Evaluation of computer software to identify the presence of computer viruses has become widespread. In some cases, network operators provide virus screening tools as part of their basic offerings, and implement these tools in a way that users may be barely aware of their presence. Typical virus screeners examine software to determine if previously identified malware signatures are present. Thus, conventional malware detection requires a prior identification of a malware signature, and such malware detection is necessarily reactive. In other conventional approaches, individual software programs are evaluated to determine possible violations of desired behavioral properties.
The widespread use of software programs (“applications”) on mobile computing devices presents additional challenges. First, many such mobile device users store, enter, or receive personal or financial data with these devices, and security of this data is a prime concern. Second, these mobile devices typically include cameras and microphones that can be connected to wide area networks such as the Internet, so that unauthorized acquisition of images and sound with these devices, and transmission of the acquired data can be significant privacy violations. In addition, mobile devices are typically configured to report device location, and unauthorized reporting of this location can also represent a significant violation of personal privacy. Third, in many cases, users depend on the proper functioning of mobile devices for daily activities including workplace and personal communications (email, text, telephone), work and personal calendaring, and access to address books, financial information, news, and entertainment. The presence of malware or misbehaving applications on a personal mobile device can thus result in significant inconvenience. While conventional approaches can recognize malware after the fact based on malware signatures associated with individual applications, additional approaches are needed.