Abstract: The disclosed computer-implemented method for mitigating stalkerware by rendering it useless is performed, at least in part, by a computing device comprising at least one processor. The method includes detecting, by the at least one processor in accordance with a security configuration of the computing device, a stalkerware application running in a foreground of the computing device. The method also includes overlaying, by the at least one processor in accordance with the security configuration, the stalkerware application with a window in response to the detecting. The method further includes performing a security action by intercepting one or more user inputs to the stalkerware application via the window, thereby preventing user configuration of the stalkerware application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for reporting the attempted transmission of sensitive information may include (1) identifying an attempt by at least one software program running on a computing device to transmit data to one or more intended recipients, (2) determining that the data of the attempted transmission includes sensitive information, (3) identifying an intended recipient of the attempted transmission, and (4) notifying a user of the computing device both that the attempted transmission includes sensitive information and of the intended recipient of the attempted transmission. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: According to at least one embodiment, a computer-implemented method for managing generic data is described. In one embodiment, a request may be received to customize the generic data. The generic data may be downloaded based at least in part on the request. The generic data may be customized for the computing device. The customized data may be installed on the computing device.

Abstract: The disclosed computer-implemented method for evaluating content provided to users via user interfaces may include (1) monitoring, as part of a security application via an accessibility application program interface provided by an operating system of a computing device, accessibility events that indicate state transitions in user interfaces of applications running on the computing device, (2) receiving, at the security application, an accessibility event that indicates that a user of the computing device is viewing a user interface of an application running on the computing device, (3) identifying, as part of the security application via the accessibility application program interface, content that the user is attempting to access via the application, (4) determining, as part of the security application, that the content is harmful, and (5) performing, as part of the security application, at least one security action in response to determining that the content is harmful.

Abstract: A computer-implemented method for managing launch activities on a mobile device may include maintaining a plurality of launch activities associated with an application. Each launch activity in the plurality of launch activities may be associated with a different launch icon. The method may further include identifying a mobile device environment within which the application is being used. The method may also include selecting, from the plurality of launch activities, a launch activity that corresponds to the mobile device environment. The method may additionally include enabling the launch activity that corresponds to the mobile device environment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for evaluating content provided to users via user interfaces may include (1) monitoring, as part of a security application via an accessibility application program interface provided by an operating system of a computing device, accessibility events that indicate state transitions in user interfaces of applications running on the computing device, (2) receiving, at the security application, an accessibility event that indicates that a user of the computing device is viewing a user interface of an application running on the computing device, (3) identifying, as part of the security application via the accessibility application program interface, content that the user is attempting to access via the application, (4) determining, as part of the security application, that the content is harmful, and (5) performing, as part of the security application, at least one security action in response to determining that the content is harmful.

Abstract: A computer-implemented method to execute anti-theft procedures for a device is described. Receipt of a first audio file is detected. The first audio file is converted to a first text file. The first text file is analyzed to identify an anti-theft command. The anti-theft command is executed based at least in part on the analysis.

Abstract: A computer-implemented method for validating self-signed certificates may include (1) identifying a self-signed certificate associated with an application, (2) identifying a publisher allegedly responsible for publishing the application, (3) identifying a website associated with the publisher allegedly responsible for publishing the application, (4) determining that the website references the application, (5) determining that a website certificate associated with the website has been signed by a certificate authority, and (6) validating the self-signed certificate in response to determining both that the website references the application and that the website certificate associated with the website has been signed by the certificate authority. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for modifying applications without user input may include (1) identifying a need to modify at least one application on the computing device, (2) initiating modification of the application on the computing device, (3) while the application is being modified, monitoring event notifications generated by an accessibility service that provides user interface enhancements for disabled individuals on an operating system installed on the computing device, (4) determining, based on an analysis of an event notification generated by the accessibility service, that a user of the computing device is prompted, on the computing device, to provide input necessary to complete the modification of the application, and (5) in response to detecting that the user is prompted to provide the input, automatically supplying the input in order to complete the modification of the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing information identifying the trustworthiness of applications on application distribution platforms may include (1) monitoring event notifications generated by an accessibility service that provides user interface enhancements for disabled individuals on an operating system installed on a computing device, (2) determining, based on an analysis of an event notification generated by the accessibility service, that a user is viewing at least one application for download on an application distribution platform, (3) in response to determining that the user is viewing the application on the application distribution platform, identifying the application based at least in part on an analysis of an active window of the computing device, (4) once the application is identified, retrieving information from a third party that identifies the trustworthiness of the application, and (5) before the user downloads the application, displaying the information identifying the

Abstract: Custom data is injected into a comment field in an APK file. This creates a data driven, customized app, without unzipping, resigning or re-zipping the APK file. The APK file and the injected custom data are transmitted to a mobile computing device. The custom data can be injected into a comment field at the end of the APK file, which allows the non-customized version of the APK file and the custom data to be transmitted to the mobile computing device in succession, such that the transmission is received as a single, customized APK file. The content of the non-customized APK file and the custom data can instead be written to a new, customized APK file, which is then transmitted to the mobile computing device.

