aWallet Password Manager

aWallet specifically: don't use it. The creator obviously doesn't know what they are doing. I'll just pick out one concern (there are several that will probably be more obvious to People Smarter Than Me): it could encrypt your database in ECB mode (sometimes, but not always).

ECB mode is notably not secure because the same plaintext always encrypts to the same cypher text. Therefore, ECB mode "does not hide data patterns well...it doesn't provide serious message confidentiality, and it is not recommended for use in cryptographic protocols at all".

Password managers in general: use one. But pick a well-known one with good reputation like 1Password, LastPass, KeePass, Dashlane, etc. Or at least use one created or recommended by a well-known security company or security researcher if you don't know where else to look. A good password manager with competent encryption (not aWallet apparently) is perfectly safe to keep on cloud storage, provided your master password is strong.


Edit: OK I can't resist picking a few other points that jump out at me to scream "stay away":

  • Regarding transforming the master password to an encryption key: "The result is hashed 1000 times by SHA-256." This is laughably insufficient. Done properly they would at a minimum use PBKDF with 10,000 rounds or more rather than a custom-made hash loop of only 1000. Even that would be barely sufficient, and would compare poorly to properly implemented password managers. Hundreds of thousands or more rounds would be more like it. Or abandon SHA-based password hashing and use something like bcrypt or argon2. This software cannot compare to modern tools.
  • "Supports auto destruction of the data file after a predefined number of unsuccessful unlocks have been tried." This doesn't affect an attacker at all. The only person this can hurt is the legitimate user. An attacker will make a copy of the database or use modified software to remove the guess limit. You on the other hand can accidentally lose all your passwords, never to be seen again, by accidentally having capslock turned on, or a dead key, or something like that.

Please note: This post actually answers the question(s) in the question and doesn't comment (much) on the security of aWallet. I suggest you visit the Crypto.SE version of this question for a review of the cryptographic details.

Is there a tool / technique that I could use to attempt to decrypt the data.crypt file used by aWallet app so as to test it's security?

A quick search turned up nothing, so I suppose that this password manager isn't big enough / hasn't seen enough research to have made somebody else to write a tool to attack this password manager.

aWallet doesn't offer any cloud storage of their own and allows us to (optionally) backup the data.crypt file onto Google Drive or Dropbox. How safe would that be given that I use 2-Factor-Authentication for my Google account?

This very much depends.
Assuming aWallet's security measures are actually good and you use a strong password and / or a local key file, then uploading the encrypted password database to a cloud service doesn't hurt security, as your password and / or keyfile still protect the passwords. Of course the added authentication and access control of these cloud services means that chances are only you and the provider have access and it's usually in the provider's best interest to not leak user files.

In general, is it safe to store login credentials or banking details or both in a password manager?

Yes, very much so, if the password manager is decent.
Using a password manager allows you to easily have unique, strong passwords per website, meaning a compromise of your password database or your local client is required. As we have already established, a compromise of the backup is prevented by the strong password, so this leaves the client compromise as the vector to learn the password. But as soon as your client is compromised, all bets are off anyways, because the attacker could just sniff your keyboard or monitor / intercept your network data! So all in all you little to lose and much to gain by using (good) passowrd managers.

Whether aWallet is a good password manager is a different question though (and answered on Crypto.SE).