This section discusses the background related to the security of Android applications and the vulnerabilities associated with them. It provides a high-level overview of the Android layered architecture, its security implications, Android application vulnerabilities, and potential mistakes made by users and developers that can lead to security and privacy issues. It also explains the ML process, since the article focuses more on ML-based vulnerability detection mechanisms. Then, it would be helpful for all the readers to understand the content easily. Furthermore, the existing literature reviews are also discussed in this section.
2.2 Related Literature Reviews
Previous reviews [
1,
2,
38,
50,
72,
80,
86,
127,
132] discussed various security-related studies, including vulnerability detection methods for Android applications and the ways to prevent them. With the rapid focus on software security, most of these studies and experiments were conducted after 2015.
The security in the Android platform was studied in Reference [
1]. It reviewed the studies on several threats to Android, such as information leakage, privilege escalation, repackaging apps, denial of service attacks, and colluding. It has also reviewed Crowdroid [
24], Kirin [
40], AndroSimilar [
42], RiskRanker [
55], RiskMon [
67], FireDroid [
123], Aurasium [
161], DroidScope [
162], RecDroid [
166], and DroidRanger [
168] methods. Those studies were reviewed with objectives such as the assessment, the source code analysis method (i.e., static or dynamic analysis), and detection mechanisms. However, there are limitations in this review, such as following an informal review approach and not covering comprehensive details on vulnerability detection and prevention mechanisms.
It is crucial to identify the duplicate codes in several places in a program. When identifying bugs in a program, code repetition places also should be identified as all the places should be revised. The study in Reference [
2] reviewed various studies related to code clone detection. This study has systematically reviewed 54 studies under six categories: textual approaches, lexical approaches, tree-based approaches, metric-based approaches, semantic approaches, and hybrid approaches. Twenty-six clone detection tools were also identified in this review, and found that many of the tools and models can be applied in Java/C++ codes. However, since this review contained papers from 2013 to 2018, it is better to review the latest code clone detection methods proposed after 2018.
Authors in Reference [
38] analysed 55 studies from 2015 to 2021 related to software vulnerability detection. The selected articles were grouped into several categories across various vulnerability detection evaluation criteria such as neural network, machine learning, static and dynamic analysis, code clone, classification models and frameworks. Based on the analysis, it has been identified that many researchers used machine learning strategies to detect vulnerability in software, since a large volume of data can be analysed easily with machine learning. Though some of the reviewed studies have overlaps with vulnerability detection of source code written in C and Java, a further review should be conducted specifically for Android source code vulnerability detection.
The study in Reference [
50] reviewed Android security assessments, including trends and patterns of different analysis approaches, analysis techniques, code representation tools, and applicable frameworks by analysing about 200 studies from 2013 to 2020. It has also focused on privacy leaks, cryptographic issues, app cloning, permission misuse, code verification, malware detection, test case generation, and energy consumption. It discussed sensitivity analysis, data structures, and code representations in the reviewed literature under the static analysis techniques. Kernel level, application level, and emulator level inspections were also considered under taint analysis and anomaly-based approaches in dynamic analysis techniques. The review highlighted that many research studies were conducted related to Android vulnerabilities and leaks. Moreover, this study systematically reviewed several android assessments techniques and identified call graphs, control flow graphs, and inter-procedural control flow graphs as the used data structures. However, the studies related to preventing vulnerabilities were not discussed. Moreover, reviewing studies on non-ML-based methods to detect and prevent vulnerabilities is possible, since this review considered only ML methods.
Related studies on automated testing mechanisms of Android applications were systematically reviewed in Reference [
72] from 2010 to 2016. This article discussed three functional testing types: black-box, white-box, and grey-box by analysing Android-related studies, including test-related objectives, targets, levels, and techniques, along with their validation depths. The considered test objectives were bugs, defects, compatibility, energy, performance, security, and concurrency. Under test targets, it considered inter-component communication, inter-application component, graphical user interface, and events. System, integration, and regression were considered for the test levels while testing types, testing environment, and testing methods were listed as used test techniques. Further, executing tests using emulators and real devices was also discussed. It examined testing methods including mutation, concolic, A/B, fuzzing, random, search-based, and model-based. This review considered frequently used essential tools such as AndroidRipper [
9], Monkey [
14], Silkuli [
61], Robotium [
119], EMMA [
121], and Roboelectric [
158]. Though it has reviewed Android app testing comprehensively till 2016, the recent studies are not considered.
