{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T23:49:24Z","timestamp":1773013764420,"version":"3.50.1"},"reference-count":50,"publisher":"Institution of Engineering and Technology (IET)","issue":"1","license":[{"start":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T00:00:00Z","timestamp":1764892800000},"content-version":"vor","delay-in-days":338,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/doi.wiley.com\/10.1002\/tdm_license_1.1"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62176265"],"award-info":[{"award-number":["62176265"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62472456"],"award-info":[{"award-number":["62472456"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2025M771548"],"award-info":[{"award-number":["2025M771548"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["ietresearch.onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["IET Information Security"],"published-print":{"date-parts":[[2025,1]]},"abstract":"<jats:p>Intent vulnerabilities pose a significant threat as they allow attackers to exploit unverified intent messages, leading to sensitive data leaks, privilege escalations, or unauthorized actions that compromise user privacy and system security. Fuzzing methods, as traditional Intent vulnerability detection methods, are guided by the edge coverage of the program\u2010directed graph and do not focus on sensitive information, resulting in a lack of ability to discover vulnerabilities related to sensitive information, especially long\u2010path vulnerabilities. This article proposes PathFuzzer, which is an intent\u2010sensitive information flow path\u2010guided fuzzing method designed to efficiently detect intent vulnerabilities in Android applications. It leverages intent\u2010sensitive information flow paths to guide fuzzing by sending test cases along these paths and mutating test cases based on the parameter within the paths. Additionally, PathFuzzer utilizes unique long path encoding and key node identification technology to enable test cases to efficiently test along sensitive information flow paths, while monitoring the test status to form a feedback mechanism for long paths. The evaluation results show that PathFuzzer successfully detected 131 intent vulnerabilities across 500 popular applications from Google Play. Compared to traditional methods, PathFuzzer achieved a 92% average path coverage rate on sensitive paths while improving detection efficiency by an average of up to 64%. In summary, PathFuzzer provides an efficient, accurate, and comprehensive method for detecting Intent vulnerabilities.<\/jats:p>","DOI":"10.1049\/ise2\/5001786","type":"journal-article","created":{"date-parts":[[2025,12,5]],"date-time":"2025-12-05T08:57:09Z","timestamp":1764925029000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["PathFuzzer: Sensitive Information Flow Path\u2010Guided Fuzzing for Intent Vulnerabilities in Android Applications"],"prefix":"10.1049","volume":"2025","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8003-4734","authenticated-orcid":false,"given":"Zhanhui","family":"Yuan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6890-6077","authenticated-orcid":false,"given":"Zhi","family":"Yang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2087-2853","authenticated-orcid":false,"given":"Shuyuan","family":"Jin","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3231-6793","authenticated-orcid":false,"given":"Jinglei","family":"Tan","sequence":"additional","affiliation":[]},{"given":"Hongqi","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"265","published-online":{"date-parts":[[2025,12,5]]},"reference":[{"key":"e_1_2_13_1_2","doi-asserted-by":"publisher","DOI":"10.1049\/ise2.12030"},{"key":"e_1_2_13_2_2","doi-asserted-by":"publisher","DOI":"10.1049\/ise2.12082"},{"key":"e_1_2_13_3_2","doi-asserted-by":"publisher","DOI":"10.1049\/ise2.12117"},{"key":"e_1_2_13_4_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103654"},{"key":"e_1_2_13_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103846"},{"key":"e_1_2_13_6_2","article-title":"Atsdetector: An Android Trojan Spyware Detection Approach With Multi-Features","volume":"141","author":"Wang S.","year":"2024","journal-title":"Computers & Security"},{"key":"e_1_2_13_7_2","unstructured":"A. Developers Security Features 2024 https:\/\/source.android.com\/docs\/security\/features?hl=zh-cn."