Real-time recording and monitoring of mobile applications

What is claimed is: 1. A method comprising: monitoring, using a dynamic real-time security and behavior analysis engine, a subset of all data input to an application on a mobile device and data output from the application, wherein the dynamic real-time security and behavior analysis engine is configured to encