Provisioning work environments using virtual phone images

Therefore, the following is claimed: 1. A method to provision a work environment using a virtual phone image, the method comprising: binding a mobile application package to a privileged component of a firmware operating system (OS) on a mobile device, the mobile application package comprising a software virtualization layer and a management service component, wherein the software virtualization layer and the management service component are enabled to execute in a privileged mode of the firmware OS based on the privileged component, the privileged mode comprising a superuser mode or a root mode; downloading a virtual phone image from a management server; and launching, by the software virtualization layer, a virtual machine on the mobile device based on the virtual phone image, wherein the management service component is configured to prevent manual termination of the management service component based on the privileged mode of the firmware OS. 2. The method of claim 1 , further comprising: transfer control between the firmware OS of the mobile device and a guest OS of the virtual machine, wherein control is transferred based on the privileged component. 3. The method of claim 1 , wherein a mobile application is downloaded by a provisioning component of the mobile application package. 4. The method of claim 1 , further comprising: initiating a periodic attempt to establish a connection between the management service component and the management server. 5. The method of claim 1 , further comprising: disabling access to the virtual phone image until a connection with the management server is established. 6. The method of claim 1 , wherein the virtual phone image comprises paravirtualized guest drivers. 7. The method of claim 6 , further comprising: intercepting a hypercall request for a device-specific behavior, wherein the paravirtualized guest drivers enable a virtual hardware layer to intercept the hypercall request; and forwarding, by the virtual hardware layer, the hypercall request to the software virtualization layer, wherein the software virtualization layer facilitates communication with a hardware device for the device-specific behavior. 8. A system to provision a work environment using a virtual phone image, the system comprising: a mobile device comprising a processor; and a storage device comprising executable instructions which, when executed by the processor, cause the mobile device to: bind a mobile application package to a privileged component of a firmware operating system (OS) on the mobile device, the mobile application package comprising a software virtualization layer and a management service component, wherein the software virtualization layer and the management service component are enabled to execute in a privileged mode of the firmware OS based on the privileged component, the privileged mode comprising a superuser mode or a root mode; download a virtual phone image from a management server; and launch, by the software virtualization layer, a virtual machine on the mobile device based on the virtual phone image, wherein the management service component is configured to prevent manual termination of the management service component based on the privileged mode of the firmware OS. 9. The system of claim 8 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: transfer control between the firmware OS of the mobile device and a guest OS of the virtual machine, wherein control is transferred based on the privileged component. 10. The system of claim 8 , wherein a mobile application is downloaded by a provisioning component of the mobile application package. 11. The system of claim 8 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: initiate a periodic attempt to establish a connection between the management service component and the management server. 12. The system of claim 8 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: disable access to the virtual phone image until a connection with the management server is established. 13. The system of claim 8 , wherein the virtual phone image comprises paravirtualized guest drivers. 14. The system of claim 13 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: intercept a hypercall request for a device-specific behavior, wherein the paravirtualized guest drivers enable a virtual hardware layer to intercept the hypercall request; and forward, by the virtual hardware layer, the hypercall request to the software virtualization layer, wherein the software virtualization layer facilitates communication with a hardware device for the device-specific behavior. 15. A non-transitory computer readable storage medium embodying executable instructions which, when executed by a processor, cause a mobile device to: bind a mobile application package to a privileged component of a firmware operating system (OS) on a mobile device, the mobile application package comprising a software virtualization layer and a management service component, wherein the software virtualization layer and the management service component are enabled to execute in a privileged mode of the firmware OS based on the privileged component, the privileged mode comprising a superuser mode or a root mode; download a virtual phone image from a management server; and launch, by the software virtualization layer, a virtual machine on the mobile device based on the virtual phone image, wherein the management service component is configured to prevent manual termination of the management service component based on the privileged mode of the firmware OS. 16. The non-transitory computer readable storage medium of claim 15 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: transfer control between the firmware OS of the mobile device and a guest OS of the virtual machine, wherein control is transferred based on the privileged component. 17. The non-transitory computer readable storage medium of claim 15 , wherein a mobile application is downloaded by a provisioning component of the mobile application package. 18. The non-transitory computer readable storage medium of claim 15 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: initiate a periodic attempt to establish a connection between the management service component and the management server. 19. The non-transitory computer readable storage medium of claim 15 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: disable access to the virtual phone image until a connection with the management server is established. 20. The non-transitory computer readable storage medium of claim 15 , wherein the executable instructions, when executed by the processor, further cause the mobile device to: intercept a hypercall request for a device-specific behavior, wherein the virtual phone image comprises paravirtualized guest drivers that enable a virtual hardware layer to intercept the hypercall request; and forward, by the virtual hardware layer, the hypercall request to the software virtualization layer, wherein the software virtualization layer facilitates communication with a hardware device for the device-specific behavior.