Field
The present invention is related to mobile device security. More particularly, the present invention is in the technical field of policy enforcement related to administrative access in mobile communications devices.
Description of the Related Art
Software and data related security of current devices, especially mobile devices, rely on a variety of features including virtual machines, inter-process communication, package managers, mobile device management systems, touch screen software components, shared memory, relational databases, device configuration signature checking, specialized debugging interfaces (e.g. Android Debug Bridge, and the like), trusted daemon processes, and the like. In an example, Android mobile devices use checks on inter-process communication to determine if an application should gain access to a particular system resource, such as the user's contact list. Virtual machine security checks, such as determining whether or not a specific native library should be loaded, are also employed.
Applications may seek to execute privileged code on an underlying operating system. In a traditional jailbroken system, the applications may directly access the system controller in such a way as to cause it to execute the system call, thereby allowing the application to execute privileged code that is not normally accessible by the application. This is a potential security violation as the application may not have appropriate authorization to execute the privileged code.
A key challenge with mobile devices is that it is difficult to ensure the integrity of the very software that is relied upon to provide security (e.g. virtual machine, device I/O, inter-process communication, specialized debugging interfaces, and other components). A need exists for systems that provide security, such as by enforcing data provenance, protecting against malware and enforcing security policies via inter-process communications mechanisms.