Computer Science ›› 2020, Vol. 47 ›› Issue (11A): 303-309.doi: 10.11896/jsjkx.200100122

• Computer Network • Previous Articles     Next Articles

Fuzz Testing of Android Inter-component Communication

ZHAO Sai1, LIU Hao1, WANG Yu-feng1, SU Hang1, YAN Ji-wei2,3   

  1. 1 Department of Informatics,Beijing University of Technology,Beijing 100124,China
    2 Technology Center of Software Engineering,Institute of Software,Chinese Academy of Sciences,Beijing 100190,China
    3 University of Chinese Academy of Sciences,Beijing 100190,China
  • Online:2020-11-15 Published:2020-11-17
  • About author:ZHAO Sai,born in 1994,postgraduate,is a member of China Computer Federation.Her main research interests include mobile application analysis and so on.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China (61672505).

Abstract: The Android operating system provides a rich inter-application messaging mechanism,in which intent-based communication is an important inter-component communication mechanism in Android.This mechanism facilitates the collaboration of applications and reduces the burdens for developers through increasing component reuse.It is possible that this message-passing mechanism will be abused,such as the application send erroneous messages to the target application,which can result in the target crash.Aiming at this problem,a robustness detection method based on the fuzzy test is proposed and an intent fuzzy test tool ICCDroidFuzzer is implemented.The method uses static analysis to obtain component-related information to construct the test suites and send them to the target components.At the same time,the tool monitors the Android system logs to find ifthere is a run crash.We examined 420 real business applications using ICCDroidFuzzer.The results demonstrate 19 exceptions that cause the application crash.This tool automatically tests the robustness of applications and is suitable for testing a large number of Android applications without human intervention.

Key words: Fuzzy test, Intent, Inter-component communication, Robustness

CLC Number: 

