Malicious software (or malware) may affect a mobile device in many different ways. One current technique that is used is to gather sensitive or private information from a user's mobile device and then send that information over a communications link to an outside entity. Thus, the user's sensitive or private information (which he or she thinks is safe upon his or her private mobile device) is sent to an entity that may misuse that information. Examples of information that may be sent include: the user's geographic location, passwords and user names, financial information, credit card information, contact information of others, etc.
The gathering of this sensitive or private information is not necessarily limited to malicious software created by unscrupulous persons. With the growing popularity of mobile devices and the thousands upon thousands of mobile applications available for download over the Internet, it is possible that (and instances have occurred in which) well-meaning writers of these applications have programmed these applications to gather sensitive or private information and send it to a remote location. In addition, there have been instances in which well-known corporations have distributed software applications that collect user information from a computing device and send that information to a remote location.
Against this backdrop of potential privacy leakage, the .NET framework is becoming a very important infrastructure used with new software applications. As is known in the art, this software framework (developed by Microsoft Corporation) runs primarily on Microsoft operating systems but can run on other platforms as well. Software applications that are written for this .NET framework execute within a software environment known as the Common Language Runtime (CLR), which is an application virtual machine. The .NET framework includes a class library and the CLR. Typically, programmers produce a software application by combining their own source code with the .NET framework in other libraries.
As this framework is becoming more popular, and as more and more software applications are being written (especially by third parties and for mobile devices), it is desirable to have techniques that will detect leakage of sensitive and private information from within this framework.