In the mobile domain, Operating Systems (OS), such as mobile OS, the security model is generally much more protective than of that of a traditional OS of desktop systems. In such an OS, programs, also referred to as “apps” may be executed with lower privilege levels and have limited ability to interact and influence the OS as well as other programs. Such a security model may limit the capabilities of security and privacy solutions that are developed for mobile devices, making the device protection task challenging in particular. For example, an iOS™ app cannot monitor and make decisions based on requests sent from other apps on the device.
There are a variety of security and privacy threats (also referred to as threats) that are addressed by security programs. As an example, some applications may implement a functionality that poses a privacy threat, in particular threat to an organization by revealing confidential or sensitive information. This can be due to sending of sensitive information, such as contact lists, calendar meetings, location and/or documents to external servers, thus possibly violating the privacy of the device owner and/or the organization. Regardless of whether the sensitive data is transmitted via an encrypted channel or not, the fact the private information is transmitted to a third party may be problematic and undesired by device owners and organizations.
Some organizations may rely on technologies that forbid the usage of “privacy threatening” applications by its employees. Such a solution bans specific applications altogether and does not differentiate between problematic and non-problematic functionality. In particular, if the application has a business value but poses some threat, such a solution requires the organization/owner to decide whether or not to use the app altogether. In addition, forbidding the usage of an application can be perceived as a dramatic and unwelcome measure, given that the device is owned by the employee in many cases.
Another approach may be to tunnel all of the device traffic to the organization, decrypt if applicable, and inspect it. This approach has severe scalability, performance and privacy drawbacks. Moreover, as the device is used for both personal and corporate needs, keeping the user's personal data private from his/her employer is important.