  • TP311.5
[1] IDC 2019[EB/OL].https://www.idc.com/promo/smartphone-market-share/os.
[2] Google Play Store:number of apps 2019 | Statista [EB/OL].https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store/.
[3] Intent [EB/OL].https://www.hahack.com/wiki/android-intent.html.
[4] Intent and Intentfilters [EB/OL].https://developer.android.com/guide/components/intents-filters.html.
[5] Android components fundamental [EB/OL].https://developer.android.com/guide/components/fundamentals.
[6] Android Activity [EB/OL].https://developer.android.com/guide/components/activities.
[7] Android Service [EB/OL].https://developer.android.com/gu-ide/components/services.html.
[8] AndroidBroadcastReceiver[EB/OL].https://developer.an-droid.com/reference/android/content/BroadcastReceiver.html.
[9] Component Security and Permissions [EB/OL].https://www.oreilly.com/library/view/application-security-for/9781449322250/ch04.html.
[10] SUTTON M,GREENE A,AMINI P.Fuzzingbruteforce vulnerability discovery[M].Beijing:China Machine Press,2009:13-14.
[11] MILLER B P,FREDRIKSEN L,SO B.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44.
[12] MILLER B P,KOSKI D,LEEC P,et al.Fuzz revisited:A re-examination of the reliability of UNIX utilities and services[R].University of Wisconsin-Madison Department of Computer Sciences,1995.
[13] FORRESTER J E,MILLER B P.An empirical study of the robustness of Windows NT applications using random testing[C]//Proceedings of the 4th USENIX Windows System Symposium.2000,4:59-68.
[14] ZHANG X,LI Z J.Survey of fuzz testing technology[J].Computer Science,2016,43(5):1-8,26.
[15] CHEN C,CUI B,MA J,et al.A systematic review of fuzzing techniques[J].Computers & Security,2018,75:118-137.
[16] BERTSIMAS D,SIM M.The price of robustness[J].Operations research,2004,52(1):35-53.
[17] Android StandardActionand Category [EB/OL].https://deve-loper.android.com/reference/android/content/Intent.
[18] Soot[EB/OL].http://www.bodden.de/2008/09/22/soot-intra.
[19] Android ADB [EB/OL].https://developer.android.com/studio/command-line/adb.
[20] Android Logcat [EB/OL].https://developer.android.com/studio/command-line/logcat.
[21] Android Eventlog [EB/OL].https://developer.android.com/reference/android/util/EventLog.
[22] FU J M,LI P W,YI Q,et al.A static detectionof security defects between inter-components communication[J].J.Huazhong Univ.of Sci.&Tech.(Natural Science Edition),2013,41(S2):259-264.
[23] LI L,BARTEL A,BISSYANDÉT F,et al.Iccta:Detecting inter-component privacy leaks in android apps[C]//IEEE/ACM 37th IEEE International Conference on Software Engineering.IEEE,2015:280-291.
[24] BOHLULI Z,SHAHRIARIH R.Detecting Privacy Leaks inAndroid Apps using Inter-Component Information Flow Control Analysis[C]//15th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC).IEEE,2018:1-6.
[25] YANG K,ZHUGE J,WANG Y,et al.IntentFuzzer:detecting capability leaks of android applications[C]//Proceedings of the 9th ACM Symposium on Information,Computer and Communications Security.2014:531-536.
[26] LIU W.Research on a method of security detection for Android based on Intent [J] Computer technology and development,2019,29(5):102-106.
[27] WANG G Z,YANG H L.Research on test methods of exported Android activity[J].Computer Systems & Applications,2018,27(9):262-267.
[28] WANG K,LIU Q X,ZHANG Y Q.Androidinter-applicationcommunication vulnerability mining technique based on Fuzzing[J].Journal of University of Chinese Academy of Sciences,2014,31(6):827-835.
[29] ZHANG M,YANG L,ZHANG J W.FuzzerAPP:The robustnesstestof application component communication in Android[J].Journal of Computer Research and Development,2017,54(2):338-347.
[30] CHOI K,KO M,CHANG B M.A Practical Intent Fuzzing Tool for Robustness of Inter-Component Communication in Android Apps[J].KSII Transactions on Internet & Information Systems,2018,12(9).
[1] ZHOU Hui, SHI Hao-chen, TU Yao-feng, HUANG Sheng-jun. Robust Deep Neural Network Learning Based on Active Sampling [J]. Computer Science, 2022, 49(7): 164-169.
[2] YAN Meng, LIN Ying, NIE Zhi-shen, CAO Yi-fan, PI Huan, ZHANG Lan. Training Method to Improve Robustness of Federated Learning [J]. Computer Science, 2022, 49(6A): 496-501.
[3] ZHONG Jiang, YIN Hong, ZHANG Jian. Academic Knowledge Graph-based Research for Auxiliary Innovation Technology [J]. Computer Science, 2022, 49(5): 194-199.
[4] ZHANG Cheng-rui, CHEN Jun-jie, GUO Hao. Comparative Analysis of Robustness of Resting Human Brain Functional Hypernetwork Model [J]. Computer Science, 2022, 49(2): 241-247.
[5] YU Yue-zhang, XIA Tian-yu, JING Yi-nan, HE Zhen-ying, WANG Xiao-yang. Smart Interactive Guide System for Big Data Analytics [J]. Computer Science, 2021, 48(9): 110-117.
[6] MU Jun-fang, ZHENG Wen-ping, WANG Jie, LIANG Ji-ye. Robustness Analysis of Complex Network Based on Rewiring Mechanism [J]. Computer Science, 2021, 48(7): 130-136.
[7] HU Xiao-wei, CHEN Yu-zhong. Query Suggestion Method Based on Autoencoder and Reinforcement Learning [J]. Computer Science, 2021, 48(6A): 206-212.
[8] WANG Xue-guang, ZHANG Ai-xin, DOU Bing-lin. Non-linear Load Capacity Model of Complex Networks [J]. Computer Science, 2021, 48(6): 282-287.
[9] LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long. SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions [J]. Computer Science, 2021, 48(5): 25-31.
[10] SHEN Xia-jiong, YANG Ji-yong, ZHANG Lei. Attribute Exploration Algorithm Based on Unrelated Attribute Set [J]. Computer Science, 2021, 48(4): 54-62.
[11] TONG Xin, WANG Bin-jun, WANG Run-zheng, PAN Xiao-qin. Survey on Adversarial Sample of Deep Learning Towards Natural Language Processing [J]. Computer Science, 2021, 48(1): 258-267.
[12] WU Qing-hong, GAO Xiao-dong. Face Recognition in Non-ideal Environment Based on Sparse Representation and Support Vector Machine [J]. Computer Science, 2020, 47(6): 121-125.
[13] LU Dong-dong, WU Jie, LIU Peng, SHENG Yong-xiang. Analysis of Key Developer Type and Robustness of Collaboration Network in Open Source Software [J]. Computer Science, 2020, 47(12): 100-105.
[14] CHEN Xiao-wen, LIU Guang-shuai, LIU Wang-hua, LI Xu-rui. Blurred Image Recognition Based on LoG Edge Detection and Enhanced Local Phase Quantization [J]. Computer Science, 2020, 47(12): 197-204.
[15] GAO Li-jian,MAO Qi-rong. Environment-assisted Multi-task Learning for Polyphonic Acoustic Event Detection [J]. Computer Science, 2020, 47(1): 159-164.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!