The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.
Mobile electronic communication devices have evolved beyond simple telephones and are now highly complex multifunctional devices with capabilities rivaling, and in some cases surpassing, those of desktop or laptop computers. In addition to voice communications, many mobile communication devices are capable of capturing images, text messaging, e-mail communications, internet access, social networking, and running full-featured application software. A full range of mobile applications are available from online application stores that can be downloaded onto mobile communication devices. These applications can be games and/or services that provide additional capabilities, such as online banking, stock trading, payments, and other financial activities. Furthermore, mobile communication devices can store confidential or private information such as access codes, passwords, account numbers, e-mail addresses, personal communications, phone numbers, and financial information.
With so many functions and services and with the ability to store sensitive and confidential information, mobile communication devices are a prime target for cybercriminals who create malicious applications, which when loaded onto a device are designed to gain access to information stored on the device or to disrupt the operation of the device. Indeed, the number of identified malicious applications targeting mobile devices increased six fold in one year over the previous year. Some malicious applications are designed to run silently in the background without the user's knowledge. These applications can eavesdrop on the user's input actions and/or on incoming or outgoing messages, and can then forward this information to another device or destination.
In some instances, a malicious application can be configured to eavesdrop on information collected by one or more sensors in the communication device, and to use that information to infer a password or other sensitive information. For example, many mobile communication devices include inertial motion sensors, e.g., an accelerometer and a gyroscope, that collect information relating to the spatial movement and orientation of the device. Access to this motion information by an application on the device is typically unfettered. While seemingly harmless, it has been shown that sensor information collected by an accelerometer and/or a gyroscope when a user is typing on an on-screen keyboard provided by the device can be used to infer the keystrokes associated with the typing. This information leak can help a cybercriminal to decipher the user's password or other confidential information. In a different example, there is an increasing trend towards the use of sensors in or connected to a communications device to monitor health or medical conditions. Access to this information by an application on the device can raise privacy concerns.