Training & CTFs¶

Training platforms, courses, and CTF resources for learning Android security.

Training Platforms¶

Platform	Description
8kSec Battlegrounds	Free mobile security challenges (CTF-style). Android challenges include deep link exploitation, client-side bypass, malicious app creation. Community writeups available.
OWASP MASTG Test Apps	Standardized vulnerable Android and iOS apps for practicing MASVS testing.
OVAA	Oversecured Vulnerable Android App. Practice exploiting common Android vulnerabilities.
InsecureBankv2	Vulnerable banking app for practicing common Android app vulnerabilities.
DIVA	Damn Insecure and Vulnerable App. Covers 13 common Android vulnerability categories.
AndroGoat	Open-source vulnerable Android app for practicing OWASP Top 10 Mobile risks.
hpAndro	Kotlin-based vulnerable app with multiple challenge categories.

Course	Provider	Notes
SEC575: Mobile Device Security and Ethical Hacking	SANS	Comprehensive mobile security course covering Android and iOS. GMOB certification.
Android App Security with Frida	8kSec	Focused on dynamic instrumentation for Android app testing and malware analysis.
Mobile Application Penetration Testing	INE/eLearnSecurity	Covers Android and iOS pentesting methodology. eMAPT certification.
Android Security Internals	Various (Udemy)	Budget-friendly courses on Android RE fundamentals.

Platform	Description
8kSec Battlegrounds	Dedicated mobile security CTF with Android challenges
MOBISEC	University of California course with Android security challenges (public materials)
Android CTF by BSides	Open-source Android security challenges
Injured Android	CTF-style vulnerable Android app with progressive difficulty

Resource	Content
CTFtime Mobile Challenges	Filter by "mobile" tag for Android-specific writeups from global CTF events
HackTricks Android	Android pentesting methodology used in CTF contexts