Privacy protection for mobile devices

US 9,292,694 B1
Filed: 03/15/2013
Issued: 03/22/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A server system comprising at least one hardware processor configured to perform risk assessment transactions with a plurality of mobile devices, wherein a risk assessment transaction comprises:

employing the at least one hardware processor to receive from a mobile device of the plurality of mobile devices an indicator of a target application; and

in response to receiving the indicator of the target application, employing the at least one hardware processor to send to the mobile device a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises;

supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk;

in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input;

in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk;

determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and

in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described systems and methods allow a mobile device, such as a smartphone or a tablet computer, to protect a user of the respective device from fraud and/or loss of privacy. In some embodiments, the mobile device receives from a server a risk indicator indicative of whether executing a target application causes a privacy risk. Determining the risk indicator includes automatically supplying a test input to a data field used by the target application, the data field configured to hold a private item such as a password or a geolocation indicator. Determining the risk indicator further comprises determining whether a test device executing an instance of the target application transmits an indicator of the test input, such as the test input itself or a hash of the test input, to another party on the network.

29 Citations

View as Search Results

28 Claims

1. A server system comprising at least one hardware processor configured to perform risk assessment transactions with a plurality of mobile devices, wherein a risk assessment transaction comprises:
- employing the at least one hardware processor to receive from a mobile device of the plurality of mobile devices an indicator of a target application; and
  
  in response to receiving the indicator of the target application, employing the at least one hardware processor to send to the mobile device a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises;
  
  supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk;
  
  in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input;
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk;
  
  determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27)
- - 2. The server system of claim 1, wherein supplying the test input comprises filling in an input field of a user interface exposed by the test device.
  - 3. The server system of claim 2, wherein supplying the test input further comprises:
    - configuring the instance of the target application to expose the user interface, andin response, automatically detecting the input field within the user interface,and wherein filling in the input field is performed in response to automatically detecting the input field.
  - 4. The server system of claim 1, wherein supplying the test input comprises:
    - supplying the test input to a second application executing on the test device, the second application configured to personalize the test device according to the test input, andin response to supplying the test input to the second application, transmitting the test input from the second application to the instance of the target application.
  - 5. The server system of claim 1, wherein supplying the test input comprises:
    - detecting a request by the target application to receive a content of the data field from a second application executing on the test device, andin response to detecting the request, replacing the content with the test input.
  - 6. The server system of claim 1, wherein the risk indicator comprises an indicator of a risk-indicative behavior of the target application.
  - 7. The server system of claim 6, wherein sending the risk indicator to the mobile device comprises sending the risk indicator to a security application executing on the mobile device, the security application configured to display a description of the risk-indicative behavior.
  - 8. The server system of claim 1, wherein the target application is installed on the mobile device.
  - 9. The server system of claim 1, wherein the risk-assessment transaction further comprises receiving at the mobile device a user input indicative of a user selecting the target application from a plurality of applications, and wherein the indicator of the target application is determined in response to receiving the user input.
  - 10. The server system of claim 1, wherein the private item comprises an item selected from another group consisting of a personal name, a password, an authentication name, a telephone number, an email address, a uniform resource indicator (URI), a digital image, a digital sound, and a geographical location.
  - 11. The server system of claim 1, wherein the data item comprises the test input.
  - 12. The server system of claim 1, wherein data item comprises the hash.
  - 27. The server system of claim 12, wherein the hash consists of the test input in hashed form.

13. A mobile device comprising at least one hardware processor configured to perform risk assessment transactions with a security server, wherein a risk assessment transaction comprises:
- employing the at least one hardware processor to send to the security server an indicator of a target application; and
  
  in response to sending the indicator of the target application, employing the at least one hardware processor to receive from the security server a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises;
  
  supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk;
  
  in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input;
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk;
  
  determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28)
- - 14. The mobile device of claim 13, wherein supplying the test input comprises filling in an input field of a user interface exposed by the test device.
  - 15. The mobile device of claim 14, wherein supplying the test input further comprises:
    - configuring the instance of the target application to expose the user interface, andin response, automatically detecting the input field within the user interface,and wherein filling in the input field is performed in response to automatically detecting the input field.
  - 16. The mobile device of claim 13, wherein supplying the test input comprises:
    - supplying the test input to a second application executing on the test device, the second application configured to personalize the test device according to the test input, andin response to supplying the test input to the second application, transmitting the test input from the second application to the instance of the target application.
  - 17. The mobile device of claim 13, wherein supplying the test input comprises:
    - detecting a request by the target application to receive a content of the data field from a second application executing on the test device, andin response to detecting the request, replace the content with the test input.
  - 18. The mobile device of claim 13, wherein the risk indicator comprises an indicator of a risk-indicative behavior of the target application.
  - 19. The mobile device of claim 18, wherein the at least one processor is further configured to display a description of the risk-indicative behavior in response to receiving the risk indicator.
  - 20. The mobile device of claim 13, wherein the target application is installed on the mobile device.
  - 21. The mobile device of claim 13, wherein the risk-assessment transaction further comprises:
    - receiving at the mobile device a user input indicative of a user selecting the target application from a plurality of applications, andin response, determining the indicator of the target application according to the user input.
  - 22. The mobile device of claim 13, wherein the private item comprises an item selected from another group consisting of a personal name, a password, an authentication name, a telephone number, an email address, a uniform resource indicator (URI), a digital image, a digital sound, and a geographical location.
  - 23. The mobile device of claim 13, wherein the data item comprises the test input.
  - 24. The mobile device of claim 13, wherein the data item comprises the hash.
  - 28. The mobile device of claim 24, wherein the hash consists of the test input in hashed form.

25. A method comprising:
- employing at least one hardware processor of a security server to receive from a mobile device an indicator of a target application; and
  
  in response to receiving the indicator of the target application, employing the at least one hardware processor to send to the mobile device a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises;
  
  supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk;
  
  in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input;
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk;
  
  determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.

26. A method comprising:
- employing at least one hardware processor of a mobile device to send an indicator of a target application to a security server; and
  
  in response to sending the indicator of the target application, employing the at least one hardware processor to receive from the security server a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises;
  
  supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk;
  
  in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input;
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk;
  
  determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and
  
  in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bitdefender IPR Management Limited (Bitdefender LLC)
Original Assignee
Bitdefender IPR Management Limited (Bitdefender LLC)
Inventors
Valceanu, Vlad, Burceanu, Elena, Gavrilut, Dragos T., Axinte, Tiberius, Bordianu, Vlad, Benchea, Razvan M
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Steinle, Andrew

Application Number

US13/837,166
Time in Patent Office

1,103 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04W 12/02   Protecting privacy or anony...

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Privacy protection for mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy protection for mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links