Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code.
BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps and rated them. The tool also alerts software companies and app developers about vulnerabilities found through the app, and helps users and developers win bug bounty contests from various software companies by giving them access to the code of apps running on their phone and reporting bugs.
“Currently, when someone reports a bug to us, we help them by directing them to the bug bounty program that the companies have and by telling them how they need to submit their findings. However, as the volumes increase, we will have a feature in our web app that will allow us to report the bug on the user’s behalf,” said Rahul Sasi, co-founder and CEO at CloudSek.
“Of what we are aware, a total amount of more than $70,000 has been received by users who have used our web app to analyze codes and find bugs in them,” he added.
How the BeVigil app works
Once a user downloads the app from the play store, BeVigil automatically scans all the apps installed on the user’s phone. It then classifies the apps as dangerous, risky, or safe.
It gives the user information about some of the riskiest apps on their phone and offers a further breakdown on what kind of risks are prevalent in these apps. Some of the parameters include potential risks such as permissions and tracker, and identified risked such as exposed URLs, exposed keys, and vulnerabilities. The user also gets alerted if a malware is found on the device.
The app was developed by a team of 10 engineers over a period of 14 months and is fully automated, Sasi said. BeVigil re-examines the apps every three months or when a new update is installed by any user and reflects the change in its ratings.
Post installation, whenever a new app is downloaded, the user gets alerted about the security rating of the app before they can install it. This allows the users to decide if they want to download the app or not.
BeVigil performs two activities–informing the user about the security rating of the app, and informing app developers about the possible vulnerabilities in the app.
“Each of the app installed on a phone have some access to the user’s data. If one of the company’s data gets hacked, it can lead to social engineering attacks, financial losses, account take overs etc. About 50% of the hacked data comes out in public. So, it’s important for a user to know how safe the app they have installed is,” Sasi said.
BeVigil web app
BeVigil web app has been running for over a year. In the web app, users needs to search for the mobile application of their choice and the app will then offer them the security rating of that particular mobile app. The BeVigil web app has analyzed over a million applications, the company said.
The web app also allows users to view and browse through the application code to analyze quality, patterns, and security bugs in code. It also allows users and developers to investigate other parts of the application using BeVigil application file browser. A developer or a user can also upload their application code on BeVigil to scan it for vulnerabilities.