{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:12:28Z","timestamp":1775873548137,"version":"3.50.1"},"reference-count":63,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T00:00:00Z","timestamp":1638316800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2021,12,1]],"date-time":"2021-12-01T00:00:00Z","timestamp":1638316800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2021,9,24]],"date-time":"2021-09-24T00:00:00Z","timestamp":1632441600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/2.zoppoz.workers.dev:443\/http\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Forensic Science International: Digital Investigation"],"published-print":{"date-parts":[[2021,12]]},"DOI":"10.1016\/j.fsidi.2021.301285","type":"journal-article","created":{"date-parts":[[2021,10,12]],"date-time":"2021-10-12T19:01:46Z","timestamp":1634065306000},"page":"301285","update-policy":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":22,"special_numbering":"C","title":["Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations"],"prefix":"10.1016","volume":"39","author":[{"given":"Xiaolu","family":"Zhang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/2.zoppoz.workers.dev:443\/https\/orcid.org\/0000-0001-5261-4600","authenticated-orcid":false,"given":"Frank","family":"Breitinger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Engelbert","family":"Luechinger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stephen","family":"O'Shaughnessy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.fsidi.2021.301285_bib1","doi-asserted-by":"crossref","first-page":"230","DOI":"10.1016\/j.cose.2016.11.011","article-title":"Droidnative: automating and optimizing detection of android native code malware variants","volume":"65","author":"Alam","year":"2017","journal-title":"Comput. Secur."},{"key":"10.1016\/j.fsidi.2021.301285_bib2","first-page":"1","article-title":"Obfuscation in android malware, and how to fight back","author":"Apvrille","year":"2014","journal-title":"Virus Bull."},{"key":"10.1016\/j.fsidi.2021.301285_bib3","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1145\/2666356.2594299","article-title":"Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps","volume":"49","author":"Arzt","year":"2014","journal-title":"ACM Sigplan Not."},{"key":"10.1016\/j.fsidi.2021.301285_bib4","series-title":"Proceedings of the 13th International Conference on Availability","first-page":"1","article-title":"Detection of obfuscation techniques in android applications","author":"Bacci","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib5","series-title":"ICISSP","first-page":"379","article-title":"Impact of code obfuscation on android malware detection based on static and dynamic analysis","author":"Bacci","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib6","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"356","article-title":"Reliable third-party library detection in android and its security applications","author":"Backes","year":"2016"},{"key":"10.1016\/j.fsidi.2021.301285_bib7","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1016\/j.cose.2016.05.003","article-title":"Control flow obfuscation for android applications","volume":"61","author":"Balachandran","year":"2016","journal-title":"Comput. Secur."},{"key":"10.1016\/j.fsidi.2021.301285_bib8","series-title":"Proceedings of the 4th Workshop on Security in Highly Connected IT Systems","first-page":"7","article-title":"Anti-proguard: towards automated deobfuscation of android apps","author":"Baumann","year":"2017"},{"key":"10.1016\/j.fsidi.2021.301285_bib9","series-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","first-page":"343","article-title":"Statistical deobfuscation of android applications","author":"Bichsel","year":"2016"},{"key":"10.1016\/j.fsidi.2021.301285_bib10","doi-asserted-by":"crossref","first-page":"400","DOI":"10.1109\/TDSC.2014.2355839","article-title":"A\u00a0probabilistic discriminative model for android malware detection with decompiled source code","volume":"12","author":"Cen","year":"2014","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"10.1016\/j.fsidi.2021.301285_bib11","series-title":"Proceedings of the Thiry-Fourth Annual ACM Symposium on Theory of Computing","first-page":"380","article-title":"Similarity estimation techniques from rounding