Published: Wed 20 May 2026
By Mathias Payer
In Academia .
tags: fuzzing Android Oakland
Android runs sensitive applications in the so-called "secure world". These trusted
applications (TAs) handle sensitive operations such as authentication, key
management, or DRM. As they interact with regular Android applications from the
normal world, vulnerabilities in these applications compromise the secure world
and give adversaries access to privileged data.
Our goal is to fuzz test these TAs at the exposed layer from the normal world.
The Global Platform standard is becoming the main API to access TAs. It provides
a standardized communication/RPC API to enable interaction between the normal world
and the secure world and a standardized API to provide key services to TAs to
enable portability across vendors.
In previous work we already targeted the Global Platform API interface through
several works. In TEEzz we
extracted API sequences by analysing how regular apps interacted with TAs
through the Global Platform layer. The main limitation is the lack of
instrumentation of the apps when running on-device as the execution environment
is protected through the secure world. Later we explored rollback attacks in Spill the TeA that allowed an
adversary to run old versions of TAs to exploit n-day vulnerabilities. Finally
we resorted to a static binary analysis which discovered Global Platform API
misusage where a missing type check allows attackers trivial arbitrary
read/write access to the TA address space. To bring attention to this attack
vector between the normal world and the secure world, we presented Not To Be
Trusted, a Fiasco in Android TEEs where we
demonstrated an end-to-end attack that escalated from the normal world to an TA
in the secure world and then escalated to the TEE and secure monitor for a full
system compromise.
Until now, we haven't rehosted or emulated TAs because of the large underlying
complexity and diversity of the different TEE operating systems. While rehosting
would enable introspection and faster iteration on TAs, we do not have access to
the different proprietary TEE operating systems.
In TÄMU, we had a key revelation that the Global Platform API does not just
provide a standardized API between the normal world and the secure world but
also provides an API for TAs to interface with the operating system. If we
emulate at the level of this API instead of the syscall level, we "only" need to
implement the Global Platform API and not every single TEE OS.
Still, there are several hundred API calls that would have to be emulated which
would require substantial human effort. We therefore wondered if some APIs are
used more frequently than others, so that we can focus on those first. Any
missing API implementation blocks fuzzing efforts when executed. We
therefore developed a static analysis that estimates how much additional code is
unlocked if a given API is implemented and then ranked the API calls, giving us
a priority list on what we need to implement to unlock most code for our fuzzing
efforts. As it turns out, by implementing only 10 functions, we improve
reachable blocks from roughly 39% to 90%, whereas to achieve 100% we would need
to implement 398 API functions in our set of evaluated TAs.
Tying these two contributions together, we introduce TÄMU (or TA-EMU), an
emulator that rehosts TAs at the application level by abstracting and
interposing the global platform API instead of the full TEE operating system.
Our emulator provides high-level implementations of the Global Platform API
(along frequently used libc and other APIs) together with a loader for trusted
applications.
We then fuzzed 67 TAs across several vendors on TÄMU, targeting the interface
between the normal world and the trusted applications. We discovered 17 0-days
that were responsibly disclosed to the vendors.
The paper and source code are openly available.
Philipp Mao and Marcel Busch from the HexHive group are the main drivers of this
research work and deserve the primary credit.
