L. O. Andersen, Program analysis and specialization for the C programming language, 1994.

K. W. Au, Y. F. Zhou, Z. Huang, and D. Lie, PScout, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.217-228, 2012.
DOI : 10.1145/2382196.2382222

D. Barrera, H. G. Kayacik, P. C. Van-oorschot, and A. Somayaji, A methodology for empirical analysis of permission-based security models and its application to android, Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pp.73-84, 2010.
DOI : 10.1145/1866307.1866317

A. Bartel, J. Klein, M. Monperrus, and Y. L. Traon, Automatically securing permission-based software by reducing the attack surface: an application to Android, Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, 2012.
DOI : 10.1145/2351676.2351722
URL : https://hal.archives-ouvertes.fr/hal-00700074

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, and A. Sadeghi, Xmandroid: A new android evolution to mitigate privilege escalation attacks, 2011.

P. Centonze, G. Naumovich, S. J. Fink, and M. Pistoia, Rolebased access control consistency validation, ISSTA 2006, pp.121-132
DOI : 10.1145/1146238.1146253
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.473.1200

M. Conti, V. T. Nguyen, and B. Crispo, CRePE: Context-Related Policy Enforcement for Android, Proceedings of the 13th International Conference on Information security, 2011.
DOI : 10.1007/978-3-642-18178-8_29

L. Davi, A. Dmitrienko, A. Sadeghi, and M. Winandy, Privilege Escalation Attacks on Android, Information Security, pp.346-360, 2011.
DOI : 10.1007/978-3-642-18178-8_30
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.392.6200

M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach, Quire: Lightweight provenance for smart phone operating systems, 20th USENIX Security Symposium, 2011.

W. Enck, M. Ongtang, and P. Mcdaniel, On lightweight mobile phone application certification, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, pp.235-245, 2009.
DOI : 10.1145/1653662.1653691
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.170.4433

W. Enck, M. Ongtang, and P. Mcdaniel, Understanding Android Security, IEEE Security & Privacy Magazine, vol.7, issue.1, 2009.
DOI : 10.1109/MSP.2009.26

A. P. Felt, K. Greenwood, and D. Wagner, The effectiveness of application permissions, Proceedings of the 2nd USENIX conference on Web application development, pp.7-7, 2011.

A. P. Felt, H. Wang, A. Moshchuk, S. Hanna, and E. Chin, Permission re-delegation: Attacks and defenses, Proceedings of the 20th USENIX Security Symposium, 2011.

E. Geay, M. Pistoia, T. Tateishi, B. G. Ryder, and J. Dolby, Modular string-sensitive permission analysis with demanddriven precision, ICSE, pp.177-187, 2009.

C. Gibler, J. Crussel, J. Erickson, and H. Chen, Androidleaks detecting privacy leaks in android applications, 2011.

S. Hoffman, Zeus banking trojan variant attacks android smartphones. CRN, 2011.

L. Koved, M. Pistoia, and A. Kershenbaum, Access rights analysis for Java, ACM SIGPLAN Notices, vol.37, issue.11, pp.359-372, 2002.
DOI : 10.1145/583854.582452

P. Lam, E. Bodden, O. Lhoták, and L. Hendren, The Soot framework for Java program analysis: a retrospective, Cetus Users and Compiler Infastructure Workshop, 2011.

O. Lhoták and L. Hendren, Scaling Java Points-to Analysis Using Spark, 12th International Conference on Compiler Construction, 2003.
DOI : 10.1007/3-540-36579-6_12

P. Manadhata and J. Wing, An Attack Surface Metric, IEEE Transactions on Software Engineering, vol.37, issue.3, pp.371-386, 2011.
DOI : 10.1109/TSE.2010.60

C. Marforio, A. Francillon, and S. Capkun, Application collusion attack on the permission-based security model and its implications for modern smartphone systems, 2011.

T. Mustafa and K. Sohr, Understanding the implemented access control policy of Android system services with slicing and extended static checking, International Journal of Information Security, vol.10, issue.1, 2012.
DOI : 10.1007/s10207-014-0260-y

M. Nauman, S. Khan, and X. Zhang, Apex, Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, 2010.
DOI : 10.1145/1755688.1755732

M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, Semantically rich application-centric security in android, Journal of Security and Communication Networks, 2011.

M. Pistoia, S. J. Fink, R. J. Flynn, and E. Yahav, When Role Models Have Flaws: Static Validation of Enterprise Security Policies, 29th International Conference on Software Engineering (ICSE'07), 2007.
DOI : 10.1109/ICSE.2007.98

M. Pistoia, R. J. Flynn, L. Koved, and V. C. Sreedhar, Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection, ECOOP, 2005.
DOI : 10.1007/11531142_16

F. Roesner, T. Kohno, A. Moshchuk, B. Parno, H. J. Wang et al., User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems, 2012 IEEE Symposium on Security and Privacy, 2011.
DOI : 10.1109/SP.2012.24

J. H. Saltzer and M. D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE, 1975.
DOI : 10.1109/PROC.1975.9939

A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, and S. Dolev, Google android: A state-of-the-art review of security mechanisms, 2009.

R. Tarjan, Depth-First Search and Linear Graph Algorithms, SIAM Journal on Computing, vol.1, issue.2, pp.146-160, 1972.
DOI : 10.1137/0201010
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.327.8418