Abstract: The disclosed computer-implemented method for detecting and preventing auto-click attacks may include (1) detecting, by the computing device, a click input, (2) detecting, by the computing device, a finger in proximity to the computing device, (3) analyzing, by the computing device, at least one event associated with the finger, (4) determining, by the computing device, that the click input is an auto-click based on the analysis of the at least one event associated with the finger, and (5) performing a security action in response to determining that the click input is an auto-click. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting unauthorized use of an application may include (1) receiving, by the computing device, fingerprint data associated with a fingerprint, where the fingerprint data is received from the touchscreen, when a user interface of the application is displayed on the touchscreen, and in an absence of displaying a request for fingerprint data on the touchscreen, (2) comparing the received fingerprint data to a whitelist of authorized fingerprint data to determine a presence of a match, where the authorized fingerprint data indicates at least one fingerprint of at least one user that is authorized to access the application and (3) performing, when the received fingerprint data does not match the whitelist of authorized fingerprint data, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for recovering an infected endpoint may include receiving an acoustic signal having an embedded command for executing a security application at the infected endpoint, decoding the acoustic signal to obtain the embedded command, and executing the embedded command to start a security application at the infected endpoint, where the security application is operable to mitigate the infected endpoint. Various other methods, systems and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for system recovery from a system user interface process malfunction may include (i) determining that a system user interface (UI) process is executing on the computing device, (ii) determining that a message indicating a malfunction of the system UI process is displayed on the computing device, (iii) identifying a mobile application that was executing on the computing device at a time of the malfunction of the system UI process, and (iv) in response to identifying the mobile application that was executing at the time of the malfunction of the system UI process, performing a security action for recovery from the malfunction of the system UI process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems are provided for preventing the installation of malicious applications using system-level messages. One example method generally includes intercepting a request sent via an operating system of the computing device; determining the request is to access an application in a remote application repository; obtaining information associated with the application from the request; transmitting, over a network, the information to a security server; and receiving, over the network, a security recommendation for the application from the security server.

Abstract: The disclosed computer-implemented method for obscuring user location may include (i) detecting a motion of a user mobile device through a motion sensor of the user mobile device, (ii) checking whether the motion of the user mobile device satisfies a specified threshold that defines a threshold level of motion, (iii) determining that the motion of the user mobile device satisfies the specified threshold that defines the threshold level of motion, and (iv) protecting a user of the user mobile device by obscuring, in response to determining that the motion of the user mobile device satisfies the specified threshold, an actual location of the user mobile device by outputting information indicating a decoy location of the user mobile device that deviates from the actual location of the user mobile device. Various other methods, systems, and computer-readable media are also disclosed.