},{"key":"e_1_2_13_8_2","doi-asserted-by":"publisher","DOI":"10.1049\/2024\/2850804"},{"key":"e_1_2_13_9_2","doi-asserted-by":"publisher","DOI":"10.1049\/iet-ifs.2019.0418"},{"key":"e_1_2_13_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3267666"},{"key":"e_1_2_13_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3407655"},{"key":"e_1_2_13_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3287395"},{"key":"e_1_2_13_13_2","unstructured":"OWASP Owasp Top 10 2025 https:\/\/owasp.org\/Top10\/."},{"key":"e_1_2_13_14_2","unstructured":"Google Honggfuzz 2024 https:\/\/github.com\/google\/honggfuzz."},{"key":"e_1_2_13_15_2","unstructured":"A. Developers Espresso Testing 2024 https:\/\/developer.android.com\/training\/testing\/espresso?hl=zh-cn."},{"key":"e_1_2_13_16_2","unstructured":"RobotiumTech Robotium 2024 https:\/\/github.com\/RobotiumTech\/robotium."},{"key":"e_1_2_13_17_2","unstructured":"Appium Appium documentation 2024 https:\/\/appium.io\/docs\/en\/2.2\/."},{"key":"e_1_2_13_18_2","doi-asserted-by":"crossref","unstructured":"YangK. ZhugeJ. WangY. ZhouL. andDuanH. IntentFuzzer: Detecting Capability Leaks of Android Applications Proceedings of the 9th ACM Symposium on Information Computer and Communications Security 2014 ACM 531\u2013536.","DOI":"10.1145\/2590296.2590316"},{"key":"e_1_2_13_19_2","unstructured":"MindMac Intentfuzzer 2024 https:\/\/github.com\/MindMac\/IntentFuzzer."},{"key":"e_1_2_13_20_2","doi-asserted-by":"crossref","unstructured":"YeH. ChengS. ZhangL. andJiangF. DroidFuzzer: Fuzzing the Android Apps With Intent-Filter Tag Proceedings of International Conference on Advances in Mobile Computing and Multimedia 2013 ACM 68\u201374.","DOI":"10.1145\/2536853.2536881"},{"key":"e_1_2_13_21_2","doi-asserted-by":"crossref","unstructured":"AskarA. FleischerF. KruegeC. VignaG. andKimT. Malintent: Coverage Guided Intent Fuzzing Framework for Android 2025 Network and Distributed System Security (NDSS) Symposium.","DOI":"10.14722\/ndss.2025.230125"},{"key":"e_1_2_13_22_2","doi-asserted-by":"crossref","unstructured":"LuL. LiZ. WuZ. LeeW. andJiangG. Chex: Statically Vetting Android Apps for Component Hijacking Vulnerabilities Proceedings of the 2012 ACM Conference on Computer and Communications Security 2012 ACM 229\u2013240.","DOI":"10.1145\/2382196.2382223"},{"key":"e_1_2_13_23_2","doi-asserted-by":"crossref","unstructured":"ChinE. FeltA. P. GreenwoodK. andWagnerD. Analyzing Inter-Application Communication in Android Proceedings of the 9th International Conference on Mobile Systems Applications and Services 2011 ACM 239\u2013252.","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_2_13_24_2","doi-asserted-by":"crossref","unstructured":"IannilloA. K. NatellaR. CotroneoD. andNita-RotaruC. Chizpurfle: A Gray-Box Android Fuzzer for Vendor Service Customizations 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE) 2017 IEEE 1\u201311.","DOI":"10.1109\/ISSRE.2017.16"},{"key":"e_1_2_13_25_2","doi-asserted-by":"crossref","unstructured":"OcteauD. JhaS. andDeringM. et al.Combining Static Analysis With Probabilistic Models to Enable Market-Scale Android Inter-Component Analysis Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages 2016 ACM 469\u2013484.","DOI":"10.1145\/2837614.2837661"},{"key":"e_1_2_13_26_2","doi-asserted-by":"crossref","unstructured":"GuoH. SuT. LiuX. GuS. andSunJ. Effectively Finding ICC-Related Bugs in Android Apps via Reinforcement Learning 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE) 2023 IEEE 403\u2013414.","DOI":"10.1109\/ISSRE59848.2023.00032"},{"key":"e_1_2_13_27_2","unstructured":"ZalewskiM. American Fuzzy Lop 2024 http:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"e_1_2_13_28_2","doi-asserted-by":"crossref","unstructured":"LuoC. MengW. andLiP. SelectFuzz: Efficient Directed Fuzzing With Selective Path Exploration 2023 IEEE Symposium on Security and Privacy (SP) 2023 IEEE 2693\u20132707.","DOI":"10.1109\/SP46215.2023.10179296"},{"key":"e_1_2_13_29_2","doi-asserted-by":"crossref","unstructured":"LiangJ. WangM. andZhouC. et al.Pata: Fuzzing With Path Aware Taint Analysis 2022 IEEE Symposium on Security and Privacy (SP) 2022 IEEE 1\u201317.","DOI":"10.1109\/SP46214.2022.9833594"},{"key":"e_1_2_13_30_2","doi-asserted-by":"crossref","unstructured":"YanS. WuC. LiH. ShaoW. andJiaC. Pathafl: Path-Coverage Assisted Fuzzing Proceedings of the 15th ACM Asia Conference on Computer and Communications Security 2020 ACM 598\u2013609.","DOI":"10.1145\/3320269.3384736"},{"key":"e_1_2_13_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"e_1_2_13_32_2","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_2_13_33_2","doi-asserted-by":"crossref","unstructured":"YangZ. YuanZ. JinS. ChenX. SunL. andDuX. Fsaflow: