Droidsqli ((free)) -

Tested on over 2,000 real‑world Android apps. Found local SQLi vulnerabilities in ~8% of apps with local databases, and remote SQLi in ~12% of apps using custom HTTP APIs—many from popular app stores.

The tool is known for its simplicity, allowing users to enter a target URL and let the app test for different injection methods, including: Normal SQLi : Standard data extraction techniques. Error-based SQLi : Exploiting database error messages to reveal information. Boolean-based SQLi : Using true/false queries to determine data structure. Union-based SQLi : Using the operator to combine results from multiple tables. Security and Ethical Context droidsqli