The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Embedded computing devices, such as smart phones and tablet computers, may be used to perform one or more specialized and/or dedicated functions. An embedded device may include components not normally provided on typical desktop computers, such as cellular radio modems, motion sensors, cameras, lights, global positioning system receivers, and other inputs. Embedded devices often include specialized hardware configurations. For example, a smart phone may include a processor that is optimized to minimize power consumption, which may allow the phone to operate longer before needing to be recharged. Embedded devices that have a built-in display may include specialized hardware configured to provide a higher refresh rate for the particular built-in display.
Applications that run on embedded devices may be specialized based on the target embedded device(s). For example, source code and content for a particular application or project may be compiled and packaged to produce a first specialized application configured to be executed on a first embedded device with a first set of hardware. The same source code and content may be compiled and packaged again to produce a second, different specialized application configured to be executed on a second embedded device with a second, different set of hardware.
Many users carry at least one embedded device to communicate with customers, schedule meetings, pay bills, trade stocks, track expenses, book flights and hotels, read articles, view multimedia content, listen to music, play games, purchase goods and services, track diet and fitness, browse web sites, draft documents, make phone calls, and much more using many different applications. As a result, users frequently input, download, and store sensitive information, such as usernames, passwords, social security numbers, home or work addresses, medical information, customer information, documents, contact information, photos, and other private and sensitive data.
Determining what vulnerabilities an application or project has is useful to protect application users and developers. However, determining what vulnerabilities an application has may be difficult and time consuming. Furthermore, a single application or project may be compiled into multiple specialized applications, each of which may have different vulnerabilities.