Included vulnerabilities:
- Deprecated hashing and encryption routines
- Debug logging
- Shared preferences
- Javascript enabled WebView; loads page over HTTP
- HTTP connection with a vulnerable API server
- Unprotected activity, receiver, provider and service
- Dangerous content provider permissions
- Broken SSL HostnameVerifier
- Redis connection
and more...