algorithms","author":"Charikar","year":"2002"},{"key":"10.1016\/j.fsidi.2021.301285_bib12","author":"Chau"},{"key":"10.1016\/j.fsidi.2021.301285_bib13","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1109\/TIFS.2019.2932228","article-title":"Android hiv: a study of repackaging malware for evading machine-learning detection","volume":"15","author":"Chen","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"10.1016\/j.fsidi.2021.301285_bib14","author":"Crowley"},{"key":"10.1016\/j.fsidi.2021.301285_bib15","series-title":"European Symposium on Research in Computer Security","first-page":"37","article-title":"Attack of the clones: detecting cloned applications on android markets","author":"Crussell","year":"2012"},{"key":"10.1016\/j.fsidi.2021.301285_bib16","series-title":"European Symposium on Research in Computer Security","first-page":"182","article-title":"Andarwin: scalable detection of semantically similar android applications","author":"Crussell","year":"2013"},{"key":"10.1016\/j.fsidi.2021.301285_bib17","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1007\/s11416-016-0282-2","article-title":"Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology","volume":"13","author":"Dalla Preda","year":"2017","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"key":"10.1016\/j.fsidi.2021.301285_bib18","series-title":"International Conference on Security and Privacy in Communication Systems","first-page":"172","article-title":"Understanding android obfuscation techniques: a large-scale investigation in the wild","author":"Dong","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib19","author":"Dupuy"},{"key":"10.1016\/j.fsidi.2021.301285_bib20","series-title":"Proceedings IEEE International Conference on Software Maintenance","first-page":"602","article-title":"Aiding program comprehension by static and dynamic feature analysis","author":"Eisenbarth","year":"2001"},{"key":"10.1016\/j.fsidi.2021.301285_bib21","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2619091","article-title":"Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones","volume":"32","author":"Enck","year":"2014","journal-title":"ACM Trans. Comput. Syst."},{"key":"10.1016\/j.fsidi.2021.301285_bib22","series-title":"Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions","author":"Faruki","year":"2016"},{"key":"10.1016\/j.fsidi.2021.301285_bib23","author":"Google"},{"key":"10.1016\/j.fsidi.2021.301285_bib24","author":"Google"},{"key":"10.1016\/j.fsidi.2021.301285_bib25","author":"Google"},{"key":"10.1016\/j.fsidi.2021.301285_bib26","author":"Google"},{"key":"10.1016\/j.fsidi.2021.301285_bib27","series-title":"Proceedings of the 2020 6th International Conference on Computing and Artificial Intelligence","first-page":"261","article-title":"From image to code: executable adversarial examples of android applications","author":"Gu","year":"2020"},{"key":"10.1016\/j.fsidi.2021.301285_bib28","series-title":"International Conference on Web Information Systems and Applications","first-page":"579","article-title":"Wltdroid: repackaging detection approach for android applications","author":"Guo","year":"2020"},{"key":"10.1016\/j.fsidi.2021.301285_bib29","series-title":"Police Struggling to Clear Evidence Backlog of 12,000 Devices","author":"Hamilton","year":"2020"},{"key":"10.1016\/j.fsidi.2021.301285_bib30","series-title":"Proceedings of the 40th International Conference on Software Engineering","first-page":"421","article-title":"A\u00a0large-scale empirical study on the effects of code obfuscations on android apps and anti-malware products","author":"Hammad","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib31","series-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","first-page":"1667","article-title":"Debin: predicting debug information in stripped binaries","author":"He","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib32","series-title":"Dadidroid: an Obfuscation Resilient Tool for Detecting Android Malware via Weighted Directed Call Graph Modelling","author":"Ikram","year":"2019"},{"key":"10.1016\/j.fsidi.2021.301285_bib33","series-title":"Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy","first-page":"1","article-title":"Morpheus: benchmarking computational diversity in mobile malware","author":"Kazdagli","year":"2014"},{"key":"10.1016\/j.fsidi.2021.301285_bib34","first-page":"214","article-title":"Fast identification of