
SecureMe scans your Android phone for publicly known vulnerabilities - rambot
https://secureme.securitycompass.com
======
ck2
Before you send all your APK to this company - who are they?

What laws are they subject to?

~~~
rambot
From the talk they are doing about this at AppSecUSA
([http://sched.co/3VgM](http://sched.co/3VgM)):

    
    
        The only information which gets accessed and transmitted are listed below:
    
            1. Application Name
            2. Application Package Name
            3. Application Version Number
            4. Application Version Name
            5. SecureMe – Droid Search Depth setting (1-5 only)
            6. SecureMe – Droid Vulnerability Details settings (1 or 0)
    

You aren't sending anyone your APKs. The application exists to make searching
Mitre's CVE database more convenient and automagic.

The developers are security consultants at Security Compass. The application
is hosted in Montreal, Canada. (I work there as well, and can ask them to add
an FAQ about this this stuff.)

~~~
mondoshawan
Any chance of opening up the code for the client app? Given that the database
is basically your golden egg, and given that this is security software, it
would make sense to open it up.

~~~
s3curity
I am member of the team behind SecureMe Droid. Right now we don't plan on open
sourcing the Android code. But I would like to mention that the source code is
not obfuscated.

