**1.4 Android application scanning framework**

A reference model for Android scanning process is shown in **Figure 2**. This model provides the core steps/phases vital to analyze Android apps and malware detection. The following sections highlight each one of these phases, starting from allocating the source of Android apps, downloading mechanisms, app's source code generation process, app's features extraction, applying static and dynamic analysis, generating datasets, detecting and classifying the app into benign or malware, and ranking its risk if it is detected as a malware app. Moreover, the mostly used mechanisms and tools utilized by researchers and developers at each process's phase are also presented.

**Figure 2.** *Android application security scanning model [29].*
