It's easy to audit Android app security, and very important, because most of them have one or more of the OWASP Mobile Top Ten Risks. I tested the top ten US bank apps, stock trading apps, and insurance apps, and 70% of them were insecure. I'll demonstrate how to find SSL validation failures and how to add Trojans to vulnerable apps to create a Proof-of-Concept. Complete instructions for all these tests are available free at samsclass.info.