Mobile devices and platforms, such as, for example, smartphones, are increasingly used in electronic commerce (e-commerce) and other applications which may benefit from information about the environment surrounding the device. This information is sometimes referred to as context data. Context data, which may be collected by sensors associated with the device, is generally considered to be sensitive in nature and, with increased concerns about security and privacy, users of mobile devices may not want this context data to be made available to unauthorized entities.
Typically, an encryption based secure channel is established over a wireless network between the operating system or application running on the mobile device and remote entities such as servers. This method is vulnerable, however, to a type of attack known as a “man-in-the-middle” attack, where malicious software (mal-ware) may gain control of the device and obtain access to the context data before it is encrypted. The mal-ware may then redirect the context data to unauthorized entities (sometimes referred to as snooping) or may modify the context data prior to transmission to the authorized applications or intended destination (sometimes referred to as spoofing). In some cases, the modified (or counterfeit) data may be used to circumvent security restrictions.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.