Vulnerable Android Applications for Android Pentesting

To effectively learn Android app penetration testing, hands-on practice is essential. To facilitate this, developers and security researchers have created intentionally vulnerable Android applications. These apps provide a safe platform for exploring and understanding potential security weaknesses.

This article explores some popular options for those seeking to delve into the world of Android pentesting:

  • OVAA (Oversecured Vulnerable Android App)
    This app, created by Oversecured, aggregates various known and popular vulnerabilities within the Android platform. By studying OVAA, you can gain insight into a wide range of security flaws.

  • Damn Vulnerable Android Components
    It is an intentionally vulnerable Android Application designed to expose and demonstrate vulnerabilities related to various Android components such as Activities, Intents, Content Providers, and Broadcast Receivers. It is structured as a password manager application to manage and store passwords securely (!).

  • Ostrolab Insecure Android App
    This is a vulnerable Android application which contains a number of vulnerable components. It is created and maintained by Ostrolab to demonstrate the effectiveness of Ostolab Security Scanner. We can use it for our learning purpose.

  • InsecureShop
    Insecure Android app that has listed vulnerabilities with documentation.

  • Free Ram Installer
    It is an Android application designed as a CTF challenge for BSides Algiers 2023. This app is intentionally vulnerable and offers a hands-on experience for security enthusiasts to practice and enhance their Android hacking skills.

  • Android SSL Pinning
    This app has almost all types of certificate pinning implementation. See the code how they are implemented. Try to bypass the pinning (without frida).

  • Damn Vulnerable Bank
    It focuses on financial app vulnerabilities. Designed with deliberate security weaknesses, this app allows you to explore common banking app exploits in a safe environment.

  • Allsafe
    This intentionally vulnerable application serves as a learning ground for a variety of security issues. Developed by t0thkr1s, Allsafe provides a hands-on experience in identifying and understanding different vulnerabilities.

  • MAS Crackmes
    A collection of mobile reverse engineering challenges by OWASP MASTG.

  • Awesome Mobile CTF
    A curated list of Mobile CTFs. It also has other Mobile hacking resources.

  • MobileHackingLab
    It has lots of mobile hacking labs both for iOS and android. Also, the course it offers is great.

After learning the concepts it's time to crack down unintentional vulnerable apps! Download the app of your choice from playstore. Extract APK using adb. Start Hacking!