Hilfe Wegweiser Impressum Kontakt Einloggen





Inter-Application Communication Testing of Android Applications Using Intent Fuzzing


Aslam,  Hafiz Ahmad Shahzad
International Max Planck Research School, MPI for Informatics, Max Planck Society;

Externe Ressourcen
Es sind keine Externen Ressourcen verfügbar
Volltexte (frei zugänglich)
Es sind keine frei zugänglichen Volltexte verfügbar
Ergänzendes Material (frei zugänglich)
Es sind keine frei zugänglichen Ergänzenden Materialien verfügbar

Aslam, H. A. S. (2014). Inter-Application Communication Testing of Android Applications Using Intent Fuzzing. Master Thesis, Universität des Saarlandes, Saarbrücken.

Testing is a crucial stage in the software development process that is used to uncover bugs and potential security threats. If not conducted thoroughly, buggy software may cause erroneous, malicious and even harmful behavior. Unfortunately in most software systems, testing is either completely neglected or not thoroughly conducted. One such example is Google's popular mobile platform, Android OS, where inter-application communication is not properly tested. This is because of the difficulty which it possesses in the development overhead and the manual labour required by developers in setting up the testing environment. Consequently, the lack of Android application testing continues to cause Android users to experience erroneous behavior and sudden crashes, impacting user experience and potentially resulting in financial losses. When a caller application attempts to communicate with a potentially buggy application, the caller application will suffer functional errors or it may even potentially crash. Incidentally, the user will complain that the caller application is not providing the promised functionality, resulting in a devaluation of the application's user rating. Successive failures will no longer be considered as isolated events, potentially crippling developer credibility of the calling application. In this thesis we present an automated tester for inter-application communication in Android applications. The approach used for testing is called Intent based Testing. Android applications are typically divided into multiple components that communicate via intents: messages passed through Android OS to coordinate operations between the different components. Intents are also used for inter-application communication, rendering them relevant for security. In this work, we designed and built a fully automated tool called IntentFuzzer, to test the stability of inter-application communication of Android applications using intents. Firstly, it statically analyzes the application to generate intents. Next, it tests the inter-application communication by fuzzing them, that is, injecting random input values that uncover unwanted behavior. In this way, we are able to expose several new defects including potential security issues which we discuss briefly in the Evaluation section.