MALintent: Coverage Guided Intent Fuzzing Framework for Android
Ammar Askar
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Android Security 1
The talk "MALintent: Coverage Guided Intent Fuzzing Framework for Android" by Ammar Askar introduces a novel approach to identifying critical vulnerabilities within Android applications by systematically fuzzing their inter-process communication (IPC) mechanisms, specifically Android Intents. Given Android's stringent app isolation model, where each application operates within its own Linux user context, the primary vector for interaction and potential attack between apps is through the operating system's IPC facilities. Intents, as the foundational element of Android's IPC, represent a significant and often overlooked attack surface, with a noticeable rise in associated CVEs.
AI review
Solid systems-security research with a novel contribution: coverage-guided intent fuzzing augmented by automated JNI harness synthesis and dynamic taint analysis for privacy oracles. Real CVE-grade findings in Chrome, WhatsApp, and Instagram validate the tooling. Not a 5 because the coverage instrumentation technique — the most technically interesting piece — is deferred to the paper rather than explained on stage.