Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.
Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.
Control Flow Graph-based Path Reconstruction in Android applications
DORIA, SAMUELE
2022/2023
Abstract
Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability. In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint. Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.File | Dimensione | Formato | |
---|---|---|---|
MSc_Thesis_Samuele_Doria.pdf
accesso aperto
Dimensione
531.29 kB
Formato
Adobe PDF
|
531.29 kB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/52254