Lightweight and Fast Dynamic Path Tracking and Control for Privacy Protection on Android Using Hybrid Analysis With State-Reduction Strategy 2022 IEEE Symposium on Security and Privacy (SP) 2022 IEEE 2114\u20132129.","DOI":"10.1109\/SP46214.2022.9833764"},{"key":"e_1_2_13_34_2","doi-asserted-by":"publisher","DOI":"10.1049\/2024\/6652217"},{"key":"e_1_2_13_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-024-10559-0"},{"key":"e_1_2_13_36_2","doi-asserted-by":"publisher","DOI":"10.1038\/s41598-025-88003-6"},{"key":"e_1_2_13_37_2","article-title":"Fuzzing for Android Application: Systematic Literature Review","volume":"6","author":"Labade A.","year":"2020","journal-title":"Grenze International Journal of Engineering & Technology (GIJET)"},{"key":"e_1_2_13_38_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-022-00592-9"},{"key":"e_1_2_13_39_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-022-01069-2"},{"key":"e_1_2_13_40_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10009-014-0303-8"},{"key":"e_1_2_13_41_2","unstructured":"OcteauD. McDanielP. andJhaS. et al.Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis 22nd USENIX Security Symposium (USENIX Security 13) 2013 UseniX 543\u2013558."},{"key":"e_1_2_13_42_2","doi-asserted-by":"crossref","unstructured":"OcteauD. LuchaupD. DeringM. JhaS. andMcDanielP. Composite Constant Propagation: Application to Android Inter-Component Communication Analysis 2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering 2015 IEEE 77\u201388.","DOI":"10.1109\/ICSE.2015.30"},{"key":"e_1_2_13_43_2","doi-asserted-by":"crossref","unstructured":"YanJ. ZhangS. LiuY. YanJ. andZhangJ. ICCBot: Fragment-Aware and Context-Sensitive ICC Resolution for Android Applications Proceedings of the ACM\/IEEE 44th International Conference on Software Engineering: Companion Proceedings 2022 IEEE 105\u2013109.","DOI":"10.1145\/3510454.3516864"},{"key":"e_1_2_13_44_2","doi-asserted-by":"crossref","unstructured":"SamhiJ. BartelA. Bissyand\u00e9T. F. andKleinJ. RAICC: Revealing Atypical Inter-Component Communication in Android Apps 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE) 2021 IEEE 1398\u20131409.","DOI":"10.1109\/ICSE43902.2021.00126"},{"key":"e_1_2_13_45_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09879-8"},{"key":"e_1_2_13_46_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103674"},{"key":"e_1_2_13_47_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2023.119918"},{"key":"e_1_2_13_48_2","unstructured":"ZhaoB. LiZ. andQinS. et al.Statefuzz: System Call-Based State-Aware Linux Driver Fuzzing 31st USENIX Security Symposium (USENIX Security 22) 2022 USENIX 3273\u20133289."},{"key":"e_1_2_13_49_2","doi-asserted-by":"crossref","unstructured":"HayR. TrippO. andPistoiaM. Dynamic Detection of Inter-Application Communication Vulnerabilities in Android Proceedings of the 2015 International Symposium on Software Testing and Analysis 2015 ACM 118\u2013128.","DOI":"10.1145\/2771783.2771800"},{"key":"e_1_2_13_50_2","doi-asserted-by":"crossref","unstructured":"ZhangC. LiS. DiaoW. andGuoS. Pitracker: Detecting Android Pending-Intent Vulnerabilities Through Intent Flow Analysis Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks 2022 ACM 20\u201325.","DOI":"10.1145\/3507657.3528555"}],"container-title":["IET Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/ise2\/5001786","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/full-xml\/10.1049\/ise2\/5001786","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/pdf\/10.1049\/ise2\/5001786","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,8]],"date-time":"2026-03-08T22:34:29Z","timestamp":1773009269000},"score":1,"resource":{"primary":{"URL":"https:\/\/ietresearch.onlinelibrary.wiley.com\/doi\/10.1049\/ise2\/5001786"}},"subtitle":[],"editor":[{"given":"Peican","family":"Zhu","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":50,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1]]}},"alternative-id":["10.1049\/ise2\/5001786"],"URL":"https:\/\/doi.org\/10.1049\/ise2\/5001786","archive":["Portico"],"relation":{},"ISSN":["1751-8709","1751-8717"],"issn-type":[{"value":"1751-8709","type":"print"},{"value":"1751-8717","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]},"assertion":[{"value":"2025-03-31","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-10-11","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-12-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"5001786"}}