In the Android operating system (OS) and in a number of other mobile operating systems (e.g., iOS, Windows Phone) in order to ensure safety during the execution of user applications by the OS, an isolated program execution environment known as a “sandbox” may be used. The isolated environment usually constitutes a controllable set of resources available to the application for its execution, such as space on the disk or in the memory, the number of processor cores which can be used, and so on. Moreover, usually either the execution of functions is partly emulated, or access to the network (local area or Internet) and the ability to use the OS functions or to read information from a data input device is greatly restricted. Applications executed in such an isolated environment are not able to read much less write into random access memory areas, which are accessible or dedicated to other applications.
In order to call system functions, a user application must request additional permissions. Most often such permissions are granted by the user either during the installation of the application (in earlier versions of the Android OS), or during the launching or execution of an application (in later versions of the Android OS and in other OS). Examples of such permissions include, permission to work with SMS/MMS messages, permission to access user contacts, and permission to access network services. The number of actions which a user application can execute outside of the isolated environment with the help of permissions is likewise limited. The permissions themselves are usually of various kinds: those which can be granted to all user applications, and those which are granted only to a limited group of user applications, such as only those constituting firmware of the user device. An example of a permission granted to a limited group of user applications is a permission to restart a user device.
A security application is also considered to be an external application and thus restricted in its rights in the framework of its isolated environment and those additional permissions granted to it by the user. Therefore, difficulties arise with a security application obtaining data available to other external applications. There are no permissions for reading the data of other applications in the list of permissions provided to external applications by the operating system, since such permissions are contrary to the approach of using an isolated environment. Therefore, there is a need to improve a mechanism for a security application to control access to data by external user applications executing in an isolated environment on a mobile device.