1. Field
The present invention relates generally to a mobile device capable of detecting unexpected behavior associated with the mobile device.
2. Relevant Background
Today, the use of mobile electronic devices is widespread. Such mobile electronic devices can increase a user's productivity and quality of life, but they are also susceptible to loss, theft or unauthorized use. Examples of such devices are smart phones, cellular phones, portable digital systems (PDAs), digital cameras, tablets, mobile computers, etc. (hereinafter referred to as mobile devices).
Mobile devices are often used to run diverse applications which originate from many sources. Unfortunately, applications with malicious intent (e.g., malware) are sometimes installed by users onto their mobile device. Users are typically unaware of this. As an example, a subset of malware is characterized by transmissions that debit the telecommunication account associated with the mobile device, usually in an attempt to generate revenue for the attacker. For example, the malware may send a short message service (SMS) message or place a call to a premium number (often in a remote jurisdiction). Unfortunately, by the time that the attack is typically detected, a significant debit or loss has occurred. Redress from entities in remote jurisdictions may be difficult or impossible, leaving the account holder, or their carrier, liable for the fraud. Therefore, a need exists for countermeasures against this type of attack.
Previous attempts have been made to stop attacks against mobile devices. For example, many mobile device operating systems (OSs) run applications in a “sandbox” that is intended to prevent unauthorized or undesirable behavior. Unfortunately, there are often legitimate applications that wish to be able to send SMS messages or place calls, so many operating systems allow this functionality for approved applications. Therefore, the attacker can simply encourage or mislead the user to supply such approval, authorization, or agreement in a permission request.
However, users are typically not motivated enough to thoroughly read, understand, or predict the effect of fine grained permission requests and often do not read authorization requests requested by the installer of an application. An attacker may therefore present a desirable application with a plausible request for authorizations, such as placing calls or sending SMS messages, and many users unfortunately agree, without even reading the agreement or the request for authorization. This type of agreement is even easier to get approval from a user if the user is presented with a bewildering and long list of fine grained permission requests. There is therefore a need for techniques for mobile devices to detect unexpected behavior and to stop the unexpected behavior and/or notify the user of the mobile device of such unexpected behavior.