Malicious apps pose an important problem on Android, the world's most popular smartphone operating system. Android apps are typically written in Java and compiled to run on the register based Dalvik virtual machine.
Static analysis can approximate program behaviour and this approximation can be used to find malicious behaviour, for example covert sending of expensive text messages.

We expand our original operational semantics for the Dalvik instruction set to more accurately model the Android implementation, and we update our control flow analysis with these changes and improve its precision to achieve useful results when analyzing real apps.
The analysis is further expanded to include support for reflection and Javascript interfaces, two dynamic features that are used extensively in popular Android apps.

Finally, we implement a prototype of the analysis which is able to create call graphs and run on real-world apps.