The Background section of this document is provided to place embodiments of the disclosed technology in technological and operational context to assist those of skill in the art in understanding their scope and utility. Unless explicitly identified as such, no statement herein is admitted to be prior art merely by its inclusion in the Background section.
Applications running on mobile devices consume and store confidential information from various network-enabled resources, e.g., web servers, databases, etc., while generating privacy sensitive data from various built-in sensors, e.g., images generated using cameras, location information generated using Global Positioning Systems (GPS), etc. To protect such confidential information, the mobile devices implement various security features, preventing the data associated with applications from being accessed out-of-band. Further, to enhance security, mobile device manufacturers restrict their devices to a single online repository for installing new applications, where the applications are validated and authorized before becoming available through the online repository.
However, due to defects and vulnerabilities in the mobile platforms of these mobile devices, mobile device users are able to introduce arbitrary executable code that can disable many of the security features. For instance, an attacker can successfully penetrate a mobile operating system without modifying the state of the target application. As a non-limiting example, an attacker may utilize a method known as jail-breaking to obtain high-level system privileges on the target mobile device by leveraging the system's debugging interface, which in turn allows complete access to the memory and disk resources of the applications executing on the target mobile device.
In another non-limiting example of defects and vulnerabilities in the mobile platforms, as part of a device tracking feature, mobile devices generally provide mobile applications with access to granular location information by means of an onboard GPS chipsets and coarse location information based on proximity to telecom base stations and known wifi stations. There are known systems and methods that periodically updates a remote server with the location of the mobile device as a means to track its last known location, helping provide a remedy for lost or stolen devices. However, applications for tracking the location of lost or stolen devices are highly limited and can be rendered ineffective by disturbing and/or preventing network connectivity or GPS access to the mobile device.
In another non-limiting example, a device remote wipe feature can remotely trigger a factory reset operation, where all user generated data and settings are erased from the device. Such technology can also be rendered ineffective by disturbing and/or preventing network connectivity of the mobile device before a wipe command could be sent to the device.
In another non-limiting example, persistent storage encryption is the concept where the data is encrypted while it is not actively processed by an application. Such technology can be attacked through the software stack as described above and cannot be extended to protect data while it is being processed.
In another non-limiting example of defects and vulnerabilities in the mobile platforms, containers and wrappers are systems and methods that build additional layers of access control over applications, where data and sensor access is controlled by a policy. Such technology can be attacked through the software stack as described above and cannot be extended to protect data while it is being processed.
In another non-limiting example, network layer solutions are systems and methods that intercept network traffic between mobile devices and private networks detecting known application traffic and enforces predefined policies to such traffic. These systems and methods cannot be extended to protect data when the said data is transferred over a previously unknown method or system, e.g. locally encrypting and posting a sensitive file to an unknown web site.
In another non-limiting example, HTML5 based mobile applications are systems and methods that process and present sensitive data in a web structured format within web client technologies. Such technology is generally limited in functionality compared to native applications and is susceptible to Man-In-The-Browser and Advanced-Persistent-Threat attacks.
Further, the security problems are becoming much more prevalent due to many organizations allowing their employees to access sensitive corporate data through their mobile devices. This phenomenon is referred to as the Bring Your Own Device trend, commonly abbreviated as BYOD. So, with the increasing complexity of new mobile platforms and the new device usage trend, the possibility of sensitive application data being accessed out-of-band becomes much more likely in spite of the various efforts to improve mobile computing security.
The headings provided herein are for convenience only and do not necessarily affect the scope or meaning of the claimed embodiments. Further, the drawings have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be expanded or reduced to help improve the understanding of the embodiments. Similarly, some components and/or operations may be separated into different blocks or combined into a single block for the purposes of discussion of some of the embodiments. Moreover, while the various embodiments are amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the particular embodiments described. On the contrary, the embodiments are intended to cover all modifications, equivalents, and alternatives falling within the scope of the disclosed embodiments as defined by the appended claims.