BeVigil will allow individuals and security researchers to determine the security posture of mobile apps with the click of a button.
Online PR News – 15-April-2021 – Bengaluru, Karnataka – CloudSEK, an Artificial Intelligence (AI) powered digital risk monitoring company, which recently bagged the NASSCOM-DSCI Excellence Award for Security Product Company of the Year 2020, has announced the launch of BeVigil, the world’s first security search engine for mobile apps that will empower individual users, app developers, and security researchers alike.
Despite having over 8 million apps to choose from, users don’t have a mechanism to determine the security posture of apps that they install on their devices. Apart from the standard Google Play Store and App Store there are 80+ third-party app stores that users can download apps from. Yet, there is no comprehensive tool to evaluate their validity and security. There has also been a recent spate of supply chain attacks on mobile apps, in which their threat actors embed third-party SDKs with malicious code, which are then re-used by app developers. To address this gap, and to empower users, CloudSEK has pioneered the first-ever security search engine for mobile apps.
With BeVigil, individual users and security researchers can now check the risk rating of an app, check the list of permissions it requests, and ensure it is not malicious. BeVigil’s familiar, easy to use search engine allows users to simply search for the app name to get a risk rating that is indicative of the app’s overall security posture. App developers can also proactively upload their apps to BeVigil to identify vulnerabilities and remediate them before the apps are listed on various app stores.
In addition, security researchers can perform in-depth investigations on millions of apps using the metadata of the apps and by searching the app packages for code snippets, keywords, strings, or other expressions that are indicative of vulnerabilities. This information can be then used to identify patterns, correlate threats, and rectify false positives. The scan reports generated by BeVigil are made available to the global CloudSEK community. In short, the security community now has a VirusTotal equivalent for mobile apps.
Talking about the inspiration behind BeVigil, Rahul Sasi, Founder and CTO of CloudSEK said, “I was recently appointed by the Reserve Bank of India to study the security aspects of digital lending apps. During this process I realized that there is no product that can analyse thousands of apps and identify fraudulent ones. Also, a significant number of apps don’t go through any security reviews owing to the high costs of testing. But with BeVigil, users can ensure they install only secure apps and app developers can use it as a free solution to audit their apps.” He added, “Mobile applications often have vulnerabilities that compromise users’ safety, data, and privacy. BeVigil will enable security researchers and app developers to uncover and remediate these vulnerabilities and make them safer for users.”
Adding to his comments, BeVigil CTO Shahrukh Ahmad said, “The team has already started working on expanding the scan coverage to include apps across various categories. We are also adding relevant functionalities such as malware identification, capability to identify more app vulnerabilities, resilience checks, asset extraction, and improved scoring algorithms. The idea is to make the most comprehensive mobile app scanner that allows individual users and security researchers to identify insecure apps, and enables app developers to visualise and resolve critical issues before they ship their app to multiple app stores.”