The company claims the tool has already helped users rake in over $70,000 in bug bounties from various software companies. Credit: Steve Jurvetson Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code.BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps and rated them. The tool also alerts software companies and app developers about vulnerabilities found through the app, and helps users and developers win bug bounty contests from various software companies by giving them access to the code of apps running on their phone and reporting bugs.“Currently, when someone reports a bug to us, we help them by directing them to the bug bounty program that the companies have and by telling them how they need to submit their findings. However, as the volumes increase, we will have a feature in our web app that will allow us to report the bug on the user’s behalf,” said Rahul Sasi, co-founder and CEO at CloudSek.“Of what we are aware, a total amount of more than $70,000 has been received by users who have used our web app to analyze codes and find bugs in them,” he added. How the BeVigil app works Once a user downloads the app from the play store, BeVigil automatically scans all the apps installed on the user’s phone. It then classifies the apps as dangerous, risky, or safe.It gives the user information about some of the riskiest apps on their phone and offers a further breakdown on what kind of risks are prevalent in these apps. Some of the parameters include potential risks such as permissions and tracker, and identified risked such as exposed URLs, exposed keys, and vulnerabilities. The user also gets alerted if a malware is found on the device. The app was developed by a team of 10 engineers over a period of 14 months and is fully automated, Sasi said. BeVigil re-examines the apps every three months or when a new update is installed by any user and reflects the change in its ratings. Post installation, whenever a new app is downloaded, the user gets alerted about the security rating of the app before they can install it. This allows the users to decide if they want to download the app or not. BeVigil performs two activities–informing the user about the security rating of the app, and informing app developers about the possible vulnerabilities in the app. “Each of the app installed on a phone have some access to the user’s data. If one of the company’s data gets hacked, it can lead to social engineering attacks, financial losses, account take overs etc. About 50% of the hacked data comes out in public. So, it’s important for a user to know how safe the app they have installed is,” Sasi said. BeVigil web appBeVigil web app has been running for over a year. In the web app, users needs to search for the mobile application of their choice and the app will then offer them the security rating of that particular mobile app. The BeVigil web app has analyzed over a million applications, the company said. The web app also allows users to view and browse through the application code to analyze quality, patterns, and security bugs in code. It also allows users and developers to investigate other parts of the application using BeVigil application file browser. A developer or a user can also upload their application code on BeVigil to scan it for vulnerabilities. Related content news UK CSO 30 Awards 2023 winners announced By Romy Tuin Dec 05, 2023 4 mins CSO and CISO C-Suite Roles news analysis Deepfakes emerge as a top security threat ahead of the 2024 US election As the US enters a critical election year, AI-generated threats, particularly deepfakes, are emerging as a top security issue, with no reliable tools yet in place to combat them. By Cynthia Brumfield Dec 05, 2023 7 mins Election Hacking Government Security Practices feature How cybersecurity teams should prepare for geopolitical crisis spillover CISOs can anticipate and prepare for cyberattacks conducted by participants in geopolitical conflict such as the Israel/Hamas war by understanding the threat actors' motivations and goals. By Christopher Whyte Dec 05, 2023 12 mins Advanced Persistent Threats Threat and Vulnerability Management Risk Management news analysis P2Pinfect Redis worm targets IoT with version for MIPS devices New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security. By Lucian Constantin Dec 04, 2023 5 mins Botnets Hacker Groups Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe