Abstract: Software applications previously or currently being installed on a plurality of user devices are monitored. In one embodiment, a first set of the installed applications that is signed with a signing identifier of a developer are identified. A report is then sent to the developer that includes an identification of the first set. In another embodiment, the authenticity of a first application is evaluated including determining, based on a respective signing identifier for each of a plurality of applications, that the applications are similar to the first application. A notification is sent to the developer that identifies applications having a signing identifier that is different from the signing identifier of the developer.

Abstract: Context information associated with a mobile communications device and a network connection for the mobile communications device is collected. A security policy is applied to determine whether the security offered by the network connection is appropriate for the context. If the security offered by the network connection is not appropriate for the context, the network connection may be made more secure, less secure, or a different network connection having an appropriate level of security may be used for the data associated with the context.

Abstract: A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.

Abstract: A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier, a first application identifier, and a signature of authorship for the first application to a different computing device.

Abstract: A method for authorizing a mobile payment transaction is provided that is based on device locations. The method includes receiving, by a server, a request from a point of sale (POS) device to authorize a payment transaction involving a payment facilitating device. In an embodiment, the request includes payment information of the payment transaction and location information of the POS device. When the request is received, an authorizing client device for the payment transaction is identified based on the payment information from the payment facilitating device. The request to authorize the payment transaction is granted when it is determined that the authorizing client device is located within a predetermined distance from the POS device.

Abstract: A server receives from a mobile communication device information about a data object (e.g., application) on the device when the device cannot assess the data object. The server uses the information along with other information stored at the server to assess the data object. Based on the assessment, the device may be permitted to access the data object or the device may not be permitted to access the data object. The other information stored at the server can include data objects known to be bad, data objects known to be good, or both.

Abstract: The method disclosed herein provides for performing device authentication based on the of proximity to another device, such as a key device. When a key device is not near a mobile communications device, an unlock screen is allowed to be presented on a display screen. Based on the mobile communications device receiving a first code to unlock the mobile communications device, the mobile communications device is unlocked in a first mode.

Abstract: A method for authorizing a mobile payment transaction is provided. The method includes receiving, by a server, a request to authorize a payment transaction which originates from a point of sale (POS) module. In an embodiment, the request includes payment information of the payment transaction and location information of the POS module. When the request is received, an authorizing client device for the payment transaction is identified based on the payment information and a disposition of the request to authorize the payment transaction is determined based on whether the authorizing client device is located within a predetermined proximity to the POS module.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Active probing and other methods are used to detect the attacks. Responses to detection include one or more of displaying a warning to a user of the computing device, providing an option to disconnect the network connection, blocking the network connection, switching to a different network connection, applying a policy, and sending anomaly information to a security server.

Abstract: Methods and systems are provided for sharing security risk information between collections of computing devices, such as mobile communications devices, to improve the functioning of devices associated with the collections. The methods and systems disclosed may share security risk information by identifying a security risk response by a first collection and then providing the security risk response to a second collection when a relationship database profile for the first collection indicates the security response may be shared with the second collection. Methods and systems are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device.

Abstract: Methods are provided for determining an enterprise risk level, for sharing security risk information between enterprises by identifying a security response by a first enterprise and then sharing the security response to a second enterprise when a relationship database profile for the first collection indicates the security response may be shared. Methods are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device.

Abstract: Security is enhanced for a user of a mobile communications device by monitoring and controlling resource usage. First information associated with each of a plurality of mobile communications devices is collected, including configurations and settings for applications, components, resources and external resources for each mobile communications device. The collected information is used to identify an application, component, resource or external resource that is currently active on two of the mobile communications devices. Second information is transmitted to the first of the two mobile communications devices to reduce or terminate usage of the identified application, component, resource or external resource on the first mobile communications device.

Abstract: The method disclosed herein provides for performing device security corrective action based on loss of proximity to another device, such as a key device. While a mobile communication device is locked, a mobile communication device determines whether or not a key device is within a specified distance. If the key device is not within the specified distance from the mobile communication device, a notification may be displayed on the mobile communication device. If a user responds to the notification, the user may prevent or alter the mobile communication device from performing at least one device security corrective action. If, however, the user does not respond to the notification within a specified time period, the at least one device security corrective action is performed on the mobile communication device.

Abstract: Data is collected from a set of devices. The data is associated with the devices, mobile application programs (apps), web applications, users, or combinations of these. A norm is established using the collected data. The norm is compared with data collected from a particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particular device, a response is initiated.

Abstract: A system and method checks for harmful behavior of an application to be installed on a mobile communications device. A server computer receives from the mobile communications device data pertaining to the application to be installed and information pertaining to the mobile communications device. The server processes the data and information to determine an assessment for the application to be installed. The assessment is provided to the mobile communications device and the assessment is displayed on the device if the assessment is one of dangerous and potentially dangerous.

Abstract: A system and method including: determining, by a manager module, a need to determine a primary software component of a client device; identifying a first software component and a second software component of the client device; identifying a set of characteristics of the first software component and the second software component; determining that the first software component is the primary software component based on the set of characteristics of each software component, where determining the primary software component further includes comparing the set of characteristics of each software component and selecting the primary software component based on the set of characteristics with a highest priority; and instructing, by the manager module, the one or more processors to cause functionality associated with the second software component to be at least partially suspended.

Abstract: A server receives from a mobile communication device information about a data object (e.g., application) on the device when the device cannot assess the data object. The server uses the information along with other information stored at the server to assess the data object. Based on the assessment, the device may be permitted to access the data object or the device may not be permitted to access the data object. The other information stored at the server can include data objects known to be bad, data objects known to be good, or both.

Abstract: A system and method to create and assign a policy for a mobile communications device are disclosed. The policy may be created based on personal data associated with the mobile communications device. For example, known sources of personal data on the mobile communications device may be identified and a policy may be created based on the known personal data. The policy may then be used to identify additional personal data associated with the mobile communications device. Thus, the personal data associated with the mobile communications device may be monitored. If an application attempts to access the monitored personal data, the access will be detected.

Abstract: The security and privacy of a user is enhanced by distinguishing between potentially sensitive information and non-sensitive information being displayed on a display of a computing device. In an embodiment, potentially sensitive information on a display is identified by parsing information to be displayed. A front-facing camera of the user's computing device is used to monitor the user's background and compare any changes to a threshold amount. In response to a detected change in the background, actions are taken to alert the user or reduce the visibility of identified potentially sensitive information shown on the display screen.

Abstract: The invention is a system and method for identifying, assessing, and responding to vulnerabilities on a mobile communication device. Information about the mobile communication device, such as its operating system, firmware version, or software configuration, is transmitted to a server for assessment. The server accesses a data storage storing information about vulnerabilities. Based on the received information, the server may identify those vulnerabilities affecting the mobile communication device, and may transmit a notification to remediate those vulnerabilities. The server may also transmit result information about the vulnerabilities affecting the mobile communication device. The server may also store the received information about the device, so that in the event the server learns of new vulnerabilities, it may continue to assess whether the device is affected, and may accordingly notify or remediate the device.