Ghera is an effort to create and maintain
a repository of verifiable Android app vulnerability benchmarks. It is intended to enable reproducible Android security analysis research and improve developer awareness about vulnerabilities.
The repository is currently offline for maintenance. Please contact the team if you need access to the benchmarks.
Rekha is a continuous effort to evaluate the effectiveness of Android app security analysis tools in detecting known vulnerabilities documented in Ghera repository. The artifacts from the first evaluation of freely available tools is available
here. The manuscript describing the findings is available here.
Aug 27, 2018 With the addition of 2 new lean benchmarks to Networking category, Ghera now captures 55 known vulnerabilities.
Aug 10, 2018 New wiki posts about path-permission and external storage vulnerabilities.
Jul 10, 2018 Added description for 12 new benchmarks and one new category to Ghera Website.
June 25, 2018 The results from evaluating the effectiveness of free Android app security analysis tools in detecting known vulnerabilities is available. ( PREPRINT)
June 14, 2018 Added 12 new benchmarks and one new category to Ghera.
May 24, 2018 Added support for Android API levels 26 and 27 and dropped support for Android API levels 19 and 21.
Feb 18, 2018 Fully automated functional testing support was added.
Nov 08, 2017 Ghera was presented at PROMISE'17. Here's the slide deck.