Oversecured is an automated mobile application security scanner built specifically for mobile platforms.
The tool achieves 99.8% detection accuracy in independent testing with only a 3% false positive rate.
Scans complete in under 5 minutes on average, and the vulnerability detection library receives weekly updates to cover emerging threats.
What is Oversecured?
Oversecured is a purpose-built mobile security scanner that performs both static and dynamic analysis of Android and iOS applications.
Unlike tools adapted from web or general-purpose security testing, Oversecured was designed from the ground up for mobile-specific vulnerability detection.
The scanner covers over 175 Android vulnerability categories and 85+ iOS vulnerability categories.
These include platform-specific issues like insecure broadcast receivers, content provider leaks, deep link hijacking, and certificate pinning bypasses that generic tools often miss.
Oversecured supports native development (Java, Kotlin, Swift, Objective-C) as well as cross-platform frameworks including React Native, Flutter, Xamarin, and Cordova.
The analysis engine understands framework-specific patterns and identifies vulnerabilities unique to each technology.
Key Features
High Detection Accuracy
Independent testing shows 99.8% detection accuracy with a 3% false positive rate.
This balance means security teams can trust findings without spending excessive time triaging false alarms.
The low false positive rate is particularly important for maintaining developer trust in security tooling.
Comprehensive Vulnerability Coverage
The scanner detects mobile-specific vulnerability classes:
Android (175+ categories):
- Insecure broadcast receivers
- Content provider SQL injection
- Path traversal via content providers
- Deep link hijacking
- WebView JavaScript injection
- Insecure file providers
- Task hijacking vulnerabilities
iOS (85+ categories):
- Keychain access control bypasses
- URL scheme hijacking
- Insecure data storage (UserDefaults)
- Pasteboard data leaks
- ATS configuration issues
- Jailbreak detection bypasses
Fast Scan Times
Average scan completion time is under 5 minutes for most applications.
This speed enables integration into CI/CD pipelines without creating bottlenecks in the build process.
Unlimited scans are included with subscription plans, encouraging frequent testing.
Cross-Platform Framework Support
The scanner understands how cross-platform frameworks translate to native code:
- React Native: Analyzes JavaScript bridge interactions
- Flutter: Examines Dart compilation artifacts
- Xamarin: Scans .NET assemblies and native bindings
- Cordova: Reviews plugin security and WebView configuration
Weekly Vulnerability Updates
The detection library receives weekly updates incorporating new vulnerability patterns, CVEs affecting mobile platforms, and emerging attack techniques.
This cadence keeps the scanner current with the evolving mobile threat landscape.
Integration
Oversecured provides CLI tools and APIs for CI/CD integration.
GitHub Actions
name: Oversecured Mobile Scan
on:
push:
branches: [main]
pull_request:
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build APK
run: ./gradlew assembleRelease
- name: Upload to Oversecured
env:
OVERSECURED_API_KEY: ${{ secrets.OVERSECURED_API_KEY }}
run: |
curl -X POST \
-H "Authorization: $OVERSECURED_API_KEY" \
-F "file=@app/build/outputs/apk/release/app-release.apk" \
-F "integration_id=${{ github.repository }}" \
https://api.oversecured.com/v1/integrations/upload
- name: Wait for Results
env:
OVERSECURED_API_KEY: ${{ secrets.OVERSECURED_API_KEY }}
run: |
# Poll for completion
while true; do
STATUS=$(curl -s -H "Authorization: $OVERSECURED_API_KEY" \
https://api.oversecured.com/v1/integrations/${{ github.repository }}/status | jq -r '.status')
if [ "$STATUS" = "completed" ]; then break; fi
sleep 30
done
- name: Check Vulnerabilities
env:
OVERSECURED_API_KEY: ${{ secrets.OVERSECURED_API_KEY }}
