AI framework discovers Android app vulnerabilities automatically

Researchers from Nanjing University and the University of Sydney developed A2, an AI-powered system that discovers and validates security flaws in Android applications like human experts. The framework uses large language models to analyze app code and generate vulnerability hypotheses, then creates proof-of-concept exploits to validate each finding through automated testing. Testing on 160 real-world apps revealed 60 exploitable security defects out of 136 initial findings, with only three false positives among validated bugs. The system costs under $1 per app for detection and up to $26.85 per vulnerability for full validation, representing a significant advance in automated Android security analysis.

Read more:

https://www.securityweek.com/academics-build-ai-powered-android-vulnerability-discovery-and-validation-tool/