-zESuU94-1ho-eyrQVuWRWzvOZ5rxKUJufyyTlSmk1Tyto43qmeMYFDhO40jYRNlOCPSIbTduYx4SmVZYnc8bYzMK5EAdlBt53TDJqYWyVbZGofz7lqVNTKf_sky2S9o-w9PGgi_NKQMRfzntyras8JbcGqD4jG6vuzGyTm-p8VS-75x4Ol0SDgFM
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=DroidReach%2B%2B%3A+Exploring+the+reachability+of+native+code+in+android+applications&rft.jtitle=Computers+%26+security&rft.au=Borzacchiello%2C+Luca&rft.au=Cornacchia%2C+Matteo&rft.au=Maiorca%2C+Davide&rft.au=Giacinto%2C+Giorgio&rft.date=2025-12-01&rft.issn=0167-4048&rft.volume=159&rft.spage=104657&rft_id=info:doi/10.1016%2Fj.cose.2025.104657&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_cose_2025_104657
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon