Introducing InsecureShop
About InsecureShop InsecureShop is an intentionally designed vulnerable Android application built in Kotlin. The aim of creating this application is to teach developers and security professionals about the vulnerabilities present in modern Android applications. This also serves as a platform to test your Android pentesting skills. The InsecureShop project was released as part of the SourceZeroCon 2021 (Slides | Video). You can checkout the project here: https://www.insecureshopapp.com Research In early 2020, I started my research on Android WebView and how loading an untrusted URL in applications’ WebView can lead to the exfiltration of session cookies and local storage files by leveraging symlink attacks and insecure WebView properties....