The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed-source system services powering these modifications, discovering
CVE-2022-39907
and CVE-2022-39908
along the way.