1. Field of Invention
The present invention relates to the field of mobile security, more particularly, to method and system for information security protection from mobile applications.
2. Discussion of Related Art
With the increasing popularity of mobile devices (e.g., smart telephones and other such wireless devices), more users are utilizing their mobile devices to access more and more different types of services over the Internet. For example, there is a trend towards allowing users to interact with banking services and/or networking sites using mobile devices. However, numerous security concerns arise when a user accesses the Internet using a mobile device. In particular, some websites may include malware and/or spyware which may be configured to capture confidential and/or sensitive information/data stored on and/or entered through a mobile device.
Privacy protection becomes more and more important, as computing power of mobile devices is now as powerful as laptops. There are two primary challenges that affect the security strategy of mobile devices. The first challenge is that the speed of software development for mobile devices is far beyond the speed of PC software. Every week, thousands of mobile applications are developed by individual or small developer group, and upload to on-line application store, such as, App Store or Android Market. Applications range from on-line banking, on-line shopping to Social Networking Services, and most of them requires private information more or less, it would be difficult to identify which one is safe or malicious. Existing mobile security software try to solve this matter by continuously monitoring and analyzing behavior of other installed applications. However, such monitoring and analyzing is very time consuming, or simply based on user's subjective decision, such as, which application is trustful or not. It would be often too late when certain privacy risky behavior is detected by the mobile device, and the user's subjective decision is often not accurate enough.
The second challenge is that security apps for mobile devices are expensive to develop and often ineffective. Unlike the PC world, which is dominated by Microsoft, there are several different mobile operating systems—Apple iOS, Android, Windows Mobile, Blackberry, Symbian, etc. Each platform has its own software development environment and a security vendor developing mobile security applications will have to replicate the effort across various platforms. Further, some platforms such as Apple iOS do not allow traditional anti-virus applications on their platform. Loading third party applications, not approved by the platform vendor may lead to violation of contract and often requires “jailbreaking” the device—definitely not an enterprise option. Even if security applications are allowed, they are a headache to deploy, require constant updates, and are easy to circumvent—the user can simply uninstall them if they dislike it. Worst of all, they impact device performance and degrade user experience by stretching the already limited processor and memory resources on the mobile device.