Awesome

Vuldroid

<p><a href="https://twitter.com/akshanshjaiswl"><img src="https://img.shields.io/badge/twitter-%231DA1F2.svg?&style=for-the-badge&logo=twitter&logoColor=white" height=25></a> <a href="https://medium.com/@akshanshjaiswal"><img src="https://img.shields.io/badge/medium-%2312100E.svg?&style=for-the-badge&logo=medium&logoColor=white" height=25></a>

</p> Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code.

<img src="https://github.com/jaiswalakshansh/Vuldroid/raw/master/images/logo.png" align="centre" height="600" width="395"><img src="https://github.com/jaiswalakshansh/Vuldroid/blob/master/images/screen1.png" align="centre" height="600" width="395"><img src="https://github.com/jaiswalakshansh/Vuldroid/blob/master/images/screen3.png" align="right" height="600" width="320">

Vulnerabilities Covered:

Code Execution via Malicious App
Steal Files via Webview using XHR request
Steal Files using Fileprovider via Intents
Steal Password ResetTokens/MagicLoginLinks
Webview Xss via Exported Activity
Webview Xss via DeepLink
Intent Sniffing Between Two Applications
Reading User Email via Broadcasts

To Get started:

Install the APK from the repository and play around
Find the areas where you think this can be exploited
I have also written a blog that you can refer as walkthrough but make sure you try yourself first
If you want to use your own firebase project for authentication clone the repo and remove the google-services.json and add your project one.