Today, NowSecure is releasing to the public an open source Android Vulnerability Test Suite (Android VTS). Ryan Welton (@fuzion24) has worked particularly hard to produce a tool that can be used by researchers and users alike to determine the vulnerability status of their devices.

In the spirit of open data collection, and with the help of the Android CTS, we are opening Android VTS to the public and the mobile security research community with the hope that together we can take an accurate pulse on the state of Android security.

In time, NowSecureUs research team will add patches to the VTS to introduce an opt-in module for anonymized results to be shared to a central server for the purpose of open security research.

With this release we provide the code and compiled APK to begin checking the vulnerabilities immediately. Pull requests welcome!

What to read next:
David Weinstein NowSecure CTO

David Weinstein

linkedin icon twitter icon

CTO at NowSecure

David has been knee-deep in advanced computer and mobile security research for more than 12 years. As a breaker and builder, he is passionate about solving customer challenges through innovation, teamwork and rigorous engineering practice.

David has developed ground-breaking techniques and technologies, spoken at numerous security conferences as an industry expert, and organized a dream-team of security researchers with world-class development and prototyping capabilities. David has spoken and written on a diverse range of topics from envisioning the defensive capabilities of a smart phone charger at IEEE Security and Privacy, to exploitation techniques and the impact of corporate espionage via mobile device compromise at Troopers and RSA conferences.

David and his team have discovered critical vulnerabilities, novel attack vectors, and publicly disclosed vulnerabilities impacting millions of devices and users worldwide. Members of the NowSecure research team are incredibly prolific, having developed popular open source tools and projects in the mobile security space including Frida, Radare and the Android Vulnerability Test Suite.

David previously served in security and vulnerability research roles at MITRE, the Institute for Defense Analyses, and Pitney Bowes. He has been granted two patents solving thin-client computing and mobile security challenges and has multiple patents pending. David holds a Bachelor’s degree in Computer Systems Engineering and Computer Science from Rensselaer Polytechnic Institute.