DoApp is an Android standalone application that makes it possible perform a deep test of a target application.
Analysing the manifest of the target application, DoApp is able to stress each component (Activities, Services and BroadcastReceivers)
of the application.
Through fuzzing and an ad-hoc heuristic, DoApp generates a set of malformed inputs in order to test if the application
is crash-proof. Once the test is completed, DoApp produces a report that allows to individuate cause of fault in the target application.
#Motivation
The security issue about the system communication of the Android components is a critical point faced up by researchers in the last years. In fact, a lot of tools and applications have been developed to test how a certain app reacts if it would be triggered by a Spoofed Intent.
Our project is born after an evaluation of the existing tools in the same application domain. The massive idea is studying the weaknesses of these tools and fix them in order to build a complete tool for the analysis and testing of the vulnerabilities in the Android components communication.
#The team
- Antonio Farina (University of Sannio BN IT)
- Marta Catillo (University of Sannio BN IT)
- Luigi Martire (University of Sannio BN IT)
- Team Leader: Ing. Antonio Pirozzi (University of Sannio BN IT)
- Supervisor: Prof. Aaron C. Visaggio (University of Sannio BN IT)
View the article: http://www.iswatlab.eu/?page_id=470
#Usage
Select your target app
The target app is crashed :)
#... And view the generated report!