In order to detect security problems in androidactivitycomponents, we designed one detection method based on fuzzing and dynamic hooking technology, and developed our detection tool called activity Fuzzer. activity ...
详细信息
In order to detect security problems in androidactivitycomponents, we designed one detection method based on fuzzing and dynamic hooking technology, and developed our detection tool called activity Fuzzer. activity Fuzzer constructs Intent objects by parsing android APK file, then sends them to activitycomponents. At the same time, activity Fuzzer monitors the android system logs to find if securityvulnerabilities occur, such as permission leaks and runtime crashes. Besides, we designed a feedback mechanism to reduce false negatives. We use activity Fuzzer to detect 100 android applications, and find 60% applications existing security problems. During the experiment, we find mobile QQ leaks ACCESSETWORKTATE permission, causing that other applications can access the OAuth service without any permission. And we find a serious Do S vulnerability of wechat.
暂无评论