Seycure

Inspiration

Every day, people click shortened URLs such as bit.ly links shared through SMS, messaging apps, or social media without knowing their real destination. These links can hide phishing websites, malware downloads, or credential-stealing pages.

At the same time, modern smartphones embed hidden metadata inside photos. This metadata often contains:

GPS coordinates
Device manufacturer and model
Software version
Capture timestamps

When users share these images online, they may unknowingly expose sensitive information about their location or device.

We were inspired by the gap between the powerful privacy tools available to cybersecurity professionals and the limited privacy protections available to everyday users. Our goal was to build Seycure, a privacy-first mobile utility that helps users safely inspect links and remove hidden metadata from files — all processed directly on-device.

What it does

Seycure is a privacy-focused Android utility that protects users from common digital privacy risks.

1. Link Shield

The Link Shield allows users to safely inspect suspicious links before opening them.

Instead of opening the link in a browser immediately, Seycure analyzes the URL using several security checks:

Expands shortened URLs to reveal the real destination
Removes tracking parameters such as utm_source and fbclid
Detects suspicious URL patterns such as IP-based links
Queries the rdap.org registry to estimate domain age
Checks threats using Google Safe Browsing through a secure proxy

This process allows users to verify links without exposing their device or IP address to the destination server.

2. Media Scrubber

The Media Scrubber removes hidden metadata from images before they are shared.

Images often contain EXIF metadata such as:

GPS location
Device model
Camera software
Capture timestamps

Seycure parses the image binary to detect EXIF metadata and then redraws the image using a canvas pipeline.
This reconstruction removes the original metadata structure entirely.

The cleaned image can then be safely exported or shared using the native Android share interface.

How we built it

Seycure uses a hybrid architecture combining modern web technologies with native Android capabilities.

Frontend

React 18
TypeScript
Vite

The interface is built using Shadcn UI and Tailwind CSS, creating a responsive and lightweight mobile experience.

Native Integration

We used Capacitor v6 to bridge the web application with native Android APIs, allowing access to:

Device camera
File picker
Native Android share intents
Local storage

Edge Security Layer

To securely access Google Safe Browsing without exposing API keys or user data, we deployed a Cloudflare Worker acting as a secure proxy.

For redirect tracing of shortened links, we used the open proxy service:

This allows redirect analysis while avoiding browser CORS restrictions.

Trust Score Algorithm

Seycure evaluates domain safety using a heuristic trust score model based on domain age and detected security signals.

The simplified scoring formula is:

$$ Trust = \min\left(100,\max\left(0,\left(\frac{\text{Domain Age (days)}}{365}\right)\times50 + \text{Heuristics Score}\right)\right) $$

Older domains generally increase trust, while suspicious patterns decrease the score.

Challenges we ran into

Memory Management

Processing large images inside a WebView initially caused memory crashes.
We solved this by using the exifr library, which reads only the metadata headers instead of loading the entire image.

Metadata Removal

Attempting to remove metadata through string manipulation corrupted image files.
The correct solution was to redraw the image using a hidden <canvas> element, which naturally produces a new image without metadata.

Redirect Tracing and CORS

Client-side JavaScript cannot follow HTTP redirect chains because of strict browser CORS restrictions.

To solve this, we routed redirect tracing through an edge proxy that safely returns the final destination URL.

Accomplishments that we're proud of

Built a privacy-first mobile security utility
Designed a serverless architecture that stores no user data
Achieved fast analysis speeds (typically under 400 ms)
Simplified complex cybersecurity tasks into single-tap actions

What we learned

Through this project we learned:

Efficient binary file processing using ArrayBuffers
Memory optimization for hybrid mobile apps
Bridging web applications with native Android APIs
How much sensitive information exists inside everyday media files

What's next for Seycure

Local AI Phishing Detection

We plan to integrate a lightweight on-device language model (such as LLaMA-3 1B) to analyze webpage content and detect social engineering attempts.

Video Metadata Scrubber

Video files such as MP4 and MOV contain complex metadata structures.
We plan to integrate FFmpeg compiled to WebAssembly to allow video metadata removal directly on-device.

iOS Support

We plan to compile the existing Capacitor codebase for iOS using Xcode, enabling Seycure to run on both Android and iOS devices.

Built With

allorigins-win
android
bootstrap
capacitor
cloudflare-workers
css3
exifr
google-safe-browsing-api
html5
html5-qrcode
javascript
lucide-react
pdf-lib
rdap
react-18
shadcn-ui
tailwind-css
typescript
vite

Submitted to

Dev Season of Code

Created by

I architected and developed Seycure from the ground up, covering system design, React frontend, Capacitor-based Android integration, and all core security logic. I implemented on-device URL analysis including redirect tracing, RDAP domain intelligence, heuristic threat detection, and trust score computation. I also built the media metadata inspection and canvas-based stripping engine to ensure complete local privacy. The system minimizes backend reliance, using only public registries and an optional Cloudflare Worker proxy to securely interface with Google Safe Browsing.

Alok Nath

Updates

Alok Nath started this project — Feb 28, 2026 12:50 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.