Vulnerable mobile applications are a good starting point to learn about mobile security. While they can to some extent be used to test and compare security scanners, they are either not maintained nor exhaustive:
|DVIA||2 years ago|
|DVHMA||2 years ago|
|Digitalbank||4 years ago|
|DIVA Android||4 years ago|
|Appknow Vulnerable Application||4 years ago|
Ostorlab is releasing as open-source a set of Vulnerable Mobile application (Native, Hybrid, Android, iOS ...) to test for the detection of vulnerable patterns, the absence of false positives, unreachable code for instance, and help set a standard for how Mobile Security Scanners compare.
Ostorlab will continue to enrich the set of vulnerabilities covered, community contributions will help further the effort by covering more vulnerabilities and patterns.
The current version contains the following vulnerabilities: