摘要 |
Technologies for mobile device security are disclosed. A described technique includes launching a monitoring application that has a priority receiver attribute for a Short Message Service (SMS); receiving, within the monitoring application, a message from the SMS, the message being distributed to other applications on the mobile device; parsing the message to extract an originating address and message data; storing, in a data structure controlled by the monitoring application, the originating address and the message data; after a predetermined time interval, using the originating address and the message data stored in the data structure to determine whether the message has been stored in a non-priority client SMS database residing on the mobile device; and if the message has not been stored in the client SMS database, determining whether one or more applications other than the monitoring application that have the priority receiver attribute are associated with malicious activity. |
主权项 |
1. A method performed by a mobile device, the method comprising:
launching a monitoring application that has a priority receiver attribute for a Short Message Service (SMS), the mobile device being configured to receive a message from the SMS and distribute the message to a group of applications including (i) the monitoring application and (ii) a native application that lacks the priority receiver attribute for SMS; receiving, within the monitoring application, the message from the SMS; parsing the message to extract an originating address and message data; storing, in a data structure controlled by the monitoring application, the extracted originating address and the message data; detecting whether an application of the group of applications has intercepted the message to prevent at least the native application from receiving the message, wherein the detecting comprises after a predetermined time interval, using the originating address and the message data stored in the data structure to determine whether the message has been stored in a client SMS database residing on the mobile device, the client SMS database being associated with the native application, wherein using the originating address and the message data stored in the data structure comprises querying the client SMS database to determine whether the message was stored in the client SMS database; if the message has not been stored in the client SMS database, identifying, other than the monitoring application, one or more applications that have the priority receiver attribute for SMS; and determining whether the one or more identified applications are associated with malicious activity. |