Method and system for inferring application states by performing behavioral analysis operations in a mobile device

What is claimed is: 1. A method of determining an execution state of a software application or process in a mobile device, the method comprising: monitoring in a processor of the mobile device an activity of the software application or process to collect behavior information; using the collected behavior information to generate a behavior vector that describes the monitored activity via a series of numbers; applying a classifier model that includes a plurality of test conditions to the generated behavior vector to generate application-and-operating-system-agnostic execution state information; and using the application-and-operating-system-agnostic execution state information to determine the execution state of the software application or process. 2. The method of claim 1 , further comprising: selecting a power saving scheme based on the determined execution state; and implementing the selected power saving scheme. 3. The method of claim 1 , further comprising: anticipating a future execution state of the software application or process by applying the classifier model to the behavior vector; and informing a scheduler of the determined future execution state so as to enable the scheduler to perform an action consistent with the determined future execution state. 4. The method of claim 1 , further comprising: determining an operating system execution state of the software application or process; and determining whether the determined operating system execution state is the same as the determined execution state. 5. The method of claim 4 , further comprising classifying the software application as not benign in response to determining that the operating system execution state is not the same as the determined execution state. 6. The method of claim 1 , further comprising: selecting a behavior classifier model based on the determined execution state; and using the selected behavior classifier model to determine whether the software application is not benign. 7. The method of claim 6 , wherein selecting the behavior classifier model based on the determined execution state comprises selecting an application specific classifier model. 8. The method of claim 6 , wherein selecting the behavior classifier model based on the determined execution state comprises: identifying mobile device features used by the software application; and selecting the behavior classifier model to include the identified features. 9. The method of claim 1 , further comprising: determining whether the execution state of the software application or process is relevant to the activity; generating a shadow feature value that identifies the execution state of the software application or process during which the activity was monitored in response to determining that the execution state is relevant to the activity; generating a second behavior vector that associates the activity with the shadow feature value identifying the execution state; and using the second behavior vector to determine whether the activity is not benign. 10. A computing device, comprising: a processor configured with processor-executable instructions to perform operations comprising: monitoring an activity of a software application or process to collect behavior information; using the collected behavior information to generate a behavior vector that describes the monitored activity via a series of numbers; applying a classifier model that includes a plurality of test conditions to the generated behavior vector to generate application-and-operating-system-agnostic execution state information; and using the application-and-operating-system-agnostic execution state information to determine an execution state of the software application or process. 11. The computing device of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations further comprising: selecting a power saving scheme based on the determined execution state; and implementing the selected power saving scheme. 12. The computing device of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations further comprising: anticipating a future execution state of the software application or process by applying the classifier model to the behavior vector; and informing a scheduler of the determined future execution state so as to enable the scheduler to perform an action consistent with the determined future execution state. 13. The computing device of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations further comprising: determining an operating system execution state of the software application or process; and determining whether the determined operating system execution state is the same as the determined execution state. 14. The computing device of claim 13 , wherein the processor is configured with processor-executable instructions to perform operations further comprising classifying the software application as not benign in response to determining that the operating system execution state is not the same as the determined execution state. 15. The computing device of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations further comprising: selecting a behavior classifier model based on the determined execution state; and using the selected behavior classifier model to determine whether the software application is not benign. 16. The computing device of claim 15 , wherein the processor is configured with processor-executable instructions to perform operations such that selecting the behavior classifier model based on the determined execution state comprises selecting an application specific classifier model. 17. The computing device of claim 15 , wherein the processor is configured with processor-executable instructions to perform operations such that selecting the behavior classifier model based on the determined execution state comprises: identifying mobile device features used by the software application; and selecting the behavior classifier model to include the identified features. 18. The computing device of claim 10 , wherein the processor is configured with processor-executable instructions to perform operations further comprising: determining whether the execution state of the software application or process is relevant to the activity; generating a shadow feature value that identifies the execution state of the software application or process during which the activity was monitored in response to determining that the execution state is relevant to the activity; generating a second behavior vector that associates the activity with the shadow feature value identifying the execution state; and using the second behavior vector to determine whether the activity is not benign. 19. A non-transitory computer readable storage medium having stored thereon processor-executable software instructions configured to cause a mobile device processor to perform operations comprising: monitoring an activity of a software application or process to collect behavior information; using the collected behavior information to generate a behavior vector that describes the monitored activity via a series of numbers; applying a classifier model that includes a plurality of test conditions to the generated behavior vector to generate application-and-operating-system-agnostic execution state information