Managing application permissions on a mobile device

US 8,265,595 B1
Filed: 01/30/2009
Issued: 09/11/2012
Est. Priority Date: 01/30/2009
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, causes a mobile device to perform a method of tracking application permissions granted to applications running on the mobile device, the method comprising:

receiving, at the mobile device, notice that an application received a grant of permission to access a capability on the mobile device, wherein(1) the capability is protected by being accessible by the application only after receiving the grant of permission,(2) the capability includes a function that the mobile device was to potentially perform upon receiving a request from the application to perform the function, and(3) the application is installed on the mobile device;

generating a permission-status message that includes information describing the grant of permission; and

communicating the permission-status message over a wireless interface to a privacy manager that records permission statuses for the applications running on the mobile device, wherein the privacy manager operates on a computing device that is separate from the mobile device, thereby creating a remote record of the grant of permission that is accessible through the privacy manager.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for managing and tracking a permission status for an application on a mobile device is provided. The privacy policy on a mobile device may require users to grant permission for an application to access certain capabilities (e.g., GPS, personal information manager) on the mobile device. The user may be presented an interface on the mobile device that allows the user to grant an application permission to access the capability. When the user grants an application permission to access a capability a message is sent to a remote privacy manager that tracks the permission status of applications on the mobile device. The user may view the permission status of each application through the Internet. The user may also use the privacy manager to remotely change the permissions on the mobile device.

Citations

20 Claims

1. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, causes a mobile device to perform a method of tracking application permissions granted to applications running on the mobile device, the method comprising:
- receiving, at the mobile device, notice that an application received a grant of permission to access a capability on the mobile device, wherein(1) the capability is protected by being accessible by the application only after receiving the grant of permission,(2) the capability includes a function that the mobile device was to potentially perform upon receiving a request from the application to perform the function, and(3) the application is installed on the mobile device;
  
  generating a permission-status message that includes information describing the grant of permission; and
  
  communicating the permission-status message over a wireless interface to a privacy manager that records permission statuses for the applications running on the mobile device, wherein the privacy manager operates on a computing device that is separate from the mobile device, thereby creating a remote record of the grant of permission that is accessible through the privacy manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The media of claim 1, wherein the method further includes storing the grant of permission in a data store on the mobile device.
  - 3. The media of claim 1, wherein the method further includes:
    - receiving a request to execute the application, wherein, when executed, the application will access the capability; and
      
      determining that a policy governing access to the capability requires a user of the mobile device to give the application permission to access the capability.
  - 4. The media of claim 3, wherein the method further includes:
    - presenting an opt-in user interface that asks the user of the mobile device to grant the application permission to access the capability; and
      
      wherein the grant of permission is received by the mobile device through the opt-in user interface.
  - 5. The media of claim 1, wherein the capability is one or more of a locating capability that determines the mobile device'"'"'s geographic location, a personal information manager that stores the user'"'"'s contact information, and a connectivity function that stores network-connectivity information.
  - 6. The media of claim 1, wherein the information related to the grant of permission includes one or more of a name of the application, a time when the grant of permission was given by a user, a description of the capability, and information describing an entity that created the application.
  - 7. The media of claim 1, wherein the permission-status message is an SMS message.

8. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, causes a computing device to perform a method of remotely managing and tracking application permissions for applications installed on a mobile device, the method comprising:
- receiving, at the computing device, a permission-status message from the mobile device that includes information describing a change in permission status for an application on the mobile device, wherein the permission status is used by the mobile device to determine whether the application is given access to a capability on the mobile device, and wherein the permission-status message includes a unique identifier for the mobile device;
  
  storing the information related to the change in the permission status in a data store in association with the unique identifier, thereby allowing a current permission status for the application to be tracked independently of the mobile device;
  
  receiving a request to retrieve the current permission status for the application from the data store; and
  
  communicating the current permission status for the application.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The media of claim 8, wherein the information related to the change in the permission status includes one or more of whether the permission status was changed to granted or denied, a name of the application, a time when the change in the permission status was made, a description of the capability, and information describing an entity that created the application.
  - 10. The media of claim 8, wherein the unique identifier is a network access identifier associated with the mobile device.
  - 11. The media of claim 8, wherein the method further includes:
    - receiving an update request to change the permission status of the application, wherein the update request is received from a client device communicating over the Internet;
      
      generating an instruction to change the permission status of the application on the mobile device; and
      
      communicating the instruction to the mobile device.
  - 12. The media of claim 11, wherein the method further includes:
    - receiving an acknowledgement message from the mobile device indicating that the permission status of the application has been changed; and
      
      updating a record of the permission status for the application in the data store.
  - 13. The media of claim 12, wherein the method further includes displaying a user interface for receiving the update request to change the permission status of the application.

14. One or more non-transitory computer-readable media having computer-executable instructions embodied thereon that, when executed, causes a mobile device to perform a method of managing application permissions on the mobile device, the method including:
- receiving a request from an application to execute computer code that will access a capability on the mobile device;
  
  determining that a policy governing access to the capability requires a user of the mobile device to give the application permission to access the capability;
  
  determining that the user has not given the application permission to access the capability;
  
  presenting a permission interface to the user that asks whether the user wants to grant the application permission to access the capability;
  
  receiving a response from the user that grants the application permission to access the capability;
  
  updating a permission status of the application to allow the application to access the capability; and
  
  communicating the content of the response to a privacy manager on a computing device that is separate from the mobile device, thereby allowing the permission status to be remotely recorded and accessed.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The media of claim 14, wherein the capability is one or more of a locating capability that determine the mobile device'"'"'s geographic location, a personal information manager that stores the user'"'"'s contact information, and a connectivity function that stores network-connectivity information.
  - 16. The media of claim 14, wherein the mobile device includes at least protected capabilities and unprotected capabilities, wherein the protected capabilities require the user to grant the application permission to access a protected capability, and wherein the capability is the protected capability.
  - 17. The media of claim 14, wherein the method further includes:
    - receiving an update request from the privacy manager with instructions to change the permission status of the application for the capability; and
      
      changing the permission status of the application to conform to the request.
  - 18. The media of claim 14, wherein the method further includes:
    - receiving an additional request from the privacy manager to report the permission status of the application to access the capability; and
      
      communicating a message that includes a description of the permission status of the application to access the capability.
  - 19. The media of claim 14, wherein the method of claim 14 is performed by an application management system installed on the mobile device.
  - 20. The media of claim 14, wherein the content from the response includes one or more of a name of the application, a time when permission was granted by the user, a description of the capability, and information describing an entity that created the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Reeves, Raymond Emilio, McMullen, Michael P., Wick, Ryan Alan, Nelson, Rodney D., Jones, John Marvin III
Primary Examiner(s)
Figueroa, Marisol

Application Number

US12/362,597
Time in Patent Office

1,320 Days
Field of Search

455/410, 455/411
US Class Current

455/410
CPC Class Codes

H04M 1/72436 for text messaging, e.g. sh...

H04M 1/72463 to restrict the functionali...

Managing application permissions on a mobile device

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing application permissions on a mobile device

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links