Abstract: A computer-implemented method for protecting virtual machine program code may include (1) identifying one or more software program functions developed for execution in a virtual machine to be protected against reverse engineering, (2) converting one or more of the software program functions to native code for the computing device, (3) obtaining a memory address of one or more virtual machine functions, (4) generating one or more at least partially random alphanumeric values to identify the memory address of the virtual machine functions, (5) invoking the converted native code using a native code interface for the virtual machine, and (6) invoking one or more of the virtual machine functions from the converted native code using the alphanumeric value. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malicious files may include (1) identifying a length of at least one line within a textual file, (2) assessing, based at least in part on the length of the line within the textual file, a likelihood that at least a portion of the textual file has been encrypted, (3) determining, based on the likelihood that at least a portion of the textual file has been encrypted, a likelihood that the textual file is malicious, and (4) performing a remediation action based at least in part on determining the likelihood that the textual file is malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method may include facilitating registration for a service capable of determining whether strangers who come in contact with one another share one or more characteristics in common. The computer-implemented method may also include obtaining, as part of the registration for the service, permission for the service to access at least a portion of one or more social-networking accounts associated with each of the strangers. The computer-implemented method may further include determining, subsequent to the registration for the service, that the strangers registered for the service have come in contact with one another and then providing the service to the strangers in response to this determination. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Power consumption on a mobile computing device is reduced, by identifying and managing apps that prevent the mobile device from sleeping while the screen is off. It is detected when the screen is turned off and when it is subsequently turned back on. During the ensuing period of time, it is determined which specific apps prevent the mobile device from sleeping. This can take the form of identifying each specific app on the mobile device that has an unreleased wake lock at any point during the given period of time while the screen is off. The prevention of the device from sleeping while the screen was off is quantified by app according to power consumption, based on factors such as duration. Any apps for which the quantified prevention of the mobile device from sleeping while the screen was off meets a specific threshold are identified and managed.

Abstract: A computer-implemented method for providing controls for application behavior may include (1) identifying an application that is distributed via an application repository and that is configured to use a permission on a computing platform that enables the application to access a feature of the computing platform, (2) receiving a request to reconfigure the application to intercept and interfere with attempts by the application to use the permission, (3) reconfiguring the application, in response to the request, to intercept and interfere with attempts by the application to use the permission, (4) determining that an updated version of the application is available via the application repository, and (5) reconfiguring the updated version of the application to intercept and interfere with attempts by the application to use the permission in response to an instruction to update the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for monitoring application resource usage on mobile computing systems may include 1) identifying a mobile computing system that is configured to execute one application at a time as a foreground application, 2) identifying a request to determine a resource consumption level of an application on the mobile computing system, 3) identifying, in response to the request, at least one frequency level at which a processor of the mobile computing system operates while the application executes as the foreground application, and 4) determining, based on the identified frequency level, the resource consumption level of the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for dynamically modifying rules for selecting suitable mobile networks. The method may include (1) identifying a set of predefined rules for selecting suitable mobile networks with which to connect, (2) obtaining a training data set that includes data about at least one candidate mobile network, (3) using machine learning to dynamically adjust, based at least in part on the training data set, the set of predefined rules, and (4) connecting to a suitable mobile network identified by the dynamically adjusted set of predefined rules. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method to identify new words from a meta tag is described. A Hyper-Text Markup Language (HTML) page is analyzed to identify a meta tag associated with the HTML page. At least one separator included in content of the meta tag is identified. The content of the meta tag is divided using the identified separator. A portion of the divided content is compared to content stored in a database. Upon determining that the portion of the divided content does not exist in the database, the portion of the divided content is added to the database.

Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method to identify the spreading of sensitive data from a suspicious application is described. At least one security attribute for an application programming interface (API) is defined. Sensitive data passed through the at least one security attribute to the suspicious application are marked. The marked sensitive data being passed through the at least one security attribute from the suspicious application are detected. A notification is generated regarding the spreading of the sensitive data by the suspicious application.