The starting point of every security enthusiast or penetration tester with an interest in mobile security is to build a penetration testing lab that will contain multiple mobile applications which are vulnerable by design. Of course commercial experience from lab experience is always a different story however in the lab someone can familiarize with the tools, vulnerabilities and the general methodologies for mobile testing.

The following list contains all the vulnerable Android applications that are publicly known and it can allow someone to test his mobile security skills safely:

The list can be also found in the associate GitHub repository.