Android vulnerability detection

Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabili...

Full description

Saved in:
Bibliographic Details
Main Author: Huang, Wenjie
Other Authors: Liu Yang
Format: Thesis-Master by Research
Language:English
Published: Nanyang Technological University 2022
Subjects:
Online Access:https://hdl.handle.net/10356/156850
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabilities in the open-source APK becomes a critical component in the Android environment. One of the most effective methods for locating vulnerabilities that exist within the applications is to use fuzzing. However, it is challenging to fuzz in the Android environment due to certain limitations. Firstly, there are some fuzzers on the Linux platform; however, no equivalent fuzzer is found in the Android environment. Secondly, a fuzzer requires an executable target program. Some of the APKs are privately maintained such as commercial ones and only nonexecutable shared object files are available. Lastly, it is hardware and computational resource-intensive supporting fuzzing scalability on the Android platform. It is not feasible to get an Android device for each of the fuzzing processes and the physical device requirement is generally not a scalable solution. Furthermore, preparing a software emulation environment to replace the physical device is not cost efficient as it takes up much more resources to simulate the same environment conducted on a different operating system, and the resources wasted accumulate in each of the fuzzing processes run by the fuzzer. This thesis proposes an automated parallel fuzzing solution to detect vulnerabilities in APK. For C libraries, it first extracts shared object (.so) files from APK and obtains the library function names in the “.so” files through feature extraction. Matching the function names against a database consisting of open-source library names and respective function names to get the library name of the functions. For Java libraries, it extracts the “smali” files from APK through the feature extraction. The “smali” files contain the group identity document (ID) of the Java libraries. Hence, the library name can be obtained based on the library group ID. With the library name, the library source code found on Github is downloaded and to be run by a manually prepared test harness. Then, multiple fuzzers are initiated by executing the test harness with 6 crawled seed inputs. Finally, the crashes are triaged and reproduced in the Android application. A bug report is created summarizing the information of crash reproduction. The proposed approach has discovered 198 vulnerabilities in Java libraries and 9 vulnerabilities in C libraries. 3 of the vulnerabilities have been reproduced in the libraries related to Android applications so far.