**3.1 Feature extraction**

Once the app's source code is retrieved, the feature extraction process starts. The features that are usually extracted depend on the type of malware and the analysis mode whether static or dynamic. This will be explained in the following two subsections. **Table 2** lists the most commonly used static and dynamic features [34].
