SYSTEM AND METHOD FOR MANAGING THIRD PARTY APPLICATION PROGRAM ACCESS TO USER INFORMATION VIA A NATIVE APPLICATION PROGRAM INTERFACE (API)

US 20100251340A1
Filed: 01/19/2010
Published: 09/30/2010
Est. Priority Date: 03/27/2009
Status: Active Grant

First Claim

Patent Images

1. A method for managing third party application program access to user information via a particular native application program interface (API) comprising:

providing a wrapped native API comprising a wrapper library;

inspecting a third party application program for the presence of the wrapper library in an unmodified form;

inspecting the third party application program to identify API calls; and

instrumenting at least one of the identified API calls to at least one circumventing API which circumvents the native API, wherein the instrumenting comprises;

wrapping the at least one circumventing API to generate at least one wrapped non-circumventing API; and

modifying the third party application program to redirect the at least one of the identified API calls from the at least one circumventing API to the at least one wrapped non-circumventing API;

receiving from the third party application program via the wrapper library executed on a user device a request for a permission to access user information;

receiving an authorization to provide the permission to access the user information; and

providing the permission to access the user information to the third party application program.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing third party application program access to user information via a particular native application program interface (API) is provided. The method includes providing a wrapped native API including a wrapper library and inspecting a third party application program for the presence of the wrapper library in an unmodified form. The application program is inspected to identify API calls. An identified API call to a circumventing API is instrumented by wrapping the circumventing API to generate a wrapped non-circumventing API and modifying the third party application program to redirect the identified API call from the circumventing API to the wrapped non-circumventing API. A request for a permission to access user information is received from the third party application program via the wrapper library executed on a user device. An authorization is received to provide the permission to access the user information, and the permission to access the user information is provided to the executed third party application program.

419 Citations

25 Claims

1. A method for managing third party application program access to user information via a particular native application program interface (API) comprising:
- providing a wrapped native API comprising a wrapper library;
  
  inspecting a third party application program for the presence of the wrapper library in an unmodified form;
  
  inspecting the third party application program to identify API calls; and
  
  instrumenting at least one of the identified API calls to at least one circumventing API which circumvents the native API, wherein the instrumenting comprises;
  
  wrapping the at least one circumventing API to generate at least one wrapped non-circumventing API; and
  
  modifying the third party application program to redirect the at least one of the identified API calls from the at least one circumventing API to the at least one wrapped non-circumventing API;
  
  receiving from the third party application program via the wrapper library executed on a user device a request for a permission to access user information;
  
  receiving an authorization to provide the permission to access the user information; and
  
  providing the permission to access the user information to the third party application program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - comparing the identified API calls with at least one of a list of permitted API calls and a list of non-permitted API calls.
  - 3. The method of claim 2, further comprising contacting a system via a network for inspecting the third party application program.
  - 4. The method of claim 1, further comprising inspecting the application program to identify a direct call to the native API.
  - 5. The method of claim 1, further comprising:
    - comparing the identified API calls with a list of sensitive API calls to sensitive APIs; and
      
      instrumenting the at least one of the identified API calls in response to the at least one of the identified API calls corresponding to at least one of the sensitive API calls to sensitive APIs.
  - 6. The method of claim 1, wherein wrapping the native API comprises wrapping a native location API to generate a wrapped native location API.
  - 7. The method of claim 1, wherein wrapping the native API comprises wrapping a JSR 179 standard location API to generate a wrapped JSR 179 standard location API.
  - 8. The method of claim 1, wherein wrapping the at least one circumventing API comprises wrapping a credential managing API configured for storing credentials to generate a wrapped credential managing API.
  - 9. The method of claim 8, wherein wrapping the credential managing API comprises wrapping an RMS API.
  - 10. The method of claim 1, further comprising inspecting the third party application program through bytecode inspection.
  - 11. The method of claim 1, wherein the inspecting the third party application program for the presence of the wrapper library comprises:
    - inspecting class files of the third party application program; and
      
      comparing bytes in the class files of the third party application program with bytes in a known configuration of the wrapper library.
  - 12. The method of claim 1, further comprising:
    - establishing a user account for a user associated with the user device;
      
      associating a user identifier with the user account;
      
      receiving from the third party application program via the wrapper library executed by the user device a request for the user identifier;
      
      receiving from at least one of the user and the application program via the wrapper library an identifier request authorization to provide the user identifier to the application program;
      
      providing the user identifier to the application program in response to receiving the identifier request authorization;
      
      receiving from the application program a request for a permission to access the mobile device location information of the user device;
      
      receiving a location request authorization from the user to provide the permission to access the mobile device location information to the application program; and
      
      providing the permission to access the user mobile device location to the application program in response to receiving the location request authorization.
  - 13. The method of claim 12, further comprising:
    - wrapping the at least one circumventing API comprising a credential managing API to generate a wrapped credential managing API; and
      
      configuring access of the third party application program to at least one of the identifier request authorization and the location request authorization via the wrapped credential managing API.
  - 14. The computer-implemented method of claim 12, further comprising:
    - providing a request token to the wrapper library;
      
      associating the user identifier request authorization with the request token to authorize the request token;
      
      receiving the authorized request token from the wrapper library;
      
      providing an access token to the wrapper library in response to receiving the request token;
      
