Polite: A policy framework for building managed mobile apps

The proliferation of smart phones inside enterprises and the number of enterprise apps (applications) available for various smart phone platforms has been increasing. This trend is expected to continue as smart phones tend to become the device of choice to access both enterprise and personal data. Making enterprise sensitive data accessible on smart phones requires that adequate protection mechanisms be available on these devices to ensure that sensitive data is not compromised due to various reasons, such as employees losing phones to malicious apps (installed by the user) running on the phones. Most of the existing solutions either provide device level control or have an external agent monitoring the application´s behavior, and has numerous limitations. In this paper we propose a framework, Polite, to build enterprise mobile apps that can be managed at run-time, which is less intrusive to the end user while providing stronger security guarantees to the enterprise. We describe several critical scenarios where controlling the run time behavior of apps on the phone is essential and how our architecture can provide security guarantees that are not possible with existing solutions. Performance results of our implementation indicate that our framework induces a minimal overhead of only 6% that may be acceptable for most enterprise mobile apps.