From: https://github.com/payatu/BugBazaar

BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than 10 modules and features, each replicating real-world functions and the vulnerabilities surrounding them.

Whether you’re a security enthusiast, developer, beginner exploring the mobile pentesting arena, or a professional looking to hone your skills, BugBazaar has something for everyone. It covers vulnerabilities from RCE through insecure Dynamic Code Loading to One Click Account Takeover via deeplink, intent Spoofing to SQLite db injection, WebView bugs to IPC misconfigurations in Android.