Adaptive Non-Crashing Functional Bugs in Android Applications

Authors

  • Amna Asif Department of Computer Science, NFC Institute of Engineering and Technology, Multan, Pakistan
  • Naeem Aslam Department of Computer Science, NFC Institute of Engineering and Technology, Multan, Pakistan
  • Sana Akhtar Department of Computer Science, NFC Institute of Engineering and Technology, Multan, Pakistan
  • Muhammad Kamran Abid Department of Computer Science, NFC Institute of Engineering and Technology, Multan, Pakistan
  • Ujala Saleem Department of Computer Science, NFC Institute of Engineering and Technology, Multan, Pakistan

DOI:

https://doi.org/10.51239/jictra.v14i1.319

Keywords:

Automated Functional Fuzzing, Dynamic Analysis, Security Vulnerability, Logic Bug Identification

Abstract

Because Android applications are so widely used, it is critical to make sure they are reliable and secure. Through completely automated functional fuzzing, this research presents a novel method for Android app security. Our approach uses sophisticated fuzzing techniques to methodically investigate the operation of Android apps, with a focus on the detection of non-crashing logic flaws. While non-crashing logic defects can introduce subtle vulnerabilities jeopardizing the overall integrity of Android apps, they are typically overlooked in traditional security testing, which concentrates on discovering and mitigating crashes. The current techniques for finding these logic issues that don't crash are frequently laborious, manual, and not very thorough. As of now, a general comprehension of functional defects remains elusive, impeding the progress of methodologies and strategies aimed at mitigating such issues. To address this deficiency, we investigate the fundamental causes, and symptoms of bugs, and test oracles, as well as the capabilities and limitations of current testing methodologies, using 401 functional defects from five prominent open-source and representative Android applications. This is the first systematic study of its kind. Several of the intriguing new findings and implications that our research uncovers cast light on the topic of addressing functional defects. By applying transfer learning and RegDroid to eight prominent real-world applications, we were able to effectively identify sixteen functional flaws.

Downloads

Published

2023-12-30

Issue

Section

Original Articles

How to Cite

[1]
A. Asif, N. Aslam, S. Akhtar, M. K. Abid, and U. Saleem, “Adaptive Non-Crashing Functional Bugs in Android Applications”, jictra, vol. 14, no. 1, pp. 29–43, Dec. 2023, doi: 10.51239/jictra.v14i1.319.