# Evolutionary Fuzzing of Android OS Vendor System Services

**Authors:** Domenico Cotroneo, Antonio Ken Iannillo, Roberto Natella

arXiv: 1906.00621 · 2019-06-04

## TL;DR

This paper introduces Chizpurfle, an evolutionary fuzzing platform that effectively tests proprietary Android system services on real devices, revealing security and reliability issues more efficiently than traditional methods.

## Contribution

It presents a coverage-guided fuzzing approach using evolutionary algorithms and dynamic binary rewriting to test unmodified Android device services.

## Key findings

- Evolutionary fuzzing outperforms blind fuzzing in testing efficiency.
- Coverage profiling on actual devices is feasible with dynamic binary rewriting.
- Different fitness functions and selection algorithms impact fuzzing effectiveness.

## Abstract

Android devices are shipped in several flavors by more than 100 manufacturer partners, which extend the Android "vanilla" OS with new system services, and modify the existing ones. These proprietary extensions expose Android devices to reliability and security issues. In this paper, we propose a coverage-guided fuzzing platform (Chizpurfle) based on evolutionary algorithms to test proprietary Android system services. A key feature of this platform is the ability to profile coverage on the actual, unmodified Android device, by taking advantage of dynamic binary re-writing techniques. We applied this solution on three high-end commercial Android smartphones. The results confirmed that evolutionary fuzzing is able to test Android OS system services more efficiently than blind fuzzing. Furthermore, we evaluate the impact of different choices for the fitness function and selection algorithm.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.00621/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/1906.00621/full.md

## References

64 references — full list in the complete paper: https://tomesphere.com/paper/1906.00621/full.md

---
Source: https://tomesphere.com/paper/1906.00621