Skip to content
Nataniel Borges Jr edited this page Mar 16, 2018 · 11 revisions

Introduction

DroidMate is an automated execution generator / GUI fuzzer / dynamic analysis engine for Android apps.

This file pertains to DroidMate source. You should have found it at DroidMate repository root dir, denoted in this file as repo.

How DroidMate works

DroidMate fully automatically explores behavior of an Android app by interacting with its GUI. DroidMate repeatedly reads the device state, makes a decision and interacts with the GUI, until some termination criterion is satisfied. This process is called an exploration of the Application Under Exploration (AUE).

DroidMate is fully automatic: after it has been set up and started, the exploration itself does not require human presence.

DroidMate can be run from command line (as en executable Jar) or extended through its Java API. As input, it reads a directory containing Android apps (.apk files). It outputs a serialized Java object representing the exploration output, as well as a varied set of reports containing information extracted from the serialized exploration output.

DroidMate can click and long-click the AUE’s GUI, restart the AUE, press ‘back’ button and it can terminate the exploration. Any of this is called an exploration action. DroidMate’s exploration strategy decides which exploration action to execute based on the XML representation of the currently visible device GUI, i.e. a GUI snapshot, and on the set of Android framework methods that have been called after last exploration action, i.e. a set of API calls.

For more information, please see the papers available on the website linked above.

Clone this wiki locally