by The starting point of every security enthusiast or penetration tester with an interest in mobile security is to build a penetration testing lab that will contain multiple mobile applications which are vulnerable by design. Of course commercial experience from lab experience is always a different story however in the lab someone can familiarize with the tools, vulnerabilities and the general methodologies for mobile testing.
The following list contains all the vulnerable Android applications that are publicly known and it can allow someone to test his mobile security skills safely:
- Damn Vulnerable Hybrid Mobile Application
- Android Digital Bank
- Damn Insecure and Vulnerable Application
- Hackme Bank
- Insecure Bank
- Damn Vulnerable Android Application
- OWASP GoatDroid
- Dodo Vulnerable Bank
- Vulnerable Android Application
- Urdu Vulnerable Application
- MoshZuk
- AppKnox Vulnerable Application
- Vulnerable Android Application
- Android Security Labs
The list can be also found in the associate GitHub repository.
Penetration Testing Lab 
nice work but why dont u upload this more often?
Consider adding this collection? https://mitre.github.io/vulnerable-mobile-apps/