CloudSEK Enters Uncharted Territories, Launches BeVigil, World’s First Security Search Engine for Mobile Apps

Committed to lead by example, CloudSEK BeVigil empowers individuals and security researchers to determine the security posture of mobile applications in a single click.

Bengaluru, India, April 17, 2021 --( CloudSEK, an Artificial Intelligence (AI) powered digital risk monitoring company, the recipient of NASSCOM-DSCI Excellence Award for Security Product Company of the Year 2020, has announced the launch of BeVigil, world’s first security search engine for mobile apps that will assist individual users, app developers, and security researchers alike.

Despite having over 8 million apps to choose from, users don’t have a mechanism to determine the security posture of apps that they install on their devices. Apart from the standard Google Play Store and App Store, there are 80+ third-party app stores as well. Yet, there is no comprehensive tool to evaluate their validity and security. There has also been a recent spate of supply chain attacks on mobile apps, in which threat actors embed third-party SDKs with malicious code, which are then re-used by unsuspecting app developers. To address this gap, and to empower users, CloudSEK has pioneered the first ever security search engine for mobile apps.

With BeVigil, users can now ascertain the risk rating of an app, check the list of permissions it requests on installation, and ensure it is not malicious. BeVigil’s familiar and easy-to-use search engine interface allows users to simply search for the app name to get a risk score that is indicative of the app’s overall security posture. Moreover, app developers can proactively upload their applications to BeVigil to identify vulnerabilities and remediate them, avoiding any pitfalls prior to their launch.

In addition, security researchers can perform in-depth investigations on millions of apps using their metadata and by searching the app packages for code snippets, keywords, strings, or other expressions that denote vulnerabilities. This information can then be used to identify patterns, correlate threats, and rectify false positives. The scan reports generated by BeVigil are made available to the global CloudSEK community. In short, the security community now has a VirusTotal equivalent for mobile apps.

Commenting on the inspiration behind BeVigil, Rahul Sasi, Founder and CTO of CloudSEK said, “I was recently appointed by the Reserve Bank of India to study the security aspects of digital lending apps. During this process I realized that there is no product that can analyse the glut of apps that are out there and identify fraudulent ones. Also, a significant number of apps don’t go through any security reviews owing to the high costs of testing. But with BeVigil, users can ensure that they only install secure apps and app developers can use it as a free solution to audit their apps.” He added that, “Mobile applications often have vulnerabilities that compromise users’ safety, data, and privacy. BeVigil will enable security researchers and app developers to uncover and resolve these vulnerabilities and make them safer for users.”

Adding to his comments, BeVigil CTO Shahrukh Ahmad said, “The team has already started working on expanding the scan coverage to include apps across various categories. We are also adding relevant functionalities such as malware identification, capability to identify more app vulnerabilities, resilience checks, asset extraction, and improved scoring algorithms. The idea is to make the most comprehensive mobile app scanner that allows individual users and security researchers to identify insecure apps, and enables app developers to visualise and resolve critical issues before they ship their app to multiple app stores.”
Sahil Amanu