When they download apps, smartphone users sign up for all kinds of terms and conditions they never read, often legally allowing applications to do whatever they like. Most applications behave well, but some don\u2019t.\n\n\nWhy does Flashlight need to know my location? It\u2019s just a bright screen used for finding things in the dark. If I\u2019ve given it permission, it could be sending my global positioning system (GPS) data to a server in Uzbekistan every 10 seconds, which would give a perfect trace of my travels. Whose server is that, anyway, and why are they tracking me?\n\n\nThat\u2019s bad behavior.\n\n\nWell, caveat emptor on that one because I gave it permission. But what about bad actors to whom I haven\u2019t given permission, who decide to come in and help themselves to my data anyway? The spectrum of bad characters shades from mischievous application into true malware.\n\n\nTo protect against this daunting gallery of rogues, Qualcomm* has created a module that looks for bad deeds (rather than for known villains). Referencing all parts of the system, Qualcomm Snapdragon Smart Protect classifies application behavior. Using adaptive machine-learning algorithms from another Qualcomm technology, "Zeroth," Smart Protect separates legitimate from undesirable activities, raising a flag when it finds the latter.\n\n\nZeroth's cognitive computing platform, derived from server-based technology, has been boiled down to run advanced machine-learning algorithms on a phone. There, Zeroth serves as Smart Protect\u2019s memory (we\u2019ve seen this before) and advisor (this looks odd). When your phone tries to do something funny, Smart Protect responds as necessary, raising an alert and allowing the user or an application to prevent the action.\n\n\nThe Smart Protect announcement is just one \u201cboom\u201d in the rolling thunder of announcements associated with Qualcomm\u2019s Snapdragon 820 mobile processor, which will debut on devices shipping in the first half of 2016.\n\n\nSmart Protect, a set of application programming interfaces (APIs) protected in hardware, works in conjunction with anti-virus (AV) software to help keep not just malware but any app from making mobile devices do things they shouldn't. The AV software (supplied by a third party) looks at malware signatures \u2014 known villains \u2014 but may have a difficult time flagging a bad actor it\u2019s never seen before. Some malware is designed to morph with each installation, grabbing parameters from random places and disguising itself in a new form to outwit signature recognition. \u00a0 And some, as noted previously, the user invites in voluntarily or unwittingly.\n\n\nSo, it\u2019s important to look at what a program does. And the context in which it acts has to be understood. For example, a messaging application wanting access to your contacts makes sense. How else can you ping your friends with no hassle? But if at some point that messaging program decides to access your contacts when the screen is off or you aren't sending a message, then something is wrong. And even a legitimate program can be compromised.\n\n\nAV software has traditionally been able to recognize known malware, but signatures can morph as virus code is modified, outwitting the recognizer. An unknown virus can evade the host\u2019s defenses with impunity in what is called a \u201czero-day\u201d attack. Defending against such attacks by viruses and malicious software is exactly the case where behavioral analysis shines. Indeed, without a behavioral component, it\u2019s hard to stop the invasion. \u00a0\n\n\nQualcomm designed Smart Protect from the outset to fit easily on a mobile device, thus allowing it to function without cloud references. And, because it runs in a separate, secure, hardware-based execution environment, Smart Protect can keep not only itself, but the entire device safe from attacks at the operating system level by monitoring application behavior from outside the application layer. This architecture is novel. Most malware protection programs operate at the application layer, a design that leaves them vulnerable to direct attack.\n\n\nSmart Protect serves both to protect against application misbehavior and to preserve privacy, all while operating unobtrusively in the background. If I didn\u2019t tell you about it, you might not even know it\u2019s there, working on your behalf.\n\n\n*My company, Endpoint, has a consulting relationship with Qualcomm.