Awesome
Vuldroid
<p><a href="https://twitter.com/akshanshjaiswl"><img src="https://img.shields.io/badge/twitter-%231DA1F2.svg?&style=for-the-badge&logo=twitter&logoColor=white" height=25></a> <a href="https://medium.com/@akshanshjaiswal"><img src="https://img.shields.io/badge/medium-%2312100E.svg?&style=for-the-badge&logo=medium&logoColor=white" height=25></a>
</p> Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code.<img src="https://github.com/jaiswalakshansh/Vuldroid/raw/master/images/logo.png" align="centre" height="600" width="395"><img src="https://github.com/jaiswalakshansh/Vuldroid/blob/master/images/screen1.png" align="centre" height="600" width="395"><img src="https://github.com/jaiswalakshansh/Vuldroid/blob/master/images/screen3.png" align="right" height="600" width="320">
Vulnerabilities Covered:
- Code Execution via Malicious App
- Steal Files via Webview using XHR request
- Steal Files using Fileprovider via Intents
- Steal Password ResetTokens/MagicLoginLinks
- Webview Xss via Exported Activity
- Webview Xss via DeepLink
- Intent Sniffing Between Two Applications
- Reading User Email via Broadcasts
To Get started:
- Install the APK from the repository and play around
- Find the areas where you think this can be exploited
- I have also written a blog that you can refer as walkthrough but make sure you try yourself first
- If you want to use your own firebase project for authentication clone the repo and remove the google-services.json and add your project one.