The review in Reference [
80] analysed 124 research studies from 2011 to 2015 intending to identify static analysis mechanisms for Android applications. It identified that static analysis was used in many research studies related to privacy and security, and taint analysis was the widely applied technique in those studies. According to that, Soot (a framework for analyzing, instrumenting, optimizing, transforming and visualizing Java and Android applications) [
76], and Jimple (an intermediate representation that can simplify analysis and transformation of Java bytecode) [
151] were the widely used tools and formats, and a few studies considered path-sensitivity. After analysing, this review identified that leaks and vulnerabilities are the primary concerns addressed by the other research studies. Moreover, this review found permission misuse, energy consumption, clone detection, test case generation, code verification, and cryptographic implementation issues. Some of the novel techniques, including ML-related studies, were not reviewed, since this review focused on research from 2011 to 2015.
The work in Reference [
86] systematically reviewed DL-based Android malware defence by answering three primary research questions: (1) aspects of Android malware defences applied when using DL, (2) approaches developed for malware defences, and (3) emerging and potential research trends for DL-based Android malware defences. The review considered the technical studies from 2014 to November 2021. The review identified that while many of the reviewed studies mainly consider DL-based on Android malware detection, some defence approaches were based on non-DL-based methods. It has also been identified that static program analysis is widely used to collect features, and semantic features are frequently occurring. Moreover, it concluded that most of the approaches were performed as a supervised classification task. This review identified that many studies were conducted to detect malware, and other types of more detailed analyses on malicious apps are receiving increasing attention. Nevertheless, it was not comprehensively reviewed how the other types, such as malicious code detection and code vulnerability detection, can be performed.
The systematic review conducted in Reference [
127] discussed ML and DL-based Android malware detection methods, along with a comparison of methods and their accuracies. This review analysed many studies from 2017 to 2021 and identified that static, dynamic, and hybrid analysis could be used with ML/DL models to detect malware. Furthermore, it identified that static analysis is the widely used technique in the reviewed studies. It has been found out that RF, SVM, NB, kNN, LSTM, and
AdaBoost (AB) were the widely used ML/DL models in this context. Further to the malware detection method, this review briefly discussed Android software vulnerability identification. It reviewed the methods and techniques to identify source code vulnerabilities. The critiqued studies have identified that hybrid analysis techniques were widely used to identify Android source code vulnerabilities. The main focus of this review was Android malware detection using ML/DL. Therefore, it is still essential to review code vulnerability detection methods to a great extent.
Studies related to the Android security framework, its security mechanisms assessments, and mitigation strategies were reviewed in Reference [
132]. Under the security mechanisms, user interfaces, file access, memory management, type safety, mobile carrier, application permissions, component encapsulation, and application signing were reviewed. It has reviewed the security analysis studies related to Android framework cornerstone layers, application-level permissions, installing applications, mobile web browsers, SQL injections, connectivity and communication, hardware, software updates, malware in Linux environment, and malware related to Java. Under mechanisms, studies related to anti-malware tools, firewalls, intrusion detection and prevention methods, access controls, permission management applications, encryption methods, and spam filters were reviewed. Though this review discussed the studies conducted under Android security by following an informal and non-systematic approach, it does not consider security issues such as API vulnerabilities, concurrency bugs, and the latest OS-related bugs due to the considered period in the review.
Though the existing reviews provide in-depth details of the related studies, reviews such as References [
72,
80] did not cover the recent works conducted in this area. Reviews such as References [
2,
132] did not thoroughly review the studies on Android-specific vulnerability detection using various experiments performed in source code analysis. Therefore, it is required to conduct a comprehensive review of recent studies related to Android source code vulnerability detection and prevention mechanisms. Table
1 summarises and compares the related reviews with this work’s contribution.