Ghera is an effort to create and maintain
a repository of verifiable Android app vulnerability benchmarks. It is intended to enable reproducible Android security analysis research and improve developer awareness about vulnerabilities.
Rekha is a continuous effort to evaluate the effectiveness of Android app security analysis tools in detecting known vulnerabilities documented in Ghera repository. The artifacts from the first evaluation of freely available tools is available
here. The manuscript describing the findings is available here.
Dec 03, 2018 Ghera's first Android security bug report was acknowledged as High priority and fixed by Android Security team. Security Bulletin, CVE-2018-9548, and Acknowledgements.
Dec 03, 2018 A new ICC benchmark that illustrates a DoS vulnerability stemming from unhandled exceptions was added to Ghera.
Aug 27, 2018 With the addition of 2 new lean benchmarks to Networking category, Ghera now captures 55 known vulnerabilities.
Aug 10, 2018 New wiki posts about path-permission and external storage vulnerabilities.
Jul 10, 2018 Added description for 12 new benchmarks and one new category to Ghera Website.
June 25, 2018 The results from evaluating the effectiveness of free Android app security analysis tools in detecting known vulnerabilities is available. ( PREPRINT)
June 14, 2018 Added 12 new benchmarks and one new category to Ghera.
May 24, 2018 Added support for Android API levels 26 and 27 and dropped support for Android API levels 19 and 21.
Feb 18, 2018 Fully automated functional testing support was added.
Nov 08, 2017 Ghera was presented at PROMISE'17. Here's the slide deck.