When I was the head of Microsoft's Edge security for the US market, we ran into an infrastructure challenge that forced us to completely rethink how we fuzzed Android. The project we built no longer exists at Microsoft, and the Android-x86 project we relied on is now officially dead and unsupported. However, the architectural pivot we made to get around cloud compute constraints remains a novel approach to Android fuzzing—one that solved a myriad of technical headaches while drastically cutting costs. Here is a look back at how we bypassed the Android Emulator entirely to find better, real-world bugs. The Catalyst: Losing Nested Virtualization Fuzzing has always been a core focus of the Edge security posture. Using our own tooling alongside open-source frameworks, we achieved millions of fuzz hours per month across desktop environments. But doing this at scale for Android always presented unique friction. In 2022, that friction hit a boiling point. Due to cost-cutting measures, our…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.