      receiving the access token from the wrapper library; and
      
      providing the user identifier to the wrapper library in response to receiving the access token.
  - 15. The computer-implemented method of claim 12, further comprising:
    - providing a request token to the wrapper library in response to receiving the user identifier;
      
      associating the location request authorization with the request token to authorize the request token;
      
      receiving the authorized request token from the wrapper library;
      
      providing an access token to the wrapper library in response to receiving the request token;
      
      receiving the access token from the wrapper library; and
      
      providing the permission to access the user mobile device location to the application program in response to receiving the access token.
  - 16. The method of claim 1, further comprising:
    - establishing a user account for a user associated with the user device;
      
      associating a user identifier with the user account;
      
      receiving from the third party application program via the wrapper library executed by the user device a request for the user identifier;
      
      receiving from at least one of the user and the application program via the wrapper library an identifier request authorization to provide the user identifier to the application program;
      
      providing the user identifier to the application program in response to receiving the identifier request authorization;
      
      receiving mobile device location information of the user device from at least one of the user device and a remote telecommunication carrier server in communication with the user device;
      
      receiving from the application program a request for the mobile device location information of the user device;
      
      receiving a location request authorization from the user to provide the mobile device location information to the application program; and
      
      providing the user mobile device location to the application program in response to receiving the location request authorization.
  - 17. The method of claim 1, further comprising reinstrumenting the wrapped native API as a substantially obfuscated version, wherein the receiving the request for user information comprises receiving the request for user information via the wrapper library of the reinstrumented native API.
  - 18. The method of claim 1, further comprising:
    - reinstrumenting the wrapper library as a substantially obfuscated version in combination with the instrumented third party application; and
      
      signing the instrumented third party application including the obfuscated wrapper library.
  - 19. The method of claim 1, further comprising:
    - providing the wrapped native API comprising the wrapper library to a party;
      
      receiving the third party application program from the party;
      
      after the steps of inspecting the third party application program and instrumenting the at least one of the identified API calls,reinstrumenting the wrapper library as a substantially obfuscated version in combination with the instrumented third party application, and signing the instrumented third party application including the obfuscated wrapper library; and
      
      receiving the request for user information from the signed instrumented third party application via the obfuscated wrapper library.

20. A method for validating an application program implementing a wrapper library configured to access a particular native application program interface (API), the method comprising:
- inspecting the application program for the presence of the wrapper library in an unmodified form;
  
  inspecting the application program to identify application program interface (API) calls; and
  
  instrumenting at least one of the identified API calls to at least one circumventing API which circumvents the native API, wherein the instrumenting comprises;
  
  wrapping the at least one circumventing API to generate at least one wrapped non-circumventing API; and
  
  modifying the application program to redirect the at least one of the identified API calls from the at least one circumventing API to the at least one wrapped non-circumventing API.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, further comprising:
    - comparing the identified API calls with at least one of a list of permitted API calls and a list of non-permitted API calls; and
      
      disallowing the third party application program access to the native API based on at least one of;
      
      the identified API calls corresponding to at least one of the non-permitted API calls; and
      
      at least one of the identified API calls not corresponding to at least one of the permitted API calls.
  - 22. The method of claim 20, further comprising:
    - inspecting the application program to identify a direct call to the native API; and
      
      disallowing the third party application program access to the native API based on at least one of the identified API calls corresponding to a direct call to the native API.
  - 23. The method of claim 20, further comprising disallowing the third party application program access to the native API based on identification of modification in the third party application program to the wrapper library.
  - 24. The method of claim 20, further comprising after the steps of inspecting the third party application program and instrumenting the at least one of the identified API calls:
    - reinstrumenting the wrapper library as a substantially obfuscated version in combination with the instrumented application; and
      
      signing the instrumented application including the obfuscated wrapper library.

25. A system for validating an application program implementing a wrapper library configured to access a particular native application program interface (API), the system comprising at least one computing device including at least one memory comprising instructions operable to enable the computing device to perform a procedure comprising:
- inspecting the application program for the presence of the wrapper library in an unmodified form;
  
  inspecting the application program to identify application program interface (API) calls; and
  
  instrumenting at least one of the identified API calls to at least one circumventing API which circumvents the native API, wherein the instrumenting comprises;
  
  wrapping the at least one circumventing API to generate at least one wrapped non-circumventing API; and
  
  modifying the application program to redirect the at least one of the identified API calls from the at least one circumventing API to the at least one wrapped non-circumventing API.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smith Micro Software Incorporated
Original Assignee
Wavemarket Incorporated (Gen Digital Inc.)
Inventors
Myers, Jesse, Martin, Brian, Augst, Joseph, Hodes, Todd, Hotes, Scott

Granted Patent

US 8,683,554 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/51 at application loading time...

G06F 9/541 via adapters, e.g. between ...

SYSTEM AND METHOD FOR MANAGING THIRD PARTY APPLICATION PROGRAM ACCESS TO USER INFORMATION VIA A NATIVE APPLICATION PROGRAM INTERFACE (API)

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

419 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR MANAGING THIRD PARTY APPLICATION PROGRAM ACCESS TO USER INFORMATION VIA A NATIVE APPLICATION PROGRAM INTERFACE (API)

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

419 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others