Enterprise clouds can provide solutions to enterprises using cloud computing and software as a service (SaaS) to distribute software on a subscription basis. For example, cloud computing company Salesforce.com® can host Customer Relationship Management (CRM)/Salesforce Automation applications and services offsite via a cloud. Enterprises can use a variety of SaaS clouds to conduct their business. For example, enterprise users can access the Salesforce® cloud for CRM/Salesforce Automation services and applications. Users may use mobile devices, such as mobile phones, laptops, tablet computers, etc. to consume protected resources that are hosted on a cloud.
Users can grant mobile applications access to resources hosted in their cloud accounts using a resource authorization protocol, such as an OAuth (Open Authentication) protocol. For example, a user can authorize a contact book application running on a mobile phone to access his/her protected resources (e.g., contact list) hosted by the Salesforce.com® cloud by granting the contact book application an OAuth token. The contact book mobile application can use the OAuth token to automatically access the user's private resources stored in the Salesforce.com® cloud without the user having to expose their Salesforce.com® cloud credentials (e.g., Salesforce.com® cloud username and password), to the contact book mobile application.
A common problem is that when the mobile device is lost, the mobile device continues to use the OAuth token to automatically consume (e.g., synchronize) the protected resource (e.g., contact list) in the cloud, even after a user has changed his/her cloud service username/password. Another problem can occur when a user travels from a location, such as a European (EU) country to a non-EU country, where privacy regulations may not permit personal information to be shared across borders without express permission from the data owner. The user device may automatically download personal information (e.g., email address, phone number, address) in a contact list that is hosted on the cloud to the mobile device, which may inadvertently violate a privacy regulation.