We have designed and implemented an Intent Fuzzing Framework for Android.
Intents are one of the most important ways used by applications to communicate. They benefit also for a very high level of trust inside the Android OS, so if they are not validated appropriate, they might create an unwanted damage, or might even compromise a mobile device, from Security perspective.
As a term, fuzzing implies manipulating input data, in order to validate it through the mechanism or device under test. It is usually a black-box, negative testing technique, but we have used it as a grey-box method, also.
Knowing how Intents are built, and which type of parameters they accept and expect, we have been able to craft fuzzed Intents, in order to find Security vulnerabilities in the Inter Process Communication protocol.
