BeVigil Exposes Mobile App Danger: Over 4 Million Users Globally at Risk from Hardcoded Shopify Tokens
CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered a critical security flaw in the mobile app industry.
Security disclosures, News and Guides
CloudSEK’s BeVigil, the world’s first security search engine for mobile apps, uncovered a critical security flaw in the mobile app industry.
In this blog, we show you how to use BeVigil, the world’s first security search engine for mobile apps, to identify the tracker(s) present in the Android apps that record user data along with steps that can be taken to minimize such activity.
With a market share of 72%, Android is the most widely used mobile operating system. The consistent increase in Android users has accelerated the development of apps considerably. Therefore, Android, with over 2.5 billion active users spanning over 190 countries, is a prime target for threat actors as well. BeVigil is the world’s first security … Read more
Our researchers using BeVigil, a security search engine, were able to find 159 private GitHub repositories that contained the source code of 10 organizations. The sole reason why we found their private GitHub repositories was because their repositories contained source code of Android apps with hardcoded Github Personal Access Tokens.
Authors:Â Sparsh Kulshrestha, Shashank BarthwalBeVigil OSINT API public documentation History of Data Gathering and Scanning Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited. The first project in this category was started in 1998 at Bell Labs, it was called … Read more
Authors: Ashikka Gupta, Sudipta PanditEditor: Deepanjli Paulraj, Nithya Kurian Android is the leading mobile operating system in the world with over 70% of all mobile devices worldwide running Android as of July 2021. You can download almost any kind of app from the Play Store, but before installing it, do you just select Accept to all permissions? … Read more