Currently ANDROID® operating system users are unaware and have no control as to how third party applications use their private data. For example, if a user allows an application to access his/her contacts, he/she has no way of knowing if the application sends the contacts to advertisers or any other external entity. Generally, one security feature of the ANDROID® operating system is application-defined and permission must be granted by a user. However, once the user grants permission to the third-party application, the user has no way of knowing how the application uses the user's private data.
European application no. 2385479 A1 describes systems, methods, devices, and machine-readable mediums for implementing gesture-based signature authentication. In one embodiment, a method may involve generating a data protection policy from an un-trusted software environment to govern access to protected data stored in memory in the local computer system. Then the method maps the data protection policy to an enforceable system-level data protection policy managed by an Information Flow and Tracking Protection (IFTP) logic. Next, the method flags the first memory page containing the protected data. Finally, the method enforces the generated data protection policy for the first memory page containing the protected data using the IFTP logic and the enforceable system-level data protection policy.
German application no. 102011117855 A1 provides a technical improvement for mobile clients to protect against malicious applications that have the potential to transmit personal information of customers to third parties without this being noticed by the customer. Other hazards may arise from applications that secretly gain control of microphone and/or camera and/or communication channels such as mobile network or Wi-Fi and so you can spy on the client's environment or expensive premium SMS messages at the expense of the customer. Against this, the method provides protection by warnings to the customer, with detailed breakdowns of potential and existing risks encountered. Other variants of the method outlined therein have structures that are imposed on the applications, making manipulation of destination addresses, or the pretense of addresses that are supposedly used is not possible. The takeover of customer input is hereby ensured that what the customer sees or enters is also accepted as genuine and used.