: You must write a "malicious" Android app (the PoC) that exploits these vulnerabilities to perform actions like stealing data from the other apps.
If you are looking for guidance on how to structure your own PoC or understand common exam vulnerabilities, these resources are frequently cited by students:
Note that the exam format has recently changed. Newer versions (2025 onwards) may include and 2 lab exercises within a 12-hour window on the INE platform, shifting away from the traditional 7-day coding-only format. eMAPT (2).zip
: Many students share their journey and exam logic on platforms like Medium and personal blogs , detailing how they approached the Java/Kotlin coding requirements.
: Repositories such as syselement's eMAPT notes provide Smali and Java code snippets for exploiting specific Android components like BroadcastReceivers . : You must write a "malicious" Android app
The eMAPT exam is unique because it requires you to build an actual Android application rather than a written report.
: Reviews often recommend practicing on vulnerable apps like Damn Vulnerable Bank or BugBazaar before attempting the exam. 2025 Exam Update : Many students share their journey and exam
: You are given two vulnerable Android applications and must identify flaws such as insecure activities, broadcast receivers, or content providers.
Welcome, Login to your account.
Welcome, Create your new account
A password will be e-mailed to you.