DoApp: Denial of App. A smart Android Fuzzer for the future

February 3, 2017 iswat

Capture

 

The Team:

  • Antonio Farina (University of Sannio BN IT)
  • Marta Catillo (University of Sannio BN IT)
  • Luigi Martire (University of Sannio BN IT)
  • Team Leader: Ing. Antonio Pirozzi (University of Sannio BN IT)
  • Supervisor: Prof. Aaron C. Visaggio (University of Sannio BN IT)

 

The security issue about the system communication of the Android components is a critical point faced up by researchers in the last years. In fact, a lot of tools and applications have been developed to test how a certain app reacts if it would be triggered by a Spoofed Intent.

Our project is born after an evaluation of the existing tools in the same application domain. The massive idea is studying the weaknesses of these tools and fix them in order to build a complete tool for the analysis and testing of the vulnerabilities in the Android components communication.

The DoApp goal is to create an Android standalone application that makes it possible perform a deep test of a target application. Analysing the manifest of the target application, DoApp is able to stress each component (Activities, Services and BroadcastReceivers) of the application. Through fuzzing and an ad-hoc heuristic, DoApp generates a set of malformed inputs in order to test if the application is crash-proof. Once the test is completed, DoApp produces a report that allows to individuate the cause of fault in the target application.

This app is mainly designed for:

  • Developers and testers, to lead them during the developing phase. In fact, it is useful to find crash causes in their apps and to drive them towards security and stability improvement.
  • Researchers, to help them in their studies about the Android Framework and its leaks.
  • Pentesters, in order to support them in their jobs and tests, helping them in the deep analysis of security issues, intent vulnerabilities, DOS attacks and data leakage.

Capture

Doapp has been designed to operate through the following five main phases:

  • Retrieve the info about all installed apps on the system and choice by the user of the target app to be tested;
  • Analysis of the choosen app manifest and extraction of all data fields that represent the inputs accepted by the app;
  • Generation of ad-hoc intents for all the app components;
  • Sending Intents to components;
  • LogCat analysis and report about possible app crashes.

Capture

 

Using the developed app, we tested several applications discovering that one application on three showed some weaknesses. In the table we report the results of our test:

 

Capture

Link to the project:

https://github.com/lmartire/DoApp

Presentation: doapp_presentazione

Relation: DoApp – Relazione