The ubiquity of computing devices has led to an increased need to ensure not
only that the applications deployed on them are correct with respect to their
specifications, but also that the devices are used in an appropriate manner,
especially in situations where the device is provided by a party other than the
actual user. Much work which has been done on runtime verification for mobile
devices and operating systems is mostly application-centric, resulting in
global, device-centric properties (e.g. the user may not send more than 100
messages per day across all applications) being difficult or impossible to
verify. In this paper we present a device-centric approach to runtime verify
the device behaviour against a device policy with the different applications
acting as independent components contributing to the overall behaviour of the
device. We also present an implementation for Android devices, and evaluate it
on a number of device-centric policies, reporting the empirical results
obtained.Comment: In Proceedings FESCA 2016, arXiv:1603.0837