Abstract: Systems and methods for coordinating components can include: determining, by a first application executing on a client device, a need to perform a sharable functional task; identifying a first software component installed on the client device and capable of performing a first variation of the sharable functional task; identifying a second software component installed on the client device and capable of performing a second variation of the sharable functional task, wherein the second variation of the sharable functional task is functionally overlapping with and not identical to the first variation; identifying a set of characteristics of both the first software component and the second software component; selecting the second software component for performing the sharable functional task based on the set of characteristics, where the set of characteristics includes at least a version number; and delegating performance of the sharable functional task to the second software component.

Abstract: In one approach, a request for software evaluation is received by an evaluation server from a user device. The request relates to software to be installed on the user device. In response to receiving the request, the evaluation server sends data associated with the software to an authenticity server. The evaluation server receives, from the authenticity server, a result from the evaluation of the software. The evaluation server determines based on the result whether a security threat is associated with the software. In response to determining that there is a security threat, the evaluation server sends a communication to the user device that causes the software to be quarantined.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, a side-load server receives, from a mobile device, data regarding an application to be installed on the mobile device. The server determines a source of the application, then sends, to an authenticity server, data regarding the source. The server receives, from the authenticity server, a first state designation for the application. In response to receiving the first state designation, the server sets a second state designation, and sends the second state designation to the mobile device (e.g., to permit or block installation of the application).

Abstract: A method includes: after installation of software on a first mobile device, receiving new data from a second mobile device; analyzing, using a data repository, the new data to provide a security assessment; determining, based on the security assessment, a new security threat associated with the software; and in response to determining the new security threat, causing the first mobile device to implement a quarantine of the software.

Abstract: Systems and methods for coordinating components can include: determining, by a first application executing on a client device, a need to perform a sharable functional task; identifying a first software component installed on the client device and capable of performing a first variation of the sharable functional task; identifying a second software component installed on the client device and capable of performing a second variation of the sharable functional task, wherein the second variation of the sharable functional task is functionally overlapping with and not identical to the first variation; identifying a set of characteristics of both the first software component and the second software component; selecting the second software component for performing the sharable functional task based on the set of characteristics, where the set of characteristics includes at least a version number; and delegating performance of the sharable functional task to the second software component.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, an application identifier is received from the computing device for an application to be installed. A source identifier of the application is determined. The application identifier and the source identifier are sent over a network to a server. A first state designation for the first application is received from the server. The first state designation represents a trusted state or an untrusted state. In response to receiving the first state designation, a second state designation is set. The second state designation is sent to the computing device.

Abstract: Systems and methods for coordinating components can include: determining, by a first application executing on a client device, a need to perform a sharable functional task; identifying a first software component installed on the client device and capable of performing a first variation of the sharable functional task; identifying a second software component installed on the client device and capable of performing a second variation of the sharable functional task, wherein the second variation of the sharable functional task is functionally overlapping with and not identical to the first variation; identifying a set of characteristics of both the first software component and the second software component; selecting the second software component for performing the sharable functional task based on the set of characteristics, where the set of characteristics includes at least a version number; and delegating performance of the sharable functional task to the second software component.

Abstract: In one approach, a first computing device receives a request from a second computing device. The request is for access by the second computing device to a service provided by a third computing device over a network. In response to receiving the request, the first computing device performs a security evaluation of the second computing device. The evaluation determines a risk level. The first computing device generates, based on the evaluation, a token for the second computing device. The token includes data encoding the risk level. The token is sent to the second computing device and/or third computing device. The sent data is used to configure the service provided to the second computing device.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation that includes creating a fingerprint of the first computing device; and determining, by the second computing device, whether the fingerprint matches a fingerprint of one or more other computing devices. The second computing devices determines whether to authorize access to the service based on the evaluation.

Abstract: In response to a computing device of a user being reported as lost or stolen, various steps associated with security for the computing device are performed. In one approach, a database is marked to indicate that the computing device is lost or stolen. Applications that are installed on the lost or stolen computing device are determined, and a security action is selected based on this determination. In some cases, the selected security action reduces or denies service to the computing device, and/or blackholes traffic to or from the installed application. A service provider associated with the installed application is determined, and a notification is sent to the service provider. The notification indicates the installed application, and that the computing device of the user has been lost or stolen.

