This Android project contains intentional security vulnerabilities for testing TitanShield's SAST capabilities.
The TitanShield scanner should detect:
- Hardcoded Secrets: API keys, passwords, AWS credentials, encryption keys
- Weak Cryptography: DES encryption, MD5 hashing
- Dangerous Permissions: Location, contacts, SMS, camera without justification
- Insecure Network: Cleartext traffic enabled
- WebView Issues: JavaScript enabled with file access
- SQL Injection: Unsafe query construction
- Insecure Random: Math.random() for security tokens
- Logging Sensitive Data: Credentials in logs
- Exported Components: Without proper permission checks
- Private Keys: Hardcoded RSA keys
Push to this repository to trigger TitanShield GitHub integration.
Expected: 13+ vulnerabilities detected by TitanShield SAST.