Skip to content
nataniel.borges edited this page Jul 16, 2018 · 11 revisions

Introduction

DroidMate is an automated execution generator / GUI fuzzer / dynamic analysis engine for Android apps.

This file pertains to DroidMate source. You should have found it at DroidMate repository root dir, denoted in this file as repo.

How DroidMate works

DroidMate fully automatically explores behavior of an Android app by interacting with its GUI. It repeatedly reads the device state, makes a decision and interacts with the GUI, until some termination criterion is satisfied. This process is called an exploration of the Application Under Exploration (AUE).

DroidMate can be run from command line (as en executable Jar) or extended through its Java API. It reads Android apps (.apk files) and outputs an app state model, generated on-the-fly, as well as a varied set of reports containing information extracted from the exploration output.

Currently, DroidMate can click and long-click the AUE’s GUI, restart the AUE, press ‘back’ button and it can terminate the exploration. Any of this is called an exploration action. DroidMate’s exploration strategy pool decides which exploration action to execute based on the current UI state, derived from the XML representation of the currently visible device GUI (GUI snapshot), the visual UI state (GUI screenshot) and the set of Android framework methods that have been called after last exploration action (API calls). All components of DroidMate can be used out-of-the-box or extended with custom features.

An executable example of how to create your own extensions to Droidmate can be found in repo/droidmate_usage_examples

For more information, please see the papers available on the website linked above.

Clone this wiki locally