Register
Submit a solution
The challenge is finished.

Challenge Overview

Challenge Objectives

All details related to this bug hunt challenge will be made available on Wednesday 11th July at 7 AM EST. The bug hunt will be running for 48 hours.

 

Please register now if you are interested.

 

Welcome to the Android Fuzzer Command Line App - Bug Hunt!

Project Background

In the previous challenges, we created a Java command line application that aims to perform automatic coverage testing of a collection of Android applications (APKs).

High-level Requirements

The overall process is implemented as a custom tool, as a Java standalone program, which

performs the following high-level steps for each APK from the configuration file:

  1. Download of an APK file from a known web URL;

  2. Instrumentation of the APK file with a specific Instrumentation Coverage Tool;

  3. Installation of the instrumented APK;

  4. Execution of the installed APK;

  5. Collection of results generated by instrumentation.

Technology Stack

  • Java

  • Spring framework

  • Soot

  • Android

Code Access

The code is hosted on Gitlab.

The detailed ADS (Application Design Specification), the TCUML diagram and information on how to access Gitlab repo will be provided on the challenge forum on Wednesday 11th July at 7 AM EST.

Individual requirements

We need you to hunt for the issues and report these issues to Gitlab.

 

Each issue you report should have the following:

  1. Clear title for the issue

  2. Provide a detailed description with screenshot(s)/ video/ log file(s) (if any) with steps to reproduce the issue. Any bugs without a detailed description are likely to be rejected.

  3. If you have technical explanation, then you can provide more details with links to the code in the Gitlab repo that is causing the problem.

  4. Assign it a priority level you think fits:

    1. P1 - Blocker - This bug causes the app to fail. No workaround exists. E.g. app crashes, app freezes etc.

    2. P2 - Critical - This bug causes the app to fail for some specific cases. No workaround exists.

    3. P3 - Major - This bug causes the app to fail, but there’s a workaround to prevent that issue.

    4. P4 - Minor - This is an annoyance, but won’t prevent the app from running normally.

    5. P5 - Enhancement - Something noticed by testers that should be fixed, but isn’t considered a bug.

Important Notes:

  1. The most important thing is to test the entire system end-to-end. The app should be able to get past the login/signup screen and test the APK for code coverage.

  2. Assigning what you think is the severity helps the admin/co-pilot. It is up to them to determine their actual severity, so it may be reassigned at their discretion before opening the bug for the bug bash.

  3. If you have doubt about a specific feature not working please post in forums for clarifications.

  4. We will not pay for duplicate bugs. We will accept the first submitted bug, based on time in GitLab. Please do not submit slight differences to try and get accepted. This will get you banned.

  5. The member that report the highest number of issues of priority (Blocker/Critical/Major - weighted average - 10/8/5) will win the first place prize.

  6. There will be no appeals phase. The decision of PM/co-pilot for validity and severity of each filled issue will be final.

ADDITIONAL PAYMENTS

In addition to the first place prize, we will be awarding the following prize money to other competitors

Blocker/ Critical - $10

Major - $8

Minor - $5

Enhancement - $2

The additional prizes will be up to $250 for 2nd position, $200 for 3rd position and $150 for 4th position.

No prizes will be awarded beyond the 4th position for any bugs



Final Submission Guidelines

You will need to report your issues in our Gitlab repo (access will be provided via forums on Wednesday 11th July at 7 AM EST). Please submit a text file that contains your gitlab handle. This is needed so we can process the payment if you win.

 

Review style

Final Review

Community Review Board

Approval

User Sign-Off

ID: 30067725