Oversecured has been launched!

Oversecured is a company that works on security for mobile software. We think the level of security in mobile apps – the fastest-growing part of the IT sector – is extremely low. Unlike web services, where nobody has outside access to the executable code, in mobile apps we have access to the entirety of the code: We can see what it does and find the errors in it. We’ve automated the process of searching for all known vulnerabilities, on the Android platform so far, and made it available to all. Now you can scan any app, by uploading the apk files to our service, and receive a list of vulnerabilities – to use in bug bounties, for instance. The level of scanning is shown in our Oversecured Sample Report, which represents the result of scanning a specially-created Oversecured Vulnerable Android App (OVAA) containing the most widespread types of vulnerability. You can expect the same quality of scanning for any other app.

How did it happen?

Over several years of studying security in the mobile app field, we reached the conclusion that many developers – even those behind the biggest and most popular apps – have no suspicion that mobile apps can contain vulnerabilities leading to data leaks. That’s why we conducted our own research into mobile platforms’ security, as well as collecting together all previously-known errors that lead to vulnerabilities. We then developed a fast, high-quality code scanner that finds all the vulnerabilities we know of; and we are continuing to refine it.

What does the future hold?

Our immediate plans include launching a section for companies, allowing them to integrate Oversecured into their app development process. We want to offer developers the ability to scan each new version and fix any vulnerabilities before the app is sent out to users’ devices. We will also provide a Developer API for single scans, to make identifying critical vulnerabilities easier for security researchers working on the most popular apps. We will also implement an API for integration, which will help developers build their own CI/CD solutions to fix vulnerabilities. After that, we want to organize a way of certifying developers (defensive) and hackers (offensive) to write secure code, with the skills to find vulnerabilities in mobile apps. Development of a code scanner for iOS is underway. Vulnerability search in iOS apps written in Swift will only work for integrated companies with source code access. We also plan to create privacy apps for end users, which will define developers’ responsibility for their own apps and inform users regarding vulnerabilities in apps they have installed – a new protection functionality that has never existed before.

Conclusion

We want to identify all categories of mobile vulnerabilities, and automate the search for them. The ultimate goal is for all mobile apps to be free of vulnerabilities, for all potential data leaks to be prevented, and for developers to become skilled in writing secure code. Oversecured intends to improve the security of the whole mobile app industry – and we will do it!