Google is a Fortune 500 technology company headquartered in Mountain View, California. It specializes in creating connected products such as its search engine, smart devices, and advertising services. One of its most widespread products is the Android mobile operating system, which runs on upwards of 3 billion devices worldwide.
Due to the vast number of Android devices currently in use, Google needs to guarantee optimal performance and quality in their software. To achieve this goal, Google developed a bug detection tool called Syzkaller. This tool uses a process known as fuzzing, which enables engineers to detect bugs by passing random inputs into the target program.
Our Android Exploit Fuzzing Analysis tool utilizes Syzkaller to test Android software for bugs and displays the metrics on an intuitive dashboard for analysis by Google professionals.
The home page of the dashboard displays a snapshot of a Syzkaller fuzzer with the intent of giving engineers an overview of fuzzer performance. This overview is complete with attractive visualizations of analyzed data in the forms of charts and graphs.
The orchestration tab enables the user to stop and start Syzkaller instances with unique configurations. Our tool also displays unusual behavior found by the fuzzer on the crashes tab.
The insights tab provides an in-depth visualization of a fuzzer’s performance, which enables engineers to find ways to improve the active fuzzers to detect more bugs. These features enable Google engineers to locate Android bugs that need to be fixed.
The back end uses a Node.js API to connect Syzkaller and the MySQL database that is hosted on the Google Cloud Platform. The API also manages Docker instances that contain Syzkaller fuzzers. The front end is written using Angular 14 and utilizes our API for the dashboard.