Abstract: In an example, there is disclosed a method of a remote device receiving a pushed over-the-air (OTA) payload from a push server, comprising: periodically collecting, on the remote device, telemetry data from telemetry sensors of the remote device, comprising storing the telemetry data in a local telemetry cache, and mirroring the telemetry data to a telemetry storage service; receiving from the push server the pushed OTA payload; authenticating the push server, comprising proving that the push server has access to the telemetry storage service; and based on the authenticating, accepting the pushed OTA payload.

Abstract: In an example, there is disclosed a computing apparatus having: a network interface to communicate with a second device; a contextual data interface to receive and store contextual data; and one or more logic elements comprising a contextual security agent, operable to: receive a contextual data packet via the network interface; compare the contextual data packet to stored contextual data; and act on the comparing. The contextual data packet may optionally be provided out of band, and may be used to authenticate a substantive data packet, such as a patch or update.

Abstract: Particular embodiments may include a system, apparatus, method, and/or machine readable storage medium for determining sensor usage by: detecting, at a level below an operating system executing on a computing device, one or more requests from an application to access one or more sensors associated with the computing device; determining, based on the one or more requests from the application to access the one or more sensors, that the application requested unexpected access to the one or more sensors; and performing a remedial action in response to the unexpected access requested by the application.

Abstract: In an example, there is disclosed a computing apparatus having: a network interface to communicate with a second device; a contextual data interface to receive and store contextual data; and one or more logic elements comprising a contextual security agent, operable to: receive a contextual data packet via the network interface; compare the contextual data packet to stored contextual data; and act on the comparing. The contextual data packet may optionally be provided out of band, and may be used to authenticate a substantive data packet, such as a patch or update.

Abstract: Particular embodiments may include a system, apparatus, method, and/or machine readable storage medium for determining sensor usage by: detecting, at a level below an operating system executing on a computing device, one or more requests from an application to access one or more sensors associated with the computing device; determining, based on the one or more requests from the application to access the one or more sensors, that the application requested unexpected access to the one or more sensors; and performing a remedial action in response to the unexpected access requested by the application.

Abstract: A method includes detecting a portion of data on an electronic device, determining a first representation of the malware status of the data, quarantining the data for a period of time, estimating whether the data is associated with malware by comparing the first and second representation, and, based on the estimation, releasing the data from quarantine. The first representation indicates that the malware status of the data is not certain to be safe and the malware status of the data is not certain to be malicious.

Abstract: A method includes detecting a portion of data on an electronic device, determining a first representation of the malware status of the data, quarantining the data for a period of time, estimating whether the data is associated with malware by comparing the first and second representation, and, based on the estimation, releasing the data from quarantine. The first representation indicates that the malware status of the data is not certain to be safe and the malware status of the data is not certain to be malicious.