Fuzzing mobile applications to detect crashes
Wee, Aaron Soon Lee
Date of Issue2019-05-02
School of Computer Science and Engineering
With the growing number of available android apps in the Google Play Store, it has become increasingly important for app developers to maintain app stability through automated black box testing, to ensure that both potential and existing app users are not lost to the competition due to frequent app crashes. While most app developers use sequential testing to automate testing of a specific test path, more bugs can be found with the addition of fuzz testing.This report introduces an automated black box android fuzzing tool named DRMFuzzer that operates in two phases. The first phase involves fuzzing a target app with user interface events using model-based approach enhanced by dynamic weighted random exploration strategy to find crashes. The second phase commences after fuzzing completes which consists of the generation of repeatable test scripts, activity screenshots and a detailed console output to facilitate crash analysis and bug reproduction. DRMFuzzer was evaluated on 10 android apps and when compared to Monkey showed that it was able to detect more unique crashes in 8 out of 10 of the apps tested and was able to reproduce 92% of the crashes found after the initial fuzzing.
DRNTU::Engineering::Computer science and engineering::Software::Programming languages
Final Year Project (FYP)
Nanyang Technological University