EVABS | Extremely Vulnerable Android Lab for Beginners

EVABS | Extremely Vulnerable Android Lab for Beginners

Vulnerable Web application.

These are the tools that are really helpful for practicing different hacking techniques. These apps are made intentionally vulnerable to the practice.
Most of the vulnerable web apps such as DVWA, BWAPP, etc. are only available and compatible mainly with the PC platforms. As there are more users for PC platforms most developers do not like to focus on the Android platform.
But some developers really work hard to develop Android platform compatible hacking tools. Such type of application is EVABS (Extremely Vulnerable Android Labs).

EVABS is nothing but an application that is intentionally kept vulnerable for practice. It is a great alternative to the vulnerable web applications available for PC platforms.

EVABS has some CTF challenges especially made for beginners and they are easy to solve than other CTF(Capture the flag) challenges.
Let’s see how we can set up it.


  • Android Studio
  • Android SDK
  • Root access
  • ADB
  • Apktool
  • dex2zar

It will be irritating for you to install these tools one by one. To solve that, install a terminal emulator such as termux, download and run Adhrit tool to install all at once.

Configuring Extremely Vulnerable Android Labs

First of all, it is recommended to root your Android smartphone. But as an alternative, you can use the Android emulator that comes with android studio. Now, download the application from Github.

Allow the unknown sources from the settings to install the application. Also, you have to enable the ‘debugging‘ mode by going through the ‘developer options‘.

Once EVABS is installed, open the application and set a name to proceed. There are 12 levels of challenges.

EVABS | The Best Extremely Vulnerable Web app for Android

What we have to do with EVABS?

You have to find the flag and submit it to verify the solution you discovered to get to the next level. 

The difficulty of finding vulnerability increase with the levels. But if you have no idea how to find a vulnerability, it has a ‘hint‘ option. Click on it and proceed with the hint.

Really cool, right? We don’t have to take permission from anyone to apply our hacking techniques. We can practice it in our own lab.

Tell us if you want the solution to the challenges. We will work on that.


Android application developers are on full power now. They gift us really useful apps. The Android platform is really growing so fast and we should have idea about what types of vulnerabilities can be found on an Android application.

By solving these challenges, you can really get high.

What’s your opinion? let us know in the comment box below. If you are facing any problem regarding setting up the application, feel free to leave a comment below by explaining your problem and please attach a screenshot if possible. That helps us to identify your problem quickly.