After a relative got phished by a link impersonating their bank, I wanted to create an app to help them ,and others, evaluate the trustworthiness of a link on the fly.
LegitURL is a strict, local-first iOS app that analyzes a link like a browser would, but shows everything clearly and doesn’t try to "fix" anything.
It checks: - Domain structure (e.g. brand impersonation, gibberish, encoding tricks) - TLS certificate (issuer, SANs, expiry) - HTTP headers (HSTS, CSP, redirect behavior) - Cookies and script behavior
It gives a score like a nutrition label ( ) and explicitly shows the final URL if there's a redirect chain.
Everything runs locally, except for HTTPS GET to the links (sandboxed, no cookies, no session data). There’s no cloud, no tracking, no backend.
The app is currently in *TestFlight beta* while waiting for App Store review. It’s free and open source (AGPLv3).
I’d love feedback, especially from folks who know more than me.
GitHub: https://github.com/sigfault-byte/LegitURL TestFlight: https://testflight.apple.com/join/VESrumtr