1
Vuldroid
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
Free66
Free66
Vuldroid
A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignVuldroid Description
Vuldroid is a deliberately vulnerable Android application designed for security education and training purposes. The application contains multiple intentionally implemented security vulnerabilities that demonstrate common Android security issues. The application covers eight different vulnerability categories: - Code execution through malicious applications - File theft via WebView using XHR requests - File theft using FileProvider through Intents - Password reset token and magic login link theft - WebView XSS attacks via exported activities - WebView XSS attacks via DeepLink intents - Inter-application communication sniffing - User email extraction via broadcast receivers Users can install the APK file and explore the application to identify and understand how these vulnerabilities manifest in Android code. The tool serves as a practical learning environment for security researchers, developers, and students to study Android security weaknesses in a controlled setting. The application includes Firebase integration for authentication features, and users can configure their own Firebase project by replacing the included google-services.json file with their own project configuration.
Vuldroid FAQ
Common questions about Vuldroid including features, pricing, alternatives, and user reviews.
Vuldroid is A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training. It is a Application Security solution designed to help security teams with Education, XSS, Android Security.
Vuldroid is a free Application Security tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/jaiswalakshansh/Vuldroid/ for download and installation instructions.
Popular alternatives to Vuldroid include:
1.DVHMA Damn Vulnerable Hybrid Mobile App - DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes. (Free)
2.InsecureShop - InsecureShop is an intentionally vulnerable Android application built in Kotlin for educating developers and security professionals about mobile app vulnerabilities and penetration testing techniques. (Free)
3.Ostorlab Mobile Security - Mobile security testing platform for Android and iOS apps with SAST and DAST (Commercial)
4.ImmuniWeb® MobileSuite - ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements. (Commercial)
5.ImmuniWeb® Neuron Mobile - AI-enhanced mobile app security scanner for Android & iOS with SAST/DAST (Commercial)
Compare these tools and more at https://cybersectools.com/categories/application-security
Vuldroid is for security teams and organizations that need Education, XSS, Android Security, Vulnerable Applications. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Application Security tools can be found at https://cybersectools.com/categories/application-security
Have more questions? Browse our categories or search for specific tools.
