Abstract: To improve the security of NFC technology, a research is done for discovering NDEF vulnerabilities of NFC applications on Android platform, and a method of bug hunting is proposed on based Fuzzing technology. The method adopts manual craft, the generation and the mutation strategies to construct test cases, and uses two assistant means of analyzing and constructing test cases, including reverse message anylysis and packet sniffing. Then, NFC applications’ vulnerabilities with constructed test cases and output results are discovered. According to the method, a system called ANDEFVulFinder is developed for discovering the security vulnerabilities of NFC applications. The tool logcat and process monitoring are used to monitor targets’ exceptions during the discovering process, and the test is automated achieved by tag emulation and “touch” operation emulation. Finally, 8 vulnerabilities are found by doing lots of experiments on MIUI operating system and 6 NFC applications, which has proved proposed method’s effectiveness.