(i) a high- level language for specifying signatures that describe seman- tic characteristics of malware families and (ii) a static anal- ysis for deciding if a given application matches a malware signature.

GoldDream: * Key characteristic: registering a receiver for certain system events such as SMS messages or outgoing phone calls.

Datalog based language. * Component type predicates: receiver(r), service(s) * Control-flow predicates * Data-flow predicates

ICCG: seemingly important.

Android Malware Genome project

ProGuard Tool.

I think purely static method is stupid.

SAAF: program slicing to iden- tify suspicious method arguments

The Pegasus system: malware that can be identified by the order in which certain permissions and APIs are used. permission event graph (PEG).