Abstract: A computer-implemented method for informing users about applications available for download may include (1) identifying, through sharing functionality provided by an operating system, shared content that identifies an application hosted by an application distribution platform, (2) in response to identifying the shared content, obtaining security information about the identified by the shared content, and (3) informing, prior to a user downloading the application, the user of the obtained security information about the application to enable the user to make an informed decision about whether to download the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for informing users about applications available for download may include (1) identifying, through sharing functionality provided by an operating system, shared content that identifies an application hosted by an application distribution platform, (2) in response to identifying the shared content, obtaining security information about the identified by the shared content, and (3) informing, prior to a user downloading the application, the user of the obtained security information about the application to enable the user to make an informed decision about whether to download the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A mobile app is provisioned with an identifier of a specific partner of an app provider, on a sandboxed OS on a mobile device. A link to the app provider's website containing the partner ID is received from the partner's website. The user navigates to the provider's website, which writes a cookie containing the partner ID and redirects to an app store. The app is downloaded to the mobile device, and registers itself with the OS as a protocol handler for a provider specific protocol. The app launches the provider's website, which retrieves the partner ID from the cookie, and returns a redirect to the provider specific protocol. The redirect contains the partner ID, and causes the app to execute as the registered protocol handler for the provider specific protocol. The app reads the partner ID from the redirect, and uses it to provide partner specific features.

Abstract: Misuse of a trusted seal by a website is detected. Web browsing activities at a client are monitored. Upon detecting a website visited by the client, the client requests evaluation of the website by a security server. The security server replies with a reputation score indicating whether the website is trustworthy. If the website is not trustworthy, perceptual hashes of selected images in the website are computed and compared with perceptual hashes of known trusted seals. If there is a match between the hash of a website image and the hash of a seal image, a query is made as to whether the website is authorized to use the trusted seal. If the website is not authorized to use the seal, the website is reported to be misusing the trusted seal.

Abstract: A method and apparatus for detecting rogue security software whereby a timeframe and a threshold pop-up score are defined. A user computing system is monitored/scanned for any pop-up events being presented to the user and once a pop-up event is detected, the source process, or application, associated with the pop-up event is identified. The identified source process is then monitored for at least the defined timeframe and each pop-up event associated with the identified source process in the defined timeframe is counted and used to compute a pop-up score for the identified source process. The pop-up score for the identified source process is then compared with the threshold pop-up score and if the pop-up score associated with the identified source process exceeds the threshold pop-up score, the status of the identified source process is transformed to the status of identified “suspect” source process.

Abstract: An app runs on a user operated computing device, e.g., a mobile device running a sandboxed operating system. The app requests a session ID from a publisher Idp. The app registers for notifications on the session ID with a notification service. The app directs a browser to navigate to the publisher IdP, and to pass it the secure session ID and an ID of a specific partner. The publisher IdP returns a redirect to a third party IdP used by the specific partner to authenticate users. The browser navigates to the third party IdP, which prompts the user for authentication credentials. The third party Idp uses the credentials to authenticate the user, and redirects the authentication result to the publisher IdP. The publisher IdP sends the app a notification, via the notification service. In response, the app calls the publisher IdP, and receives a secure authentication token.

Abstract: A computer-implemented method for facilitating access to shared resources within computer clusters may include identifying a quick response code captured by at least one computing system. The method may also include identifying information encoded in the quick response code captured by the computing system. The method may further include determining that the information encoded in the quick response code contains an activation key that facilitates activation of a software application. The method may additionally include applying, in response to this determination, the activation key to the software application in order to activate the software application without requiring a user of the software application to manually enter the activation key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The behavior of an application is modified, responsive to an experience level of a user as calculated based on information concerning the configuration of the user's computer. Information concerning the configuration of the user's computer that is indicative of the user's experience level is gleaned. An experience index for the user is calculated, based on the gleaned information, and assigned to the user. Based on the calculated experience index, the behavior of an application utilized by the user is modified. This can comprise selecting a user interface for the application based on the user's calculated experience index, and outputting the selected user interface when the user runs the application. The modifying can also comprise selecting a version and/or features of the application for the user, based on the calculated experience index.

Abstract: Misuse of a trusted seal by a website is detected. Web browsing activities at a client are monitored. Upon detecting a website visited by the client, the client requests evaluation of the website by a security server. The security server replies with a reputation score indicating whether the website is trustworthy. If the website is not trustworthy, perceptual hashes of selected images in the website are computed and compared with perceptual hashes of known trusted seals. If there is a match between the hash of a website image and the hash of a seal image, a query is made as to whether the website is authorized to use the trusted seal. If the website is not authorized to use the seal, the website is reported to be misusing the trusted seal.