On-line behavioral analysis engine in mobile device with multiple analyzer model providers

What is claimed is: 1. A method for monitoring mobile device behaviors in a mobile device based on models received from multiple model providers, comprising: receiving, via a mobile device processor of the mobile device, a first machine learning model from a first model provider, the received first machine learning model identifying factors and data points relevant to enabling the mobile device processor to determine whether a mobile device behavior is benign; receiving in the mobile device a second machine learning model from a second model provider that is different than, and operates independent of, the first model provider, the received second machine learning model identifying different factors and data points relevant to enabling the mobile device processor to determine whether the mobile device behavior is benign; installing either the first machine learning model or the second machine learning model in the mobile device in conjunction with an existing behavior analyzer engine installed in the mobile device; selecting for monitoring one or more mobile device behaviors in the mobile device based on factors and data points identified by the installed machine learning model; monitoring the selected mobile device behaviors to collect behavior information; using the collected behavior information to perform spatial and/or temporal correlations; generating a behavior vector based on a result of the spatial and/or temporal correlations; comparing the generated behavior vector to the installed machine learning model to generate a comparison result; and determining whether the mobile device behavior is benign based on the comparison result. 2. The method of claim 1 , wherein receiving the first machine learning model comprises receiving a finite state machine representation that includes a mapping of features to behavior classifications. 3. The method of claim 1 , further comprising: replacing the installed machine learning model with a third machine learning model received from a third model provider; and linking the received third machine learning model to the existing behavior analyzer engine so that when the existing behavior analyzer engine performs analysis operations it does so using the received third machine learning model. 4. The method of claim 1 , further comprising: updating the installed machine learning model with information included in a third machine learning model received from a third model provider; and linking the updated machine learning model to the existing behavior analyzer engine so that when the existing behavior analyzer engine performs analysis operations it does so using the updated machine learning model. 5. The method of claim 1 , further comprising: receiving a plurality of additional machine learning models from a plurality of public networks; and updating the installed machine learning model with information included in one or more of the received plurality of machine learning models. 6. The method of claim 1 , wherein receiving the first machine learning model from the first model provider comprises receiving the first machine learning model from one of: a cloud service network server; an app store server; a web server identified via uniform resource locator address; and a file transfer protocol service network server. 7. The method of claim 1 , wherein receiving the first machine learning model from the first model provider comprises: accessing and authenticating an online app store by the mobile device processor; downloading a menu of models available for download or update from the online app store; receiving in the mobile device processor a user selection input; requesting download or update of a user-selected model from the online app store; and receiving the requested user-selected model in a download buffer of the mobile device. 8. The method of claim 1 , wherein installing either the first machine learning model or the second machine learning model in the mobile device in conjunction with the existing behavior analyzer engine installed in the mobile device comprises: validating the received first machine learning model; installing the validated machine learning model in a memory of the mobile device; and registering the installed machine learning model with an observer module of the mobile device. 9. The method of claim 1 , further comprising: receiving a new machine learning model that identifies additional factors and data points as being relevant to enabling the mobile device processor to determine whether the mobile device behavior is benign; updating the installed machine learning model with information included in the new machine learning model in response to determining that an identified mobile device behavior is suspicious; and comparing the generated behavior vector to the updated machine learning model to determine whether the identified suspicious mobile device behavior is benign. 10. A mobile computing device comprising: a mobile device processor; means for receiving a first machine learning model from a first model provider, the received first machine learning model identifying factors and data points relevant to enabling the mobile device processor to determine whether the mobile device behavior is benign; means for receiving a second machine learning model from a second model provider that is different than, and operates independent of, the first model provider, the received second machine learning model identifying different factors and data points relevant to enabling the mobile device processor to determine whether the mobile device behavior is benign; means for installing either the first machine learning model or the second machine learning model in conjunction with an existing behavior analyzer engine; means for selecting for monitoring one or more mobile device behaviors in the mobile computing device based on factors and data points identified by the installed machine learning model; means for monitoring the selected mobile device behaviors to collect behavior information; means for using the collected behavior information to perform spatial and/or temporal correlations; means for generating a behavior vector based on a result of the spatial and/or temporal correlations; means for comparing the generated behavior vector to the installed machine learning model to generate a comparison result; and means for determining whether the mobile device behavior is benign based on the comparison result. 11. The mobile computing device of claim 10 , wherein means for receiving the first machine learning model comprises means for receiving a finite state machine representation that includes a mapping of features to behavior classifications. 12. The mobile computing device of claim 10 , further comprising: means for replacing the installed machine learning model with a third machine learning model received from a third model provider; and means for linking the received third machine learning model to the existing behavior analyzer engine so that when the existing behavior analyzer engine performs analysis operations it does so using the received third machine learning model. 13. The mobile computing device of claim 10 , further comprising: means for updating the installed machine learning model with information included in a third machine learning model received from a third model provider; and means for linking the updated machine learning model to the existing behavior analyzer engine so that when the existing behavior analyzer engine performs analysis operations it does so using the updated machine learning model. 14