Abstract: This disclosure is directed to a system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices (e.g., smartphones, netbooks, and tablets). A mobile communication device uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces a characterization assessment and can also provide a characterization re-assessment for the application, or data object, and transmits the assessment to the device. By performing analysis on a server, the invention allows a device to reduce the battery and performance cost of protecting against undesirable applications. The servers transmits notifications to devices that have installed applications that are discovered to be undesirable.

Abstract: A server receives from a mobile communication device information about a data object (e.g., application) on the device when the device cannot assess the data object. The server uses the information along with other information stored at the server to assess the data object. Based on the assessment, the device may be permitted to access the data object or the device may not be permitted to access the data object. The other information stored at the server can include data objects known to be bad, data objects known to be good, or both.

Abstract: Pushing data to mobile devices can be problematic because mobile platforms may support a number push services, each of which have different cost and reliability characteristics. The problem of being able to push data to multiple different types of mobile devices from a single server is solved by a push service aggregator supporting multiple push services. Upon receiving a push request, one or more push services are selected for pushing data to a client. The selection may be based on a delivery profile included with the push request, information about the client, past performance of the push services, current status of the push services, or combinations of these. The status of the push may be tracked and monitored so as to retry in the case of non-delivery.

Abstract: On a mobile communications device, visiting a link from a messaging application or web browser may result in an undesired action, such as visiting a phishing site, downloading malware, causing unwanted charges, using too much battery, or the device being exploited. In an implementation, a mobile application intercepts a request including an identifier associated with an action to be performed by another application on the device and evaluates the identifier to determine when the request should be permitted, blocked, or conditionally permitted. The client may use local data or make a request to a server to evaluate the identifier. In an implementation, server communications are optimized to minimize latency by caching evaluation results on the device, proactively priming the device's DNS cache, optimizing when DNS lookups are performed, and adapting evaluation policy based on factors such as the source of the request, and the currently active network connection.

Abstract: When a mobile device interacts with a network service, synchronous DNS resolution can significantly impact user experience due to lossy or moderate-high latency conditions. Network services that rely on low-TTL DNS records for failover require a client to frequently resolve the service's host name. It is undesirable to block on these frequent resolutions. In an implementation, user activity on a mobile device is monitored to determine whether the user is engaged in an activity that would contact a server. If such an activity is in progress, then DNS requests to resolve the server's host name are periodically generated to make sure the server's IP address is cached. In an implementation, if a request to communicate with a server fails, the DNS cache expires the entry for that server so that a new DNS request can resolve the server's IP address in case the server's IP address has changed.

Abstract: To prevent malware, spyware and other undesirable applications from affecting mobile communication devices (e.g., smartphones, netbooks, and tablets), a device uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces a categorization assessment and can provide a categorization re-assessment, and transmits the assessment to the device. By performing analysis on a server, a device can reduce its battery and performance cost of protecting against undesirable applications. The server transmits notifications to devices that have installed applications that are discovered to be undesirable. The server receives data about applications from many devices, using the combined data to minimize false positives and provide comprehensive protection against known and unknown threats.

Abstract: A system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces a characterization assessment and can also provide a characterization re-assessment for the application, or data object, and transmits the assessment to the device. By performing analysis on a server, the invention allows a device to reduce the battery and performance cost of protecting against undesirable applications. The servers transmit notifications to devices that have installed applications that are discovered to be undesirable. The server can accumulate this data and then perform a characterization re-assessment of a data object it has previously assessed to provide an assessment based upon one of trust, distribution and ratings information.

Abstract: When attempting to recover a lost or stolen mobile device, it is often desirable to remotely command the device to play a sound in order to allow the device to be located or alert nearby people. In order to allow the owner of a lost device to remotely initiate the sound, a server generates a remote access user interface and it is displayed on a client computer that allows the owner to send a request the server to initiate the playing of the sound on the device. The interface may allow the user to customize the sound by selecting from a list of pre-configured sounds, recording a sound, uploading a sound, or purchasing a sound. The sound may also be input as text and converted to sound for playing on the mobile device.

Abstract: GPS receivers are included in many mobile communications devices; however, there are circumstances where GPS is unavailable or undesirable to use. In an implementation, a device identifies nearby wireless signals, such as Wi-Fi access points and cell towers, and compares them to a database of known signals to determine an approximate location for the device. Because such a database can be large and change rapidly, it may not be appropriate to store the database entirely on a device. Instead, a server may store the database. In an implementation, to minimize the time required to determine a device's location, the device may first transmit location-related information to a server and receive a subset of the database corresponding to an area near the device so that future locations nearby can be determined without needing to communicate with the server.

Abstract: Disclosed herein is a system and method for efficiently gathering information about applications for mobile communication devices (e.g., smartphones, netbooks, and tablets). This disclosure is also directed to a server producing assessments for applications by analyzing data from multiple sources. To gather information, a device sends information about an application to a server, which stores some or all of the information and may request additional information, if necessary. The server collects information from many devices, including devices that have varied configurations and different operating systems, by only collecting the appropriate information from each device. The server gathers the appropriate data to perform in-depth, granular mobile application analysis while minimizing overhead on devices, wireless networks, and the server. The server may collect portions of data from multiple devices, combining them on the server to produce an assessment for an application.

Abstract: This disclosure is directed to a system and method for providing advisement about applications on mobile communication devices such as smartphones, netbooks, and tablets. A server gathers data about mobile applications, analyzes the applications, and produces an assessment that may advise users on a variety of factors, including security, privacy, battery impact, performance impact, and network usage. The disclosure helps users understand the impact of applications to improve the experience in using their mobile device. The disclosure also enables a server to feed information about applications to other protection systems such as application policy systems and network infrastructure. The disclosure also enables advisement about applications to be presented in a variety of forms, such as through a mobile application, as part of a web application, or integrated into other services via an API.

Abstract: This disclosure is directed to a system and method for preventing malware, spyware and other undesirable applications from affecting mobile communication devices (e.g., smartphones, netbooks, and tablets). A mobile communication device uses a server to assist in identifying and removing undesirable applications. When scanning an application, a device transmits information about the application to a server for analysis. The server receives the information, produces an assessment for the application, and transmits the assessment to the device. By performing analysis on a server, the invention allows a device to reduce the battery and performance cost of protecting against undesirable applications. The servers transmits notifications to devices that have installed applications that are discovered to be undesirable. The server receives data about applications from many devices, using the combined data to minimize false positives and provide comprehensive protection against known and unknown threats.