The adoption of smart mobile devices such as smartphones, tablets, etc. by consumers and enterprises is occurring at a staggering rate. It is estimated that such devices will shortly eclipse the annual shipments of desktop and laptop computers. Employees frequently bring mobile devices into work, i.e. in the enterprise. With the proliferation of mobile devices in the enterprise, Information Technology (IT) administrators can no longer ignore these devices as outside their scope of responsibility. In fact, mobile devices are now as powerful as laptop computers. Employees want to access corporate data and the Internet through wireless networks such as Wi-Fi hotspots (IEEE 802.11 and variants thereof) or cellular data networks (e.g., 3G/4G, WiMax, etc.) which are outside the control of IT. On mobile devices, the line between enterprise and personal usage is blurred. Since the enterprise typically does not own the device, enforcing policies for acceptable usage or installing application controls as a traditional IT administrator would on a corporate PC, is often not viable.
Conventionally, security vendors have responded to emerging mobile threats by extending the desktop antivirus concept to mobile devices in the form of “security apps”. Unlike the personal computer (PC) world, which is dominated by Microsoft, there are several different mobile operating systems such as systems from Apple, Android, Windows Mobile, Blackberry, Symbian, Palm/HP, etc. Each platform has its own software development environment and a security vendor developing mobile security apps has to replicate the effort across various platforms. Furthermore, some platforms such as Apple iOS do not allow traditional antivirus apps on their devices. Loading third-party apps not approved by the platform vendor may lead to violation of the contract and often requires jailbreaking the device which is definitely not an enterprise option. Even if security apps are allowed, they are a headache to deploy, require constant updates and are easy to circumvent, i.e. the user can simply uninstall them if they are disliked. Worst of all, the security apps impact device performance and degrade the user experience by stretching the already limited processor, memory, and battery resources on the mobile device.