Vulnerable Bank App Demo is an intentionally vulnerable Android banking application built for QA engineers, test automation students, and mobile security analysts.

The project is designed as a realistic training playground for:

  • Android UI automation
  • Appium test practice
  • Espresso/instrumented testing
  • ADB and deep link workflows
  • Mobile security demonstrations
  • Reverse engineering and traffic analysis labs

The app intentionally includes vulnerable and test-friendly patterns so engineers can practice automation, analysis, and security workflows in a controlled environment.


๐Ÿ”ง Main Workflow Areas

1) Build the App

Compile the Android project and generate a debug APK for local testing or CI usage.

Typical flow:
Clone repository โ†’ Run Gradle build โ†’ Install debug APK on emulator/device


2) Manual QA Testing

Use the app as a banking demo environment for exploratory testing and mobile QA practice.

Typical flow:
Launch app โ†’ Log in โ†’ Navigate through banking screens โ†’ Verify behavior and edge cases


3) Appium Automation

Run Appium-style flows against the app using stable QA-friendly entry points and UI identifiers.

Typical flow:
Start emulator/device โ†’ Start Appium server โ†’ Install APK โ†’ Run automation tests


4) Espresso / Instrumented Testing

Use Android instrumented tests to validate UI behavior directly on emulator or device.

Typical flow:
Start emulator โ†’ Run connected Android tests โ†’ Review results


5) Security Training

Use the app for mobile security demonstrations such as insecure flows, deep links, reverse engineering, and traffic analysis.

Typical flow:
Install APK โ†’ Inspect behavior โ†’ Analyze app logic โ†’ Test vulnerable patterns safely


โญ Key Features

  • Android Banking Demo App

    • Login flow
    • Dashboard screen
    • Transfer flow
    • Transactions screen
    • Bank-style navigation for realistic QA practice
  • Built for Test Automation

    • Appium-friendly workflows
    • Espresso/instrumented test support
    • Local JUnit test structure
    • Stable package and activity entry points
  • Security Education Playground

    • Intentionally vulnerable patterns
    • Useful for Android reverse engineering labs
    • Good target app for Frida, Objection, ADB, and traffic analysis demos
    • Safe environment for teaching mobile security concepts
  • CI-Friendly Project Structure

    • Gradle wrapper included
    • GitHub Actions workflows
    • APK build automation
    • Lint and test commands for repeatable validation
  • Developer-Friendly Setup

    • Kotlin/Java Android project
    • JDK 17 support
    • Android SDK / API 36 target environment
    • Helper scripts for local and CI builds

๐Ÿ“ Important Project Files

  • README.md โ€” project overview, setup, commands, and QA entry points
  • app/ โ€” main Android application module
  • app/src/main/java/com/training/vulnerablebank/ โ€” activities, app logic, and utilities
  • app/src/main/res/ โ€” Android resources
  • app/src/test/java/com/training/vulnerablebank/ โ€” local/unit tests
  • app/src/androidTest/java/com/training/vulnerablebank/ โ€” instrumented/Espresso tests
  • .github/workflows/ โ€” CI workflows for APK builds and tests
  • scripts/ โ€” helper scripts for local and CI usage
  • build.gradle.kts โ€” root Gradle build configuration
  • settings.gradle.kts โ€” Gradle project settings

โš™๏ธ Useful QA Entry Points

Package name:

com.training.vulnerablebank

Launch login screen:

adb shell am start -n com.training.vulnerablebank/.LoginActivity

Launch dashboard screen:

adb shell am start -n com.training.vulnerablebank/.DashboardActivity

Launch transfer screen:

adb shell am start -n com.training.vulnerablebank/.TransferActivity

Deep link example:

adb shell am start -a android.intent.action.VIEW -d 'vuln://transfer'

๐Ÿงช Common Commands

Build debug APK:

./gradlew clean assembleDebug

Run lint:

./gradlew lint

Run local/unit tests:

./gradlew testDebugUnitTest

Run instrumented tests on emulator/device:

./gradlew connectedDebugAndroidTest

Run Gradle managed device test:

./gradlew :app:headlessApi36DebugAndroidTest

Build and copy APK to artifacts:

./scripts/ci-build-apk.sh

๐ŸŽฏ Project Objectives

  • Provide a realistic Android banking app for QA and automation training
  • Give students a safe target for Appium, Espresso, ADB, and CI practice
  • Support mobile security lessons without relying on random third-party apps
  • Make Android reverse engineering and traffic analysis demos repeatable
  • Keep the project practical, simple to build, and easy to use in courses
  • Serve as a stable demo app for articles, videos, workshops, and classroom exercises

โœ… Best Use Cases

  • QA automation courses
  • Appium lessons
  • Android testing workshops
  • Mobile security demonstrations
  • Reverse engineering practice
  • CI/CD examples for Android testing
  • ADB and deep link training
  • Vulnerable app demos for safe educational use