obfuscation and mobile advertising in mobile malware","volume":"vol. 1","author":"K\u00fchnel","year":"2015"},{"key":"10.1016\/j.fsidi.2021.301285_bib35","series-title":"Proceedings of the 25th International Symposium on Software Testing and Analysis","first-page":"318","article-title":"Droidra: taming reflection to support whole-program analysis of android apps","author":"Li","year":"2016"},{"key":"10.1016\/j.fsidi.2021.301285_bib36","series-title":"International Conference on Security and Privacy in Communication Systems","first-page":"214","article-title":"Obfusifier: obfuscation-resistant android malware detection system","author":"Li","year":"2019"},{"key":"10.1016\/j.fsidi.2021.301285_bib37","doi-asserted-by":"crossref","first-page":"S59","DOI":"10.1016\/j.diin.2018.04.012","article-title":"Automated forensic analysis of mobile applications on android devices","volume":"26","author":"Lin","year":"2018","journal-title":"Digit. Invest."},{"key":"10.1016\/j.fsidi.2021.301285_bib38","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1016\/j.cose.2015.02.007","article-title":"Stealth attacks: an extended insight into the obfuscation effects on android malware","volume":"51","author":"Maiorca","year":"2015","journal-title":"Comput. Secur."},{"key":"10.1016\/j.fsidi.2021.301285_bib39","doi-asserted-by":"crossref","first-page":"240","DOI":"10.1016\/j.future.2018.07.066","article-title":"Androdet: an adaptive android obfuscation detector","volume":"90","author":"Mirzaei","year":"2019","journal-title":"Future Generat. Comput. Syst."},{"key":"10.1016\/j.fsidi.2021.301285_bib40","series-title":"Comment on \u201cAndrodet: an Adaptive Android Obfuscation Detector\u201d","author":"Mohammadinodooshan","year":"2019"},{"key":"10.1016\/j.fsidi.2021.301285_bib41","unstructured":"ORACLE (2013a). jarsigner. URL: https:\/\/2.zoppoz.workers.dev:443\/https\/docs.oracle.com\/javase\/7\/docs\/technotes\/tools\/windows\/jarsigner.html."},{"key":"10.1016\/j.fsidi.2021.301285_bib42","unstructured":"ORACLE (2013b). Java native interface specification contents. URL: https:\/\/2.zoppoz.workers.dev:443\/https\/docs.oracle.com\/javase\/8\/docs\/technotes\/guides\/jni\/spec\/jniTOC.html."},{"key":"10.1016\/j.fsidi.2021.301285_bib43","author":"ORACLE"},{"key":"10.1016\/j.fsidi.2021.301285_bib44","author":"ORACLE"},{"key":"10.1016\/j.fsidi.2021.301285_bib45","series-title":"2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","first-page":"625","article-title":"Revealing similarities in android malware by dissecting their methods","author":"Pasetto","year":"2020"},{"key":"10.1016\/j.fsidi.2021.301285_bib46","series-title":"A\u00a0Study on Obfuscation Techniques for Android Malware","first-page":"81","author":"Pomilia","year":"2016"},{"key":"10.1016\/j.fsidi.2021.301285_bib47","series-title":"NDSS","article-title":"Harvesting runtime values in android applications that feature anti-analysis techniques","author":"Rasthofer","year":"2016"},{"key":"10.1016\/j.fsidi.2021.301285_bib48","series-title":"Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security","first-page":"329","article-title":"Droidchameleon: evaluating android anti-malware against transformation attacks","author":"Rastogi","year":"2013"},{"key":"10.1016\/j.fsidi.2021.301285_bib49","series-title":"Code Protection in Android. Insititute of Computer Science","first-page":"110","author":"Schulz","year":"2012"},{"key":"10.1016\/j.fsidi.2021.301285_bib50","first-page":"9","article-title":"Evaluating android antimalware against transformation attacks","volume":"5","author":"Sindhu","year":"2014","journal-title":"Journal Impact Factor"},{"key":"10.1016\/j.fsidi.2021.301285_bib51","series-title":"Proceedings of the 28th Annual ACM Symposium on Applied Computing","first-page":"1808","article-title":"Mobile-sandbox: having a deeper look into android applications","author":"Spreitzenbarth","year":"2013"},{"key":"10.1016\/j.fsidi.2021.301285_bib52","series-title":"Proceedings of the Third ACM Conference on Data and Application Security and Privacy","first-page":"197","article-title":"Sweetening android lemon markets: measuring and combating malware in application marketplaces","author":"Vidas","year":"2013"},{"key":"10.1016\/j.fsidi.2021.301285_bib53","series-title":"2017 IEEE\/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","first-page":"154","article-title":"Who changed