run: |
CRITICAL=$(curl -s -H "Authorization: $OVERSECURED_API_KEY" \
https://api.oversecured.com/v1/integrations/${{ github.repository }}/vulnerabilities | \
jq '[.[] | select(.severity == "critical")] | length')
if [ "$CRITICAL" -gt 0 ]; then
echo "Found $CRITICAL critical vulnerabilities"
exit 1
fi
GitLab CI
stages:
- build
- security
build-android:
stage: build
image: gradle:8-jdk17
script:
- ./gradlew assembleRelease
artifacts:
paths:
- app/build/outputs/apk/release/
oversecured-scan:
stage: security
image: curlimages/curl:latest
script:
- |
# Upload APK
curl -X POST \
-H "Authorization: ${OVERSECURED_API_KEY}" \
-F "file=@app/build/outputs/apk/release/app-release.apk" \
-F "integration_id=${CI_PROJECT_PATH}" \
https://api.oversecured.com/v1/integrations/upload
# Wait for scan completion
sleep 300
# Get results
curl -H "Authorization: ${OVERSECURED_API_KEY}" \
https://api.oversecured.com/v1/integrations/${CI_PROJECT_PATH}/vulnerabilities \
-o oversecured-results.json
artifacts:
paths:
- oversecured-results.json
Jenkins Pipeline
pipeline {
agent any
environment {
OVERSECURED_API_KEY = credentials('oversecured-api-key')
}
stages {
stage('Build') {
steps {
sh './gradlew assembleRelease'
}
}
stage('Security Scan') {
steps {
sh '''
curl -X POST \
-H "Authorization: $OVERSECURED_API_KEY" \
-F "file=@app/build/outputs/apk/release/app-release.apk" \
-F "integration_id=$JOB_NAME" \
https://api.oversecured.com/v1/integrations/upload
'''
}
}
stage('Verify Results') {
steps {
script {
sleep(300) // Wait for scan
def result = sh(
script: '''
curl -s -H "Authorization: $OVERSECURED_API_KEY" \
https://api.oversecured.com/v1/integrations/$JOB_NAME/vulnerabilities
''',
returnStdout: true
)
def vulns = readJSON(text: result)
def criticals = vulns.findAll { it.severity == 'critical' }
if (criticals.size() > 0) {
error("Found ${criticals.size()} critical vulnerabilities")
}
}
}
}
}
}
API Reference
Oversecured provides a REST API for automation:
# Upload application
curl -X POST \
-H "Authorization: YOUR_API_KEY" \
-F "[email protected]" \
-F "integration_id=my-app" \
https://api.oversecured.com/v1/integrations/upload
# Check scan status
curl -H "Authorization: YOUR_API_KEY" \
https://api.oversecured.com/v1/integrations/my-app/status
# Get vulnerabilities
curl -H "Authorization: YOUR_API_KEY" \
https://api.oversecured.com/v1/integrations/my-app/vulnerabilities
# Get vulnerability details
curl -H "Authorization: YOUR_API_KEY" \
https://api.oversecured.com/v1/vulnerabilities/VULN_ID
# Download PDF report
curl -H "Authorization: YOUR_API_KEY" \
https://api.oversecured.com/v1/integrations/my-app/report \
-o report.pdf
Compliance
Oversecured helps organizations meet compliance requirements:
- GDPR: Data protection and privacy analysis
- PCI-DSS: Payment security controls
- HIPAA: Healthcare data protection
- OWASP MASVS: Mobile application security verification
Reports can be customized to map findings to specific compliance frameworks for audit documentation.
When to Use Oversecured
Oversecured excels when detection accuracy and low false positives are priorities.
Consider Oversecured when:
- False positives from other tools have eroded developer trust
- Fast scan times are essential for CI/CD integration
- Mobile-specific vulnerabilities are a primary concern
- Cross-platform framework support (React Native, Flutter) is needed
- Weekly vulnerability updates are important for your security posture
The platform is particularly effective for organizations with multiple mobile applications that need consistent, reliable security testing across their portfolio.
The unlimited scan model encourages testing on every commit rather than only before releases.
Teams that have struggled with noisy scanners will appreciate the 3% false positive rate, which means findings can be actioned without extensive triage.
Note: Ranked #1 in Samsung's mobile vulnerability detection program. Featured in CNN Android security investigation.