Register
Submit a solution
The challenge is finished.

Challenge Overview

All details related to this bug hunt challenge will be made available on Wednesday 9th May at 7 PM EST. The bug hunt will be run for 72 hours.

 

Please register now if you are interested.

 

Welcome to the Android Fuzzer Command Line App - Bug Hunt!

 

In the previous challenges, we created a Java command line application that aims to perform automatic coverage testing of a collection of Android applications (APKs).

High-level Requirements

The overall process is implemented as a custom tool, as a Java standalone program, which

performs the following high-level steps for each APK from the configuration file:

  1. Download of an APK file from a known web URL;

  2. Instrumentation of the APK file with a specific Instrumentation Coverage Tool;

  3. Installation of the instrumented APK;

  4. Execution of the installed APK;

  5. Collection of results generated by instrumentation.

 

The code is hosted on Gitlab. On Wednesday 9th May at 7 PM EST, we will post a link that you can use to get access to the repo.

SCOPE & BACKGROUND INFORMATION

The detailed ADS (Application Design Specification), the TCUML diagram and information on how to access Gitlab repo will be provided on the challenge forum on Wednesday 9th May at 7 PM EST.

RULES TO FIND BUGS

We need you to hunt for the issues and report these issues to Gitlab, to get access to the project, post in the challenge forums. Gitlab Repo link is provided in forums.

 

Each issue you report should have the following:

  1. Clear title for the issue

  2. Provide a detailed description with screenshot(s)/ video/ log file(s) (if any) with steps to reproduce the issue. Any bugs without a detailed description are likely to be rejected.

  3. If you have a technical explanation, then you can provide more details with links to the code in the Gitlab repo that is causing the problem.

  4. Assign it a priority level you think fits:

    1. P1 - Blocker - This bug causes the app to fail. No workaround exists. E.g. app crashes, app freezes etc.

    2. P2 - Critical - This bug causes the app to fail for some specific cases. No workaround exists.

    3. P3 - Major - This bug causes the app to fail, but there’s a workaround to prevent that issue.

    4. P4 - Minor - This is an annoyance, but won’t prevent the app from running normally.

    5. P5 - Enhancement - Something noticed by testers that should be fixed, but isn’t considered a bug.

Please note:

  1. The most important thing is to test the entire system end-to-end.

  2. Assigning what you think is the severity helps the admin/co-pilot. It is up to them to determine their actual severity, so it may be reassigned at their discretion before opening the bug for the bug bash.

  3. If you have doubt about a specific feature not working please post in forums for clarifications.

  4. We will not pay for duplicate bugs. We will accept the first submitted bug, based on time in GitLab. Please do not submit slight differences to try and get accepted. This will get you banned.

  5. The member that report the highest number of issues of priority (Blocker/Critical/Major - weighted average - 10/8/5) will win the first place prize.

  6. There will be no appeals phase. The decision of PM/co-pilot for validity and severity of each filled issue will be final.

ADDITIONAL PAYMENTS

In addition to the first place prize, we will be awarding the following prize money to other competitors

Blocker/ Critical - $10

Major - $8

Minor - $5

Enhancement - $2

The additional prizes will be up to $250 for 2nd position, $200 for 3rd position and $150 for 4th position.

No prizes will be awarded beyond the 4th position for any bugs



Final Submission Guidelines

You will need to report your issues in our Gitlab repo (access will be provided via forums on Wednesday 9th May at 7 PM EST). Please submit a text file that contains your Gitlab handle. This is needed so we can process the payment if you win.

 

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30064735