Today, smartphones are as popular for use as communication tools as they are for creating, managing, and interacting with digital information. Smartphones are used, by consumers and business users alike, to communicate via phone call, text message, email, and video conference. Smartphones are also used to manage calendars and contact lists, view and create documents, browse the Internet, record video and audio, take photographs, and make purchases. Consequently, consumers and businesses are increasingly using smartphones to store sensitive information.
Knowing this, unscrupulous developers have begun creating applications that can steal sensitive information from a smartphone without the knowledge or permission of the user of the smartphone. These malicious programs may end up being readily available, usually for free, through popular application store services, where individuals seeking to enhance the functionality of their smartphones may inadvertently download and install them. Such malicious programs may also infect legitimate programs installed on a user's device. And, in some situations, a user may install a legitimate program and may be unaware that the program is designed to access and share sensitive information.
Smartphone systems may implement a variety of technologies to protect sensitive information from malicious programs or from legitimate programs that may access personal information without a user's knowledge. For example, some systems may implement a permission-based scheme where an application must request, before the application can be installed, permission to access sensitive information.
Unfortunately, such permission-based schemes may inadequately protect sensitive information from unintentional disclosure, because once a user grants permission to an application to access sensitive information, the application may use the sensitive information however it likes. An unscrupulous developer may take advantage of this ability by creating an application that requires access to some sensitive information to provide a useful service to the user, but that also steals the user's sensitive information. Furthermore, some users may simply not read or understand what permissions an application is requesting and/or understand the implication of granting certain permissions. Accordingly, the instant disclosure addresses a need for systems and methods that protect sensitive information from unintentional and/or malicious disclosure.