New Rehosting Platform T”AMU Enables Dynamic Analysis of Mobile Trusted Applications

Global: New Rehosting Platform T”AMU Enables Dynamic Analysis of Mobile Trusted Applications

A research team released a paper on arXiv in January 2026 describing T”AMU, a rehosting platform that allows dynamic analysis—including fuzzing and debugging—of Trusted Applications (TAs) running in mobile Trusted Execution Environments (TEEs). The work aims to address the scarcity of runtime testing tools for TAs, which are critical for protecting sensitive assets on smartphones and other devices.

Background

Mobile devices rely on TEEs to isolate security‑critical code from the main operating system. Within TEEs, functionality is modularized into Trusted Applications, and any vulnerability in a TA can jeopardize the entire enclave. Because most TEEs are closed‑source and highly fragmented, researchers have traditionally depended on static analysis, limiting the ability to uncover runtime flaws.

Platform Design

T”AMU interposes at the API layer of a TA, effectively rehosting the application in a controlled environment where inputs can be manipulated and execution traced. By leveraging the standardized GlobalPlatform API specifications, the platform can support multiple TEEs without requiring vendor‑specific source code.

Greedy High‑Level Emulation

For TEE‑specific APIs that are not covered by the GlobalPlatform standard, the authors introduce a “greedy high‑level emulation” technique. This approach prioritizes manual rehosting efforts on APIs that are expected to yield the greatest coverage gains during fuzzing, thereby optimizing resource allocation across diverse TAs.

Evaluation Results

The authors implemented T”AMU and applied it to 67 Trusted Applications across four distinct TEEs. Their fuzzing campaigns uncovered 17 zero‑day vulnerabilities affecting 11 different TAs, demonstrating that dynamic analysis can reveal critical issues that static methods miss.

Implications for Security Testing

These findings highlight a notable deficiency in the current TEE ecosystem: even vendors with access to source code have struggled to provide effective dynamic testing. T”AMU offers a practical pathway for researchers and developers to bridge this gap, potentially improving the overall security posture of mobile platforms.

Future Directions

The paper suggests that extending the greedy emulation methodology and integrating additional TEE specifications could broaden coverage further. Continued collaboration between academia, industry, and open‑source communities may accelerate the adoption of dynamic analysis tools like T”AMU.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.