Embedded Files
Meet Mr. Vigilant
Platform
Android
Components
Java / Android SDK
Release
Google Play January 2015
These can't be actual marketing materials
Mr. Vigilant is my first security app for Android, providing users with logging and analysis of events and processes on their devices.
Sneak peek demo in the store
Mr. Vigilant Has Your Back
Ever wonder what your phone is up to when your back is turned? Are apps secretly sending data to far-off servers, without your knowledge? Has your stalker stolen your phone, and your swipe-code? Did the police officer view your phone's photos while it was in their custody?
These things have actually happened, apparently. Creepy, I know.
Victims have sometimes been fortunate to find an artifact of the misuse; A left-over mail receipt or other bit of evidence.
But in who-knows-how-many other cases, there will simply be no indication that some misuse has occurred.
Thankfully it turns-out that with some clever code, we can keep track of events that might be worthy of note, and make them available for later review.
So yes, Mr. V can tell you whether your phone was plugged-in to something via USB, while it was out of your hands. And whether someone successfully logged-in, placed or answered phone calls, rebooted the phone, and more.
Key Feature: Security Event Logging
The heart of "Mr. V" is event logging. There are a crazy number of events which occur on an Android device all the time, many of which users would want to know about in researching some sort of breach.
Additionally, insight into how the events are being handled on the device can expose obscure "hooks" placed by sleazy or just plain malicious apps.
Mr. Vigilant provides:
An interface for selecting events to be monitored
A system to log those events when they occur
An interface for reviewing those logs
Additional insight gained from event analysis
Current State
Events which Mr. V is currently capable of logging include:
User Present: Logged when someone begins interactively using your device. They have logged-in, hacked-in, or maybe it was just unlocked.
Call Placed/Answered: Logged when calls are placed, including from the "Emergency Call" screen - or if an incoming call was answered!
Docked/Undocked: Logged when your device is connected to, or disconnected from a USB device.
App Installed or Removed: Yup, I can tell if you they installed or removed any apps from your phone!
About Android Security Awareness
(Coming soon: The inevitable tirade resulting from a long look under the covers of Android Security. Yeesh.)
Okay we really need better marketing materials
Download the Demo from Play Store
Alternate App Names
Not really 100% sold on the name. I think fuzzy personification is a great tactic (see Wishfarmers), but with security products in particular I wonder if a more sinister name is expected. Something like...
Mr. Vigilance
Vigilance
Watchful
Watchful Eye
Watcher
Security Monkey
Inspired Minimalist UI?
Or McGuyver-esque duct-tape cheesehack?
In a flash of brilliance-slash-impatience, I've invented the simplest possible control interface: Text selected anywhere in the UI is treated (after validation) as potential user input. See some examples of this in the pics below.
Commands are accepted only in uppercase, and event flags only with underscores. With those rules in place, any text on screen becomes, potentially, part of the interface. Thus when the "HELP" screen explains all other relevant commands, the names of commands themselves trigger their associated activities.
It has served quite well already - as a way to delay creating a formal UI, allowing me to continue developing the core security features. It was never meant for any permanent role.
But oddly, early user response has suggested some people actually like this form of navigation, and might be interested in a more refined variant.
I too find it rather compelling, for a few reasons. Flexibility is one: Users can pick commands from lists, but also from anywhere else. This instantly enables a user to A) observe an event in the log, B) decide not to log that any more, and C) remove it from logging right there. And I didn't have to code that handling.
So I may actually consider a more sophisticated incarnation of this same approach, for a final user interface. Perhaps relying on Android's 'URI' facility, or on a heavily customized "Selection" configuration.
Features in the Works
Other features I'm building into Mr. Vigilant will include:
Triggered Alerts: Set conditions under which the log is sent to an email address, or purged.
Triggered Response: Set conditions under which GPS position, a photo, and sample of ambient audio are logged for later review, or delivered to a remote location.
Stealth Operation: There is no visible application, anywhere. The interface is started by entering a personal secret code in a completely unrelated built-in app.
Scheduled Modes: Disable logging during the day for your own privacy, high-logging at night when you're asleep.
Device Analysis: What apps do you have, what do they listen to?
Enabling an Event with Mr. Vigilant
Page updated
Google Sites
Report abuse