Vulnerable Bank App Demo is an intentionally vulnerable Android banking application built for QA engineers, test automation students, and mobile security analysts.
The project is designed as a realistic training playground for:
- Android UI automation
- Appium test practice
- Espresso/instrumented testing
- ADB and deep link workflows
- Mobile security demonstrations
- Reverse engineering and traffic analysis labs
The app intentionally includes vulnerable and test-friendly patterns so engineers can practice automation, analysis, and security workflows in a controlled environment.
๐ง Main Workflow Areas
1) Build the App
Compile the Android project and generate a debug APK for local testing or CI usage.
Typical flow:
Clone repository โ Run Gradle build โ Install debug APK on emulator/device
2) Manual QA Testing
Use the app as a banking demo environment for exploratory testing and mobile QA practice.
Typical flow:
Launch app โ Log in โ Navigate through banking screens โ Verify behavior and edge cases
3) Appium Automation
Run Appium-style flows against the app using stable QA-friendly entry points and UI identifiers.
Typical flow:
Start emulator/device โ Start Appium server โ Install APK โ Run automation tests
4) Espresso / Instrumented Testing
Use Android instrumented tests to validate UI behavior directly on emulator or device.
Typical flow:
Start emulator โ Run connected Android tests โ Review results
5) Security Training
Use the app for mobile security demonstrations such as insecure flows, deep links, reverse engineering, and traffic analysis.
Typical flow:
Install APK โ Inspect behavior โ Analyze app logic โ Test vulnerable patterns safely
โญ Key Features
-
Android Banking Demo App
- Login flow
- Dashboard screen
- Transfer flow
- Transactions screen
- Bank-style navigation for realistic QA practice
-
Built for Test Automation
- Appium-friendly workflows
- Espresso/instrumented test support
- Local JUnit test structure
- Stable package and activity entry points
-
Security Education Playground
- Intentionally vulnerable patterns
- Useful for Android reverse engineering labs
- Good target app for Frida, Objection, ADB, and traffic analysis demos
- Safe environment for teaching mobile security concepts
-
CI-Friendly Project Structure
- Gradle wrapper included
- GitHub Actions workflows
- APK build automation
- Lint and test commands for repeatable validation
-
Developer-Friendly Setup
- Kotlin/Java Android project
- JDK 17 support
- Android SDK / API 36 target environment
- Helper scripts for local and CI builds
๐ Important Project Files
README.mdโ project overview, setup, commands, and QA entry pointsapp/โ main Android application moduleapp/src/main/java/com/training/vulnerablebank/โ activities, app logic, and utilitiesapp/src/main/res/โ Android resourcesapp/src/test/java/com/training/vulnerablebank/โ local/unit testsapp/src/androidTest/java/com/training/vulnerablebank/โ instrumented/Espresso tests.github/workflows/โ CI workflows for APK builds and testsscripts/โ helper scripts for local and CI usagebuild.gradle.ktsโ root Gradle build configurationsettings.gradle.ktsโ Gradle project settings
โ๏ธ Useful QA Entry Points
Package name:
com.training.vulnerablebank
Launch login screen:
adb shell am start -n com.training.vulnerablebank/.LoginActivity
Launch dashboard screen:
adb shell am start -n com.training.vulnerablebank/.DashboardActivity
Launch transfer screen:
adb shell am start -n com.training.vulnerablebank/.TransferActivity
Deep link example:
adb shell am start -a android.intent.action.VIEW -d 'vuln://transfer'
๐งช Common Commands
Build debug APK:
./gradlew clean assembleDebug
Run lint:
./gradlew lint
Run local/unit tests:
./gradlew testDebugUnitTest
Run instrumented tests on emulator/device:
./gradlew connectedDebugAndroidTest
Run Gradle managed device test:
./gradlew :app:headlessApi36DebugAndroidTest
Build and copy APK to artifacts:
./scripts/ci-build-apk.sh
๐ฏ Project Objectives
- Provide a realistic Android banking app for QA and automation training
- Give students a safe target for Appium, Espresso, ADB, and CI practice
- Support mobile security lessons without relying on random third-party apps
- Make Android reverse engineering and traffic analysis demos repeatable
- Keep the project practical, simple to build, and easy to use in courses
- Serve as a stable demo app for articles, videos, workshops, and classroom exercises
โ Best Use Cases
- QA automation courses
- Appium lessons
- Android testing workshops
- Mobile security demonstrations
- Reverse engineering practice
- CI/CD examples for Android testing
- ADB and deep link training
- Vulnerable app demos for safe educational use