Device activity and data traffic signature-based detection of mobile device health

What is claimed is: 1. A method of providing malware protection on a mobile device, the method comprising: creating a traffic signature by monitoring data traffic associated with the mobile device; creating a behavior signature based on non-traffic data associated with the mobile device; and blocking activity associated with an application installed on the mobile device based on the traffic signature and the behavior signature. 2. The method of claim 1 , wherein creating the traffic signature and the behavior signature includes collecting device and application activity data recorded by an operating system associated with the device and stored in at least one of counters, logs, and system files. 3. The method of claim 1 , wherein creating the traffic signature and the behavior signature includes utilizing data collection software installed on the mobile device. 4. The method of claim 1 , wherein creating the traffic signature includes characterizing at least one of: all traffic from the mobile device or traffic associated with individual applications executed by the mobile device. 5. The method of claim 1 , wherein creating the traffic signature includes at least one of: a byte volume of traffic, a connection volume, a number of application errors, a type of application error, network destination, network protocol, application protocol, IP port, and patterns in content of a transmission. 6. The method of claim 1 , wherein blocking activity associated with the application installed on the mobile device includes classifying the traffic signature as anomalous. 7. The method of claim 1 further comprising creating a device activity signature that includes the traffic signature and the behavior signature, and determining a classification of the device activity signature including determining one of a degree of similarity or a degree of difference between the device activity signature and a reference device activity signature. 8. The method of claim 7 , wherein the reference device activity signature includes a signature associated with the mobile device at a previous time. 9. The method of claim 7 , further comprising updating the device activity signature to incorporate an expected signature based on user-initiated changes to applications installed on the mobile device. 10. The method of claim 9 , wherein the expected signature is associated with installing and executing a new application on the mobile device. 11. A mobile device comprising: a radio; a memory; and a processor configured to perform a method of providing malware protection, the method comprising: creating a traffic signature by monitoring data traffic associated with the mobile device; creating a behavior signature based on non-traffic data associated with the mobile device; and blocking activity associated with an application installed on the mobile device based on the traffic signature and the behavior signature. 12. The mobile device of claim 11 , wherein creating the traffic signature and the behavior signature includes collecting device and application activity data recorded by an operating system associated with the device and stored in at least one of counters, logs, and system files. 13. The mobile device of claim 11 , wherein creating the traffic signature and the behavior signature includes utilizing data collection software installed on the mobile device. 14. The mobile device of claim 11 , wherein creating the traffic signature includes characterizing at least one of: all traffic from the mobile device or traffic associated with individual applications executed by the mobile device. 15. The mobile device of claim 11 , wherein creating the traffic signature includes at least one of: a byte volume of traffic, a connection volume, a number of application errors, a type of application error, network destination, network protocol, application protocol, IP port, and patterns in content of a transmission. 16. The mobile device of claim 11 , wherein blocking activity associated with the application installed on the mobile device includes classifying the traffic signature as anomalous. 17. The mobile device of claim 11 , wherein the method further comprises creating a device activity signature that includes the traffic signature and the behavior signature, and determining a classification of the device activity signature including, determining one of a degree of similarity or a degree of difference between the device activity signature and a reference device activity signature. 18. The mobile device of claim 17 , wherein the reference device activity signature includes a signature associated with the mobile device at a previous time. 19. The mobile device of claim 17 , wherein the method further comprises updating the device activity signature to incorporate an expected signature based on user-initiated changes to applications installed on the mobile device. 20. A non-transitory, computer-readable storage medium storing program instructions that when executed on a mobile device cause the mobile device to perform a method of providing malware protection, the method comprising: creating a traffic signature by monitoring data traffic associated with the mobile device; creating a behavior signature based on non-traffic data associated with the mobile device; and blocking activity associated with an application installed on the mobile device based on the traffic signature and the behavior signature.