This is a major update to one of my previous projects - "InsecureBank". This vulnerable Android application is named "InsecureBankv2" and is made for security enthusiasts and developers to learn the Android insecurities by testing this vulnerable application. Its back-end server component is written in python. The client component i.e. the Android InsecureBank.apk can be downloaded along with the source code. The list of vulnerabilities that are currently included in this release are:
- Insecure Logging mechanism
- Vulnerable Activity Components
- Insecure Content Provider access
- Weak Broadcast Receiver permissions
- Android Pasteboard vulnerability
- Local Encryption issues
- Android keyboard cache issues
- Insecure Webview implementation
- Weak Cryptography implementation
- Android Backup vulnerability
- Application Debuggable
- Insecure SDCard storage
- Insecure HTTP connections
- Weak Authorization mechanism
- Parameter Manipulation
- Hardcoded secrets
- Username Enumeration issue
- Developer Backdoors
- Weak change password implementation