How to Assess the Criticality of Android App Permissions: A Hands-on Approach

Android Permissions

With a market share of 72%, Android is the most widely used mobile operating system. The consistent increase in Android users has accelerated the development of apps considerably. Therefore, Android, with over 2.5 billion active users spanning over 190 countries, is a prime target for threat actors as well. BeVigil is the world’s first security … Read more

Hardcoded GitHub Personal Access Tokens Leak 159 Private Repositories

Our researchers using BeVigil, a security search engine, were able to find 159 private GitHub repositories that contained the source code of 10 organizations. The sole reason why we found their private GitHub repositories was because their repositories contained source code of Android apps with hardcoded Github Personal Access Tokens.

BeVigil 3.0 Release Notes: BeVigil OSINT API Launch, redesigned blog and logo, credit changes, and much more!

What’s New 🚀✨ BeVigil OSINT API Launch We are happy to announce the launch of the NEW BeVigil OSINT Service! The BeVigil OSINT Service is an innovation to aid asset discovery from mobile apps and create a new channel for asset recon. We have created and maintained a searchable repository of more than half a million … Read more

Unraveling Assets from Android Apps at Scale

Authors: Sparsh Kulshrestha, Shashank BarthwalBeVigil OSINT API public documentation History of Data Gathering and Scanning Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited. The first project in this category was started in 1998 at Bell Labs, it was called … Read more

Exposed HubSpot API Keys Compromise 1.6 Million Users’ Data

Authors: Arshit Jain, Ashikka GuptaEditors: Deepanjli Paulraj, Syed Shahrukh Ahmed If you want to develop a steady and profitable business, you must have strong ties with your clientele. The process of honing these relationships, on the other hand, can be rather difficult. When it comes to engaging with your clients, having a Customer Relationship Management or CRM … Read more

The Surge of Cybersecurity Challenges in Neobanking

We Analyzed 31 Neobanking Apps and Found a Range of Security Issues Neobanking has recently become a buzzword in the fintech world. On a global scale, Neobanks are taking over the fintech industry. A Neobank is a type of digital bank that does not have physical locations. Neobanking does not require you to be physically … Read more

Dangerous Android Permissions To Look Out For In Your Apps

Authors: Ashikka Gupta, Sudipta PanditEditor: Deepanjli Paulraj, Nithya Kurian Android is the leading mobile operating system in the world with over 70% of all mobile devices worldwide running Android as of July 2021. You can download almost any kind of app from the Play Store, but before installing it, do you just select Accept to all permissions? … Read more

Exposed Payment Integration API Keys Imperil Millions of Users’ Transaction Details and PII

Authors: Arshit Jain and Sai Ahladini Tripathy, BeVigil Team Editor: Isha Tripathi, Information & Analytics Squad Widespread Exposure of API Keys Imperils the Mobile App Ecosystem   APIs have revolutionized how apps are developed and used. They make it easy for developers to build apps that communicate with multiple sources and efficiently manage data flowing to and … Read more

BeVigil 2.0 Release Notes: Enhanced detection for vulnerabilities, secrets, trackers, a brand-new UI, search suggestions, and much more!

What’s New 🚀✨ Security Report You said, we did! BeVigil 2.0’s security report has changed both in terms of quantity and quality of relevant data for its users. With a brand-new UI, all the information you need is presented in a modern and intuitive dashboard! Here’s what’s new in the security report:  Detect sensitive assets … Read more