Seycure

Seycure is a privacy-focused mobile app that analyzes suspicious links and strips hidden metadata from media before sharing -all processed locally on the device.

Comment

Inspiration

Every day, people click shortened URLs such as bit.ly links shared through SMS, messaging apps, or social media without knowing their real destination. These links can hide phishing websites, malware downloads, or credential-stealing pages.

At the same time, modern smartphones embed hidden metadata inside photos. This metadata often contains:

  • GPS coordinates
  • Device manufacturer and model
  • Software version
  • Capture timestamps

When users share these images online, they may unknowingly expose sensitive information about their location or device.

We were inspired by the gap between powerful cybersecurity tools used by professionals and the limited privacy protections available to everyday users.

Our goal was to build Seycure — a privacy-first mobile utility that helps users safely inspect links and remove hidden metadata from files, all processed directly on-device.

What it does

Seycure is a privacy-focused mobile utility that protects users from common digital privacy risks.

Link Shield

The Link Shield allows users to safely inspect suspicious links before opening them.

Instead of directly opening a link, Seycure analyzes it using multiple security checks:

  • Expands shortened URLs to reveal the real destination
  • Removes tracking parameters such as utm_source and fbclid
  • Detects suspicious URL patterns such as IP-based links
  • Queries RDAP to estimate domain age
  • Checks threats using Google Safe Browsing via a secure proxy

This allows users to verify links without exposing their device or IP address.

Media Scrubber

The Media Scrubber removes hidden metadata from images before sharing.

Images often contain EXIF metadata such as:

  • GPS location
  • Device model
  • Camera software
  • Capture timestamps

Seycure parses the image binary to detect metadata and redraws the image using a canvas pipeline.

This reconstruction completely removes the original metadata structure, allowing safe sharing via the native mobile interface.

How we built it

Seycure uses a hybrid architecture combining modern web technologies with native mobile capabilities.

Frontend

  • React 18
  • TypeScript
  • Vite
  • Tailwind CSS
  • Shadcn UI

Native Integration

We used Capacitor v6 to bridge the web app with native Android APIs:

  • Camera access
  • File picker
  • Native share intents
  • Local storage

Edge Security Layer

To securely access Google Safe Browsing without exposing API keys or user data, we deployed a Cloudflare Worker acting as a secure proxy.

For redirect tracing of shortened links, we used an open proxy service.

This enables redirect analysis while bypassing browser CORS restrictions.

Core Logic

  • Heuristic trust scoring based on domain age and detected patterns
  • Efficient metadata parsing using lightweight libraries

Trust Score Algorithm

Seycure evaluates domain safety using a heuristic trust score model based on domain age and detected security signals.

The simplified scoring formula is:

$$ T = \min(100,\ \max(0,\ \left(\frac{D}{365}\right)\cdot 50 + H)) $$

Where:

  • T = Trust score
  • D = Domain age (days)
  • H = Heuristics score

Older domains generally increase trust, while suspicious patterns decrease the score.

Challenges we ran into

Memory Management
Processing large images inside a WebView caused crashes. We solved this using the exifr library, which reads only metadata headers instead of loading the full image.

Metadata Removal
Attempting to remove metadata through direct manipulation corrupted images. The correct approach was to redraw the image using a canvas pipeline.

Redirect Tracing and CORS
Client-side JavaScript cannot follow redirect chains due to strict CORS policies. We solved this by routing requests through an edge proxy.

Accomplishments that we're proud of

  • Built a privacy-first mobile security utility
  • Designed a serverless architecture that stores no user data
  • Achieved fast analysis speeds (typically under 400 ms)
  • Simplified complex cybersecurity tasks into single-tap actions

What we learned

  • Efficient binary file processing using ArrayBuffers
  • Memory optimization for hybrid mobile apps
  • Bridging web applications with native Android APIs
  • Understanding how much sensitive data exists in everyday media files

What's next for Seycure

Local AI Phishing Detection
Integrating a lightweight on-device model (e.g., LLaMA-based) to detect social engineering attempts.

Video Metadata Scrubber
Using FFmpeg (WebAssembly) to remove metadata from video files.

iOS Support
Extending the Capacitor codebase for cross-platform support.

Advanced Threat Analysis
Improving detection accuracy with smarter heuristics and real-time analysis.

Built With

  • android-apis-(camera
  • capacitor-v6
  • cloudflare-workers
  • css3
  • exifr-(metadata-parsing)
  • file-picker
  • google-safe-browsing-api
  • html5
  • html5-canvas-(image-reconstruction)
  • javascript
  • rdap-(domain-age-lookup)
  • react-18
  • shadcn-ui
  • share-intents)
  • tailwind-css
  • typescript
  • vite
Share this project:

Updates