Recent advances in digital technologies have enabled development of various user devices that enable users in motion to communicate and process personal information. Examples of such user devices include mobile communication terminals, personal digital assistants (PDA), electronic organizers, smartphones, and tablet computers. Particularly, high-end user devices have evolved into mobile convergence devices supporting heterogeneous functions originating from distinct fields. For example, such a user device can support a variety of functions related to voice calls, video calls, SMS or MMS messages, electronic mail, navigation, image capture, broadcast reception, media (video and music) playback, Internet access, instant messaging, and social networking services (SNS).
A variety of applications are installed in a user device and an installed application is executed according to user selection. When an application is to be installed in a user device, a signature of the developer can be required. That is, the operating system (OS) of the user device can allow installation of an application only when the application has a signature of the developer. However, once an application is installed in the user device, execution thereof may be not examined. That is, an execution request for an installed application may be accepted without separate authentication.
As described above, for an application to be installed, an existing user device can check presence of a signature only but does not verify credibility of the signature. That is, a casual user may be unable to ascertain whether an application to be installed is developed and distributed by a trusted developer. Hence, a malignant application masquerading as a normal application can be easily distributed. Uncontrolled distribution of malignant applications can harm users and user devices.