SAFE(Security Assessment Framework for Everyone) is a free mobile application which monitors the security posture of an Android device. It does real-time assessments to generate the SAFE Score, a number (between 0 to 5), which helps to visualise, track, and enhance the cybersecurity posture of the underlying device.
The application follows the benchmarks and global standards provided by Mitre Corporation, US, CIS(Center for Internet Security), US and uses data sources like NVD(National Vulnerability Database) by NIST(National Institute of Standards and Technology), US and Android security bulletin by Google to determine the SAFE score.
The SAFE score is a number from 0.01 – 5.00. The higher is the score, the better is the security status of a device. The overall SAFE score is derived from four verticals on which the device is monitored viz. Device Settings, Active Connections, Installed Applications, and the Operating System. After security assessment, we get the following scores corresponding to the verticals indicating the security status and we create the SAFE score using these numbers using the patent-pending model:
Configuration Score is a security score measured by sensing the device configuration setting such as device encryption, screen lock type, sleep duration, etc.
Connection Score is a security score determined by assessing the state and the configuration of the network connection like WiFi, NFC, Bluetooth, etc.
Application Score is a security score evaluated by performing the basic security assessment (manifest analysis) on the installed applications.
OS Score is a security score measured by analyzing the maturity of the underlying operating system. It is obtained by identifying the security issues in the OS using the device’s security patch version and data source from NVD(National Vulnerability Database) and Android security bulletin.
The application also allows users to improve the security posture of the device by redirecting the user to change the insecure settings pertaining to the active connections and the device configuration. It also helps users to understand permission distribution across installed applications and accordingly delete the unnecessary applications that are taking too many permissions