Android-Reports-and-Resources
Token leakage due to stolen files via unprotected Activity
https://hackerone.com/reports/288955
Steal files due to exported services
https://hackerone.com/reports/258460
Steal files due to unprotected exported Activity
https://hackerone.com/reports/161710
Steal files due to insecure data storage
https://hackerone.com/reports/44727
Insecure local data storage, makes it easy to steal files
https://hackerone.com/reports/57918
Two-factor authentication bypass due to vuln endpoint
https://hackerone.com/reports/202425
Another endpoint Auth bypass
https://hackerone.com/reports/205000
XSS via SAMLAuthActivity (Also Webview could have been implimented insecurely).
https://hackerone.com/reports/283058
XSS in ImageViewerActivity
https://hackerone.com/reports/283063
XSS via start ContentActivity
https://hackerone.com/reports/189793
Access protected components via intent
https://hackerone.com/reports/200427
https://hackerone.com/reports/43988
https://hackerone.com/reports/54631
Possible to intercept broadcasts about file uploads
https://hackerone.com/reports/167481
Vulnerable exported broadcast reciever
https://hackerone.com/reports/289000
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
Damn Insecure and Vulnerable app
Damn Insecure and vulnerable App for Android
OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security
OWASP top 10 2016
OWASP mobile testing guide
Android Reversing 101
Detect secret leaks in Android apps online
Android Security Guidelines
Attacking vulnerable Broadcast Recievers
Android Webview Vulnerabilities
Android reverse engineering recon