RIIS Penetration Testing App

Setup

Download the APK.
Drag and drop the APK onto an Android emulator such as genymotion, or use adb install to install the APK onto an Android device.

List all Android activities within the application
Find and extract the usernames and passwords of the applications users.
Find and extract the administrator's username and password.
Examine the devices application memory for sensitive information (using a tool such as fridump) and report anything interesting you find.
Find the secret admin interface and catalog the steps to access it.
Summarize your findings, their CVSS severity, and the steps to reproduce them in a report using the word processor of your choice.