[Paper] Dissecting contact tracing apps in the Android platform

[cpholguera]

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8121305/pdf/pone.0251867.pdf

Static analysis employed three different tools. Two of them, namely Androtomist [43] and MobSF [44] are open-source, while the other, namely Ostorlab [45], utilized only for outdated software component analysis and taint analysis, is a software-as-a-service (SaaS) product. Specifics on these tools are given in the respective sections. When looking for weaknesses and vulnerabilities, we also relied on the methodology set out in the OWASP mobile security testing guide [46].