DroidOrchestrator: Container-Based Framework for Automation of Customized Android Security Testing Environment Generation

Dario Simões Fernandes Filho; Christian Debovi Paim de Oliveira; Cláudio Torres Junior; André Grégio

doi:10.5753/sast.2025.13883

Dario Simões Fernandes Filho UFPR
Christian Debovi Paim de Oliveira UFPR
Cláudio Torres Junior UFPR
André Grégio UFPR

DOI: https://doi.org/10.5753/sast.2025.13883

Abstract

Mobile systems are occupying an increasingly larger share of personal technology usage by the worldwide population, with Android being one of the most widely distributed operating systems in the market. With that in mind, testing security flaws in the Android environment has become a task of growing importance, considering that these tests should be conducted in a controlled environment. In this article, we propose a Container-Based solution for a system that creates an emulated Android device with customized kernels and Android versions. A working framework was implemented based on the proposed system, which was used to execute a case study using a vulnerability trigger as a security test example.

Keywords: Android, Docker, Orchestration, Malware, Customization, Test

References

2net. 2023. Cuttlefish: A Dive into Android 12. [link]. Accessed on: 20/06/2025.

Amazon. 2023. What is Containerization? [link]. Accessed on: 20/06/2025.

Mauro Andreolini, Vincenzo Giuseppe Colacino, Michele Colajanni, and Mirco Marchetti. 2020. A Framework for the Evaluation of Trainee Performance in Cyber Range Exercises. Mobile Networks and Applications 25 (2020), 236–247.

Android. 2023. Android Kernel Architecture Documentation. [link]. Accessed on: 20/06/2025.

Android. 2023. Android Open Source Project. [link]. Accessed on: 20/06/2025.

Daniele Capone, Francesco Caturano, Angelo Delicato, Gaetano Perrone, and Simon Pietro Romano. 2022. Dockerized Android: a container-based platform to build mobile Android scenarios for Cyber Ranges. arXiv:2205.09493 (5 2022). [link]

Gabriele Costa, Enrico Russo, and Alessandro Armando. 2022. Automating the Generation of Cyber Range Virtual Scenarios with VSDL. arXiv:2001.06681 (12 2022). DOI: 10.22667/JOWUA.2022.03.31.0033

Tiago Cruz and Paulo Simões. 2021. Down the Rabbit Hole: Fostering Active Learning through Guided Exploration of a SCADA Cyber Range. Applied Sciences (2021).

Docker. 2023. Docker Overview. [link]. Accessed on: 20/06/2025.

Docker. 2023. What is a Container? [link]. Accessed on: 20/06/2025.

HackOne. 2023. What is Security Testing? [link]. Accessed on: 20/06/2025.

Mitre. 2023. Android CVEs. [link]. Accessed on: 20/06/2025.

MITRE Corporation. 2018. CVE-2018-7661. [link]. Accessed on: 20/05/2025.

MITRE Corporation. 2023. The CVE Project. [link]. Accessed on: 20/05/2025.

National Cyber Security Centre (NCSC). 2023. Understanding Vulnerabilities. [link]. Accessed on: 20/06/2025.

Red Hat. 2023. What is the Linux Kernel? [link]. Accessed on: 20/06/2025.

Enrico Russo, Luca Verderame, and Alessio Merlo. 2020. Enabling Next-Generation Cyber Ranges with Mobile Security Components. In Testing Software and Systems, Valentina Casola, Alessandra De Benedictis, and Massimiliano Rak (Eds.). Springer International Publishing, Cham, 150–165.

Maddie Stone. 2019. Bad Binder: Android In-the-Wild Exploit. Google Project Zero Blog. [link] This post explains the bug (CVE-2019-2215), the discovery methodology, proof-of-concept and exploitation context on Android devices..

The Linux Kernel Documentation Project. [n. d.]. Kernel Address Sanitizer (KASAN). [link]. Accessed: 2025-06-23.

Muhammad Mudassar Yamin, Basel Katt, and Vasileios Gkioulos. 2020. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security 88 (2020), 101636. DOI: 10.1016/j.cose.2019.101636