v1.0 (initial release)

Included vulnerabilities:

• Deprecated hashing and encryption routines
• Debug logging
• Shared preferences
• Javascript enabled WebView; loads page over HTTP
• HTTP connection with a vulnerable API server
• Unprotected activity, receiver, provider and service
• Dangerous content provider permissions
• Broken SSL HostnameVerifier
• Redis connection

and more...