We have collected 6114 Android apps that 79 Apps with Alibaba Cloud OSS credential disclosure vulnerability, 28 Apps with WebView remote code execution vulnerability (CVE-2014-1939), 4285 Apps with WebView bypass certificate validation vulnerability and 3936 Apps with HTTPS unverified server certificate vulnerability(ps:There is a phenomenon that an app contains multiple vulnerabilities.
To better mitigate vulnerabilities in Android apps, we are happy to release the entire detected apps (VulArcherData) and detection tool (VulArcher) to the research community. However, to avoid this dataset and tool from being misused, we feel the need to have some sort of authentication in place to verify user identity or require necessary justification, instead of making the dataset and tool completely public. If you are interested in this dataset and tool, please send us an email through your official email address) with your necessary credentials such as name, affiliation and so on. Note that currently VulArcher and VulArcherData are hosted at github, so please send us a github account along with your request email so that we can grant you permission to download them.
Please send your request emails to “qinjiawei@bupt.edu.cn” with “ Samples and Tool Request” in the subject.