DIVA Audit: Android Vulnerabilities

Practical audit of DIVA (Damn Insecure and Vulnerable App): demonstrating real Android vulnerabilities using ADB, logcat and sqlite3.

adb shell
logcat | grep "diva-log"          # Insecure logging
cat jakhar.aseem.diva_preferences.xml  # Plaintext SharedPrefs
sqlite3 ids2 "SELECT * FROM myuser;"   # Plaintext SQLite