Privacy protection for mobile devices
First Claim
1. A server system comprising at least one hardware processor configured to perform risk assessment transactions with a plurality of mobile devices, wherein a risk assessment transaction comprises:
- employing the at least one hardware processor to receive from a mobile device of the plurality of mobile devices an indicator of a target application; and
in response to receiving the indicator of the target application, employing the at least one hardware processor to send to the mobile device a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises;
supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk;
in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input;
in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk;
determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and
in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.
1 Assignment
0 Petitions
Accused Products
Abstract
Described systems and methods allow a mobile device, such as a smartphone or a tablet computer, to protect a user of the respective device from fraud and/or loss of privacy. In some embodiments, the mobile device receives from a server a risk indicator indicative of whether executing a target application causes a privacy risk. Determining the risk indicator includes automatically supplying a test input to a data field used by the target application, the data field configured to hold a private item such as a password or a geolocation indicator. Determining the risk indicator further comprises determining whether a test device executing an instance of the target application transmits an indicator of the test input, such as the test input itself or a hash of the test input, to another party on the network.
29 Citations
28 Claims
-
1. A server system comprising at least one hardware processor configured to perform risk assessment transactions with a plurality of mobile devices, wherein a risk assessment transaction comprises:
-
employing the at least one hardware processor to receive from a mobile device of the plurality of mobile devices an indicator of a target application; and in response to receiving the indicator of the target application, employing the at least one hardware processor to send to the mobile device a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises; supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk; in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input; in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk; determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 27)
-
-
13. A mobile device comprising at least one hardware processor configured to perform risk assessment transactions with a security server, wherein a risk assessment transaction comprises:
-
employing the at least one hardware processor to send to the security server an indicator of a target application; and in response to sending the indicator of the target application, employing the at least one hardware processor to receive from the security server a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises; supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk; in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input; in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk; determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28)
-
-
25. A method comprising:
-
employing at least one hardware processor of a security server to receive from a mobile device an indicator of a target application; and in response to receiving the indicator of the target application, employing the at least one hardware processor to send to the mobile device a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises; supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk; in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input; in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk; determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.
-
-
26. A method comprising:
-
employing at least one hardware processor of a mobile device to send an indicator of a target application to a security server; and in response to sending the indicator of the target application, employing the at least one hardware processor to receive from the security server a risk indicator determined for the target application, the risk indicator indicative of whether executing the target application causes a privacy risk, and wherein determining the risk indicator comprises; supplying a test input to an instance of the target application executing on a test device, the test input supplied to a data field configured to hold an indicator of a private item, wherein a disclosure of the private item causes the privacy risk; in response to supplying the test input, determining whether executing the instance of the target application would cause the test device to transmit a data item to a network, the data item selected from a group consisting of the test input and of a hash determined according to the test input; in response to determining whether executing the instance of the target application would cause the test device to transmit the data item, when executing the instance of the target application would cause the test device to transmit the data item, determining that executing the target application causes the privacy risk; determining whether executing the instance of the target application would cause the test device to transmit a device identification indicator of the test device to the network; and in response to determining whether executing the instance of the target application would cause the test device to transmit the device identification indicator, when executing the instance of the target application would cause the test device to transmit the device identification indicator, determining that executing the target application causes the privacy risk.
-
Specification