Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how secure the apps installed on their phones are, helping users and developers win bug bounties by helping them identify and report bugs in their code.
BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky or safe. BeVigil has been running as a web application for the past year, and has already scanned over a million apps and rated them. The tool also notifies software companies and app developers of vulnerabilities found through the app, helping users and developers win bug bounty contests from various software companies by giving them access to the code of apps running on the phone and reporting bugs.
“Currently, when someone reports a bug to us, we help them by referring them to the bug bounty program that the companies have and by telling them how to submit their findings. But as volumes increase, we will have a feature in our web app that will allow us to report the error on behalf of the user,” said Rahul Sasi, Co-Founder and CEO of CloudSek.
“From what we are aware of, a total amount of more than $70,000 has been received by users who have used our web app to analyze codes and find errors in them,” he added.
How the BeVigil app works
When a user downloads the app from the Play Store, BeVigil automatically scans all the apps installed on the user’s phone. It then classifies the apps as dangerous, risky or safe.
It provides the user with information about some of the most risky apps on the phone and provides a further overview of what kind of risks are prevalent in these apps. Some of the parameters include potential risks such as permissions and tracking, and identified risks such as exposed URLs, exposed keys and vulnerabilities. The user is also notified if a malware is found on the device.
The app was developed by a team of 10 engineers over a period of 14 months and is fully automated, Sasi said. BeVigil re-examines the apps every three months or when a new update is installed by a user and reflects the change in ratings.
After installation, every time a new app is downloaded, the user is notified of the security rating of the app before they can install it. This allows users to decide whether to download the app or not.
BeVigil performs two activities – to inform the user about the security assessment of the app, and to inform app developers about possible vulnerabilities in the app.
“Each of the apps installed on a phone has some access to the user’s data. If one of your company’s data gets hacked, it can lead to social engineering attacks, financial losses, account takeovers, etc. About 50% of the hacked data comes out publicly. So it is important for a user to know how secure the app they have installed is,” said Sasi.
BeVigil online app
The BeVigil online app has been running for over a year. In the web app, users must search for the mobile application they want, and the app will then offer them the security rating of the mobile app in question. The BeVigil web app has analyzed over a million applications, the company said.
The web app also allows users to view and browse the application code to analyze quality, patterns and security flaws in the code. It also allows users and developers to examine other parts of the application using the BeVigil application file browser. A developer or a user can also upload their application code to BeVigil to scan it for vulnerabilities.