From: https://github.com/satishpatnayak/AndroGoat
AndroGoat is purposely developed open source vulnerable/insecure app using Kotlin. Security Testers/Professionals/Enthusiasts, Developers…etc. can use this application to understand and defend the vulnerabilities in Android platform. This is the first vulnerable app developed using Kotlin.If you are looking to learn Android Application Security Testing then AndroGoat is a perfect solution.
I strongly believe this AndroGoat will help many people to learn Android Application Security Testing.
Happy learning
Vulnerabilities covered in this app:
- Root Detection
- Emulator Detection
- Insecure Data Storage – Shared Prefs - 1
- Insecure Data Storage - Shared Prefs - 2
- Insecure Data Storage - SQLite
- Insecure Data Storage – Temp Files
- Insecure Data Storage – SD Card
- Keyboard Cache
- Insecure Logging
- Input Validations – XSS
- Input Validations – SQLi
- Input Validations – WebView
- Unprotected Android Components – Activity
- Unprotected Android Components –Service
- Unprotected Android Components – Broadcast Receivers
- Unprotected Android Components – Content Providers (Coming Soon)
- Hard coding issues
- Network intercepting – HTTP
- Network intercepting – HTTPS
- Network intercepting – Certificate Pinning
- Misconfigured Network_Security_Config.xml
- Android Debuggable
- Android allowBackup
- Custom URL Scheme
- Broken Cryptography
- QR Code Scanning (Coming Soon)
- Fingerprint Authentication (Coming Soon)