Abstract: A method includes: after installation of software on a first mobile device, receiving new data from a second mobile device; analyzing, using a data repository, the new data to provide a security assessment; determining, based on the security assessment, a new security threat associated with the software; and in response to determining the new security threat, causing the first mobile device to implement a quarantine of the software.

Abstract: In response to a computing device of a user being reported as lost or stolen, various steps associated with security for the computing device are performed. In one approach, a database is marked to indicate that the computing device is lost or stolen. Applications that are installed on the lost or stolen computing device are determined, and a security action is selected based on this determination. In some cases, the selected security action reduces or denies service to the computing device, and/or blackholes traffic to or from the installed application. A service provider associated with the installed application is determined, and a notification is sent to the service provider. The notification indicates the installed application, and that the computing device of the user has been lost or stolen.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, an application identifier is received from the computing device for an application to be installed. A source identifier of the application is determined. The application identifier and the source identifier are sent over a network to a server. A first state designation for the first application is received from the server. The first state designation represents a trusted state or an untrusted state. In response to receiving the first state designation, a second state designation is set. The second state designation is sent to the computing device.

Abstract: Embodiments of the present disclosure help protect computing devices by, among other things, identifying events that may pose a risk to a computing device based on data from sensors coupled to the computer device.

Abstract: An action may be performed in response to a determination of a source of side-loaded software. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: receiving, from the mobile device, a first application identifier and a first source identifier, each for a first application; sending the first application identifier and the first source identifier over a network to an administrator server; receiving, from the administrator server, a first state designation for the first application; setting a second state designation based on the first state designation; and sending the second state designation to the mobile device.

Abstract: Systems and methods for coordinating components can include: determining, by a first application executing on a client device, a need to perform a sharable functional task; identifying a first software component installed on the client device and capable of performing a first variation of the sharable functional task; identifying a second software component installed on the client device and capable of performing a second variation of the sharable functional task, wherein the second variation of the sharable functional task is functionally overlapping with and not identical to the first variation; identifying a set of characteristics of both the first software component and the second software component; selecting the second software component for performing the sharable functional task based on the set of characteristics, where the set of characteristics includes at least a version number; and delegating performance of the sharable functional task to the second software component.

Abstract: A method includes: determining an encryption level associated with an application installed on a computing device; determining a context in which the computing device is operating, wherein determining the context comprises identifying a geographic location of the computing device; determining at least one rule associated with the context, wherein determining the at least one rule comprises identifying a security policy corresponding to allowed encryption levels associated with the identified geographic location of the computing device; determining whether the encryption level associated with the application installed on the computing device meets the allowed encryption level associated with the one rule; and in response to determining that the encryption level associated with the application installed on the computing device does not meet the allowed encryption level associated with the one rule, causing at least one action on the computing device to meet the allowed encryption level associated with the one r

Abstract: Embodiments of the present disclosure help protect computing devices by, among other things, identifying events that may pose a risk to a computing device based on data from sensors coupled to the computer device.

Abstract: A system and method for coordinating security components, including: determining, by an application executing on a client device, a need to perform a sharable functional task; identifying a first security component and a second security component installed on the client device and capable of performing variations of the sharable functional task, where variations of the sharable functional task are functionally overlapping and not identical; identifying a set of characteristics characterizing the first security component and the second security component; selecting the second security component as a primary security component for performing a variation of the sharable functional task based on the set of characteristics; delegating, by one or more processors, performance of the sharable functional task to the primary security component; and instructing the processors to cause functionality associated with the first security component to be at least partially suspended.

Abstract: A method includes: receiving a request regarding access by a first computing device (e.g., a mobile device of a user) to a service; in response to the request, performing, by a second computing device (e.g., a device risk evaluation server, or a server of an identity provider), an evaluation that includes creating a fingerprint of the first computing device; and determining, by the second computing device, whether the fingerprint matches a fingerprint of one or more other computing devices. The second computing devices determines whether to authorize access to the service based on the evaluation.