you? obfuscator identification for android","author":"Wang","year":"2017"},{"key":"10.1016\/j.fsidi.2021.301285_bib54","series-title":"2018 IEEE\/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft)","first-page":"13","article-title":"Orlis: obfuscation-resilient library detection for android","author":"Wang","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib55","series-title":"Proceedings of the 34th Annual Computer Security Applications Conference","first-page":"222","article-title":"A\u00a0large scale investigation of obfuscation use in google play","author":"Wermke","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib56","series-title":"In 27th <inline>\u2216left\u2216{\u2216right.<\/inline>USENIX<inline>\u2216left.\u2216right\u2216}<\/inline> Security Symposium (<inline>\u2216left\u2216{\u2216right.<\/inline>USENIX<inline>\u2216left.\u2216right\u2216}<\/inline> Security 18)","first-page":"1247","article-title":"Tackling runtime-based obfuscation in android with <inline>\u2216left\u2216{\u2216right.<\/inline>TIRO<inline>\u2216left.\u2216right\u2216}<\/inline>","author":"Wong","year":"2018"},{"key":"10.1016\/j.fsidi.2021.301285_bib57","first-page":"300999","article-title":"Digital forensic tools: recent advances and enhancing the status quo","volume":"34","author":"Wu","year":"2020","journal-title":"Forensic Sci. Int.: Digit. Invest."},{"key":"10.1016\/j.fsidi.2021.301285_bib58","first-page":"1","article-title":"String deobfuscation scheme based on dynamic code extraction for mobile malwares","volume":"4","author":"Yoo","year":"2016","journal-title":"IT Convergence Practice"},{"key":"10.1016\/j.fsidi.2021.301285_bib59","series-title":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","first-page":"297","article-title":"Malware obfuscation techniques: a brief survey","author":"You","year":"2010"},{"key":"10.1016\/j.fsidi.2021.301285_bib60","series-title":"2017 IEEE\/ACM 25th International Conference on Program Comprehension (ICPC)","first-page":"132","article-title":"Repdroid: an automated tool for android application repackaging detection","author":"Yue","year":"2017"},{"key":"10.1016\/j.fsidi.2021.301285_bib61","doi-asserted-by":"crossref","first-page":"516","DOI":"10.1016\/j.cose.2017.07.011","article-title":"Breaking into the vault: privacy, security and forensic analysis of android vault applications","volume":"70","author":"Zhang","year":"2017","journal-title":"Comput. Secur."},{"key":"10.1016\/j.fsidi.2021.301285_bib62","series-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","first-page":"82","article-title":"Adam: an automatic and extensible platform to stress test android anti-virus systems","author":"Zheng","year":"2012"},{"key":"10.1016\/j.fsidi.2021.301285_bib63","series-title":"2012 IEEE Symposium on Security and Privacy","first-page":"95","article-title":"Dissecting android malware: characterization and evolution","author":"Zhou","year":"2012"}],"container-title":["Forensic Science International: Digital Investigation"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.elsevier.com\/content\/article\/PII:S2666281721002031?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/api.elsevier.com\/content\/article\/PII:S2666281721002031?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T20:53:47Z","timestamp":1762980827000},"score":1,"resource":{"primary":{"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/linkinghub.elsevier.com\/retrieve\/pii\/S2666281721002031"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,12]]},"references-count":63,"alternative-id":["S2666281721002031"],"URL":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/j.fsidi.2021.301285","relation":{},"ISSN":["2666-2817"],"issn-type":[{"value":"2666-2817","type":"print"}],"subject":[],"published":{"date-parts":[[2021,12]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Android application forensics: A survey of obfuscation, obfuscation detection and deobfuscation techniques and their impact on investigations","name":"articletitle","label":"Article Title"},{"value":"Forensic Science International: Digital Investigation","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/2.zoppoz.workers.dev:443\/https\/doi.org\/10.1016\/j.fsidi.2021.301285","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2021 The Authors. Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"301285"}}