Wireless devices, hereafter referred to as mobile devices, include mobile phones, and mobile e-mail devices that typically have applications which allow users of these devices to perform a wide variety of functions including accessing or sending information, playing games, etc. These applications may be installed during the manufacture of these devices. Alternatively, these applications may be made by a third party and installed after the manufacture of these devices.
The operating system of a mobile device provides an application programming interface (API) that provides access to data which may be sensitive and a task manager for controlling application execution. However, typical operating systems lack a robust framework for addressing security and manageability of API access control as well as application control. Accordingly, sensitive APIs (i.e. APIs that provide access to sensitive information) may be accessed by rogue applications without passing through any security framework. For example, a sensitive API can be an API that allows access to a database of a corporate e-mail application. That being said, there are legitimate uses of APIs that must also be taken into consideration. In addition, non-secure operating systems on a mobile device often have no framework for allowing IT administrators to control which applications can be executed. Both API access control and application control for mobile systems are of particular concern to IT administrators who have a responsibility to protect confidential corporate information that reside on or are accessible by mobile devices.