Android vulnerability detection

Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabili...

Full description

Saved in:
Bibliographic Details
Main Author: Huang, Wenjie
Other Authors: Liu Yang
Format: Thesis-Master by Research
Language:English
Published: Nanyang Technological University 2022
Subjects:
Online Access:https://hdl.handle.net/10356/156850
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-156850
record_format dspace
spelling sg-ntu-dr.10356-1568502022-05-04T10:23:16Z Android vulnerability detection Huang, Wenjie Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabilities in the open-source APK becomes a critical component in the Android environment. One of the most effective methods for locating vulnerabilities that exist within the applications is to use fuzzing. However, it is challenging to fuzz in the Android environment due to certain limitations. Firstly, there are some fuzzers on the Linux platform; however, no equivalent fuzzer is found in the Android environment. Secondly, a fuzzer requires an executable target program. Some of the APKs are privately maintained such as commercial ones and only nonexecutable shared object files are available. Lastly, it is hardware and computational resource-intensive supporting fuzzing scalability on the Android platform. It is not feasible to get an Android device for each of the fuzzing processes and the physical device requirement is generally not a scalable solution. Furthermore, preparing a software emulation environment to replace the physical device is not cost efficient as it takes up much more resources to simulate the same environment conducted on a different operating system, and the resources wasted accumulate in each of the fuzzing processes run by the fuzzer. This thesis proposes an automated parallel fuzzing solution to detect vulnerabilities in APK. For C libraries, it first extracts shared object (.so) files from APK and obtains the library function names in the “.so” files through feature extraction. Matching the function names against a database consisting of open-source library names and respective function names to get the library name of the functions. For Java libraries, it extracts the “smali” files from APK through the feature extraction. The “smali” files contain the group identity document (ID) of the Java libraries. Hence, the library name can be obtained based on the library group ID. With the library name, the library source code found on Github is downloaded and to be run by a manually prepared test harness. Then, multiple fuzzers are initiated by executing the test harness with 6 crawled seed inputs. Finally, the crashes are triaged and reproduced in the Android application. A bug report is created summarizing the information of crash reproduction. The proposed approach has discovered 198 vulnerabilities in Java libraries and 9 vulnerabilities in C libraries. 3 of the vulnerabilities have been reproduced in the libraries related to Android applications so far. Master of Engineering 2022-04-26T04:45:15Z 2022-04-26T04:45:15Z 2022 Thesis-Master by Research Huang, W. (2022). Android vulnerability detection. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156850 https://hdl.handle.net/10356/156850 10.32657/10356/156850 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
spellingShingle Engineering::Computer science and engineering
Huang, Wenjie
Android vulnerability detection
description Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabilities in the open-source APK becomes a critical component in the Android environment. One of the most effective methods for locating vulnerabilities that exist within the applications is to use fuzzing. However, it is challenging to fuzz in the Android environment due to certain limitations. Firstly, there are some fuzzers on the Linux platform; however, no equivalent fuzzer is found in the Android environment. Secondly, a fuzzer requires an executable target program. Some of the APKs are privately maintained such as commercial ones and only nonexecutable shared object files are available. Lastly, it is hardware and computational resource-intensive supporting fuzzing scalability on the Android platform. It is not feasible to get an Android device for each of the fuzzing processes and the physical device requirement is generally not a scalable solution. Furthermore, preparing a software emulation environment to replace the physical device is not cost efficient as it takes up much more resources to simulate the same environment conducted on a different operating system, and the resources wasted accumulate in each of the fuzzing processes run by the fuzzer. This thesis proposes an automated parallel fuzzing solution to detect vulnerabilities in APK. For C libraries, it first extracts shared object (.so) files from APK and obtains the library function names in the “.so” files through feature extraction. Matching the function names against a database consisting of open-source library names and respective function names to get the library name of the functions. For Java libraries, it extracts the “smali” files from APK through the feature extraction. The “smali” files contain the group identity document (ID) of the Java libraries. Hence, the library name can be obtained based on the library group ID. With the library name, the library source code found on Github is downloaded and to be run by a manually prepared test harness. Then, multiple fuzzers are initiated by executing the test harness with 6 crawled seed inputs. Finally, the crashes are triaged and reproduced in the Android application. A bug report is created summarizing the information of crash reproduction. The proposed approach has discovered 198 vulnerabilities in Java libraries and 9 vulnerabilities in C libraries. 3 of the vulnerabilities have been reproduced in the libraries related to Android applications so far.
author2 Liu Yang
author_facet Liu Yang
Huang, Wenjie
format Thesis-Master by Research
author Huang, Wenjie
author_sort Huang, Wenjie
title Android vulnerability detection
title_short Android vulnerability detection
title_full Android vulnerability detection
title_fullStr Android vulnerability detection
title_full_unstemmed Android vulnerability detection
title_sort android vulnerability detection
publisher Nanyang Technological University
publishDate 2022
url https://hdl.handle.net/10356/156850
_version_ 1734310211938680832