How Alipay’s Mobile Client Uses Fuzz Testing to Prevent Crashes

Background

During the past fiscal year, Alipay’s client high‑availability team has ensured online stability, but reactive emergency response alone is insufficient. The team needed an offline mechanism to discover stability risks early, classify root causes such as NPEs, RPC type mismatches, and config changes, and build a comprehensive high‑availability protection system.

Technical Solution

Based on the analysis, stability factors were categorized and a “minesweeping” system was built with the following scopes:

Function‑interface minesweeping

RPC, config, and jsapi minesweeping

Scheme, broadcast, and notification minesweeping

Lottie, animation, and template‑change minesweeping

The goal is to prevent the listed faults from appearing online, push issues to developers for code optimization, and continuously improve client stability from a pre‑emptive perspective.

Function‑Interface Fuzz Testing

Experience shows that insufficient parameter validation in client function calls accounts for about 20% of crashes. The current solution performs static scanning to obtain all interface definitions (Android static public/private, iOS all public) and then fuzzes input parameters to generate abnormal scenarios for stability testing.

Compared with traditional static code analysis, this approach runs on real devices, creating realistic exception data.

Code scan produces detailed interface files

Non‑intrusive client module enables batch reflective execution of interfaces

Parameter fuzzing capability

Automated test cases run on real devices and handle exception recovery

Issues are reported and analyzed

Implementation Steps

Code Function Scanning – Using the open‑source androguard framework, APKs are scanned to generate full‑list interface files for both Android and iOS.

Client Function Execution Module – Leveraging Alipay’s dynamic bundle capability, functions are executed without modifying the client. Execution is divided into stages, supporting version‑difference execution to focus on changed interfaces and specific business bundles.

Parameter Fuzz Exception Construction – Although sophisticated ML‑based fuzzing exists, the current implementation builds a set of abnormal test cases based on experience and business semantics, generating 5‑10 variants per interface and achieving ~60% logic coverage.

Tested Function Invocation – Execution efficiency is ensured via interface grouping and multithreading. Detailed logs, crash data capture, and checkpointing enable reliable results and automatic continuation after failures.

Crash Data Replay – Saved test cases can be replayed to verify that fixes resolve the observed crashes.

Automation Script Execution

Automation scripts trigger the client to run test cases, monitor for exceptions, collect data, determine checkpoint positions, and relaunch the client as needed, achieving fully automated testing without manual intervention.

Summary and Outlook

Alipay’s function‑interface minesweeping has been applied to over ten major client versions, uncovering nearly a thousand valid issues across both platforms while continuously reducing false‑positive rates and expanding fuzz mutation coverage. The findings now feed into client security drills as realistic crash scenarios. Future work includes smarter parameter mutation, richer business‑semantic generation, and further expansion of stability detection capabilities to eliminate all release‑time issues.