Today, electronic devices are widespread. Such electronic devices can provide a user with wireless phone access, Internet access, the ability to perform online transactions (e.g., on-line shopping, on-line banking, etc.) as well as other applications such as finding maps to particular locations, among many other things. As such, many modern electronic devices allow for wireless communication as well as almost all of the Internet features associated with non-mobile computer systems. Examples of such electronic devices include, without limitation, mobile phones, cellular phones, portable computers, desktop computers, personal digital assistants (PDAs), monitors, computer monitors, televisions, tuners, radios, satellite radios, digital music players, portable music players, digital video players, digital video disc (DVD) players, portable digital video players, and so on.
Accordingly, the widespread electronic devices that are available today can increase user productivity and quality of life. Unfortunately, electronic devices (and especially mobile devices) are susceptible to loss, theft, or unauthorized use. Electronic devices often carry private, confidential, and/or difficult-to-replace data, and the loss of such data further compounds the loss of the electronic device. Although an electronic device that has been lost or stolen can be physically replaced, oftentimes the data stored on such an electronic device is confidential and/or irreplaceable. Additionally, the authorized user of a lost or stolen electronic device may have to deal with ramifications such as the misuse of information or someone else gaining access to information stored on the mobile device. Further, in many cases, hours or even days may lapse before the authorized user of the electronic device even discovers the loss, during which time an unauthorized user may be accessing sensitive data, misappropriating information, making national and international phone calls, or riding up charges for goods or service on the authorized use's accounts through on-line purchases and transactions. Furthermore, electronic devices are often used to run diverse applications that originate from many sources, which can sometimes leads to users installing applications with malicious intent (e.g., malware) onto electronic devices without their awareness. For example, unwanted malware may impersonate the authorized user, send unauthorized short message service (SMS) messages (e.g., to conduct transmissions that debit the telecommunication account associated with the electronic device, usually in an attempt to generate revenue for the attacker), steal personal data, or engage in other malicious and/or unauthorized activity.
Previous attempts have been made to prevent unauthorized use or otherwise stop attacks against electronic devices. For example, some electronic devices are equipped with locking features that require a code or personal identification number (PIN) to unlock the electronic device. Unfortunately, many users do not utilize such authorization schemes such that locking features tend to be ineffective, and moreover, thieves can easily overcome such authorization schemes because unlock codes tend to be short and predictable so as to be memorable to users. Furthermore, other previous attempts to stop attacks against electronic devices involve configuring an operating system (OS) to run applications in a “sandbox” intended to prevent unauthorized or undesirable behavior. However, many legitimate applications are used to send SMS messages, place calls, or engage in other behavior that may be restricted in a sandbox, whereby many operating systems allow approved applications to bypass the sandbox restrictions such that attackers can simply encourage or mislead the user to supply such approval, authorization, or agreement in a permission request. Further still, current attempts to detect theft or other unauthorized usage based on behavioral attributes tend to take a naïve approach in measuring an attribute, such as the time from device pick-up (e.g., as sensed with an accelerometer) to the time that the user first interacts with the device and then setting a threshold with respect to the measured attribute to characterize the user. However, defining an accurate threshold tends to be difficult, especially when using an individual feature attribute, whereby the thresholds typically wind up being excessively sensitive (e.g., leading to false positives) or excessively lax (e.g., leading to false negatives).
Accordingly, with the ubiquity of electronic devices and the ever-present threat that electronic devices may potentially be stolen or subject to unauthorized use, improved techniques to detect electronic device theft and unauthorized usage are desired.