The company claims the tool has already helped users rake in over $70,000 in bug bounties from various software companies. Credit: Steve Jurvetson Cybersecurity firm CloudSek has launched BeVigil, a tool that can tell users how safe the apps installed on their phone are, and helps users and developers win bug bounty by helping them identify and report bugs in the code.BeVigil scans all the apps installed on a user’s phone and rates them as dangerous, risky, or safe. Running as a web application for the past one year, BeVigil has already scanned over a million apps and rated them. The tool also alerts software companies and app developers about vulnerabilities found through the app, and helps users and developers win bug bounty contests from various software companies by giving them access to the code of apps running on their phone and reporting bugs.“Currently, when someone reports a bug to us, we help them by directing them to the bug bounty program that the companies have and by telling them how they need to submit their findings. However, as the volumes increase, we will have a feature in our web app that will allow us to report the bug on the user’s behalf,” said Rahul Sasi, co-founder and CEO at CloudSek. “Of what we are aware, a total amount of more than $70,000 has been received by users who have used our web app to analyze codes and find bugs in them,” he added. How the BeVigil app works Once a user downloads the app from the play store, BeVigil automatically scans all the apps installed on the user’s phone. It then classifies the apps as dangerous, risky, or safe.It gives the user information about some of the riskiest apps on their phone and offers a further breakdown on what kind of risks are prevalent in these apps. Some of the parameters include potential risks such as permissions and tracker, and identified risked such as exposed URLs, exposed keys, and vulnerabilities. The user also gets alerted if a malware is found on the device. The app was developed by a team of 10 engineers over a period of 14 months and is fully automated, Sasi said. BeVigil re-examines the apps every three months or when a new update is installed by any user and reflects the change in its ratings. Post installation, whenever a new app is downloaded, the user gets alerted about the security rating of the app before they can install it. This allows the users to decide if they want to download the app or not. BeVigil performs two activities–informing the user about the security rating of the app, and informing app developers about the possible vulnerabilities in the app. “Each of the app installed on a phone have some access to the user’s data. If one of the company’s data gets hacked, it can lead to social engineering attacks, financial losses, account take overs etc. About 50% of the hacked data comes out in public. So, it’s important for a user to know how safe the app they have installed is,” Sasi said. BeVigil web appBeVigil web app has been running for over a year. In the web app, users needs to search for the mobile application of their choice and the app will then offer them the security rating of that particular mobile app. The BeVigil web app has analyzed over a million applications, the company said. The web app also allows users to view and browse through the application code to analyze quality, patterns, and security bugs in code. It also allows users and developers to investigate other parts of the application using BeVigil application file browser. A developer or a user can also upload their application code on BeVigil to scan it for vulnerabilities. Related content news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe