Secure access to mobile applications

What is claimed is: 1. A method, comprising: retrieving, from a shared storage location on a mobile device, a last activity time associated with a use of a first mobile application in a protected subset of two or more protected mobile applications, wherein a library associated with a second mobile application is configured to retrieve from the shared storage location on the mobile device the last activity time associated with the use of the first mobile application, wherein the library associated with the second mobile application is configured to modify code of the second mobile application to behave differently than an unmodified version of the code, wherein the shared storage location is accessible to the protected subset of two or more protected mobile applications and is not accessible to at least one application not in the protected subset; determining that the last activity time is within a session expiration time period associated with the protected subset; and allowing, by the library associated with the second mobile application, access to the second mobile application in the protected subset based at least in part on the determination. 2. The method of claim 1 , further comprising: determining that the second mobile application is associated with the protected subset of protected mobile applications. 3. The method of claim 1 , further comprising writing the last activity time to the shared storage location upon an occurrence of a triggering event. 4. The method of claim 1 , wherein said steps of retrieving, determining, and allowing are performed at least in part in response to a request to access the second mobile application. 5. The method of claim 1 , wherein determining that the last activity time is within a session expiration time period comprises determining that a difference between a current time and the last activity time is less than the session expiration period. 6. The method of claim 1 , further comprising: receiving, at a second time after the allowed access to the one or more mobile applications, a request to access an application in the protected subset; and determining that a difference between the second time and the last activity time is within the session expiration time period. 7. The method of claim 1 , further comprising: determining that a difference between a current time and the last activity time exceeds the session expiration time period; and providing an indicator to a management agent associated with the protected subset of mobile applications. 8. The method of claim 7 , further comprising: outputting, by the management agent, a request for user credentials; receiving credentials based at least in part on the request; determining that the received credentials match a stored credential; and allowing access to mobile applications in the protected subset based at least in part on the determined match. 9. The method of claim 8 , wherein allowing access includes: providing, to the shared storage location, authorization information and authentication information; and launching an application in the protected subset based at least in part on a validation of the authorization information and authentication information. 10. The method of claim 7 , further comprising: outputting, by the management agent, a request for user credentials; receiving credentials based at least in part on the request; determining that the received credentials do not match stored credentials; and denying access to each application in the protected subset based at least in part on the determination that the received credentials do not match stored credentials. 11. The method of claim 1 , further comprising: receiving a request to restrict access to the protected subset of the protected mobile applications; and blocking access to the protected subset of protected mobile applications. 12. A system, comprising: a memory or other storage device; and a processor coupled to the memory or other storage device and configured to: retrieve, from a shared storage location on the memory or other storage device, a last activity time associated with a use of a first mobile application in a protected subset of two or more protected mobile applications, wherein a library associated with a second mobile application is configured to retrieve from the shared storage location on the mobile device the last activity time associated with the use of the first mobile application, wherein the library associated with the second mobile application is configured to modify code of the second mobile application to behave differently than an unmodified version of the code, wherein the shared storage location is accessible to the protected subset of two or more protected mobile applications and is not accessible to at least one application not in the protected subset; determine that the last activity time is within a session expiration time period associated with the protected subset; and allow, by the library associated with the second mobile application, access to the second mobile application in the protected subset without credential verification based at least in part on the determination. 13. The system recited in claim 12 , wherein the processor is further configured to determine that the second mobile application is associated with the protected subset of protected mobile applications. 14. The system recited in claim 12 , wherein the processor is further configured to determine that a difference between a current time and the last activity time exceeds the session expiration time period; and provide an indicator to a management agent associated with the protected subset of mobile applications. 15. The system recited in claim 14 , wherein the processor is further configured to: output, by the management agent, a request for user credentials; receive credentials based at least in part on the request; determine that the received credentials match a stored credential; and allow access to the mobile applications in the protected subset based at least in part on the determined match. 16. The system recited in claim 14 , wherein the processor is further configured to: output, by the management agent, a request for user credentials; receive credentials based at least in part on the request; determine that the received credentials do not match stored credentials; and deny access to each application in the protected subset based at least in part on the determination that the received credentials do not match stored credentials. 17. A computer program product, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions, which when executed cause a computer to perform steps of: retrieving, from a shared storage location on a mobile device, a last activity time associated with a use of a first mobile application in a protected subset of two or more protected mobile applications, wherein a library associated with a second mobile application is configured to retrieve from the shared storage location on the mobile device the last activity time associated with the use of the first mobile application, wherein the library associated with the second mobile application is configured to modify code of the second mobile application to behave differently than an unmodified version of the code, wherein the shared storage location is accessible to the protected subset of two or more protected mobile applications and is not accessible to at least one application not in the protected subset