Android System Services Testing: A Coverage-Guided Fuzzing Approach

Nowadays, Android is the most widespread mobile operating system globally, powering billions of smartphones and tablets. Its widespread use, coupled with its open-source nature, makes it both a popular platform for developers and a target for cyber threats. Fuzzing is a software testing technique that has evolved over several decades to help identifying vulnerabilities and defects in computer programs. It consists in providing the target with an enormous automatically generated quantity of data, aiming to find inputs causing errors or crashes that may lead to the presence of vulnerabilities. The aim of this thesis is to develop an architecture capable of fuzzing Android system services and gathering runtime information. Android system services are essential services for accessing key functionalities such as touch screen, telephony, Bluetooth, and Wi-Fi. Fuzzing these services involves employing a technique known as instrumentation to inject code into the target, track code coverage, and communicate basic blocks hit during execution. The architecture has been tested on a custom service to check out the correct working of the fuzzer in finding out new paths and also for performance evaluation. It is worth mentioning that the project focuses on Android system services, but the architecture has been intentionally designed to be versatile, enabling it to fuzz various already-running processes.