Information security awareness training may include several demo that describe how attacker may exploit vulnerabilities on system to gain full control on remote devices. If you are looking to demonstrate android application you can use InsecureBankv2.
This tool was updated during the BlackHat arsenal and is available for users online, the purpose of this project is to provide security enthusiasts and developers a way to learn the Android insecurities by testing this vulnerable application. The list of vulnerabilities that are currently included in this release are:
- Flawed broadcast receivers
- Weak authorization mechanism
- Root detection and bypass
- Local encryption issues
- Vulnerable activity components
- Insecure content provider access
- Insecure webview implementation
- Weak cryptography implementation
- Application patching
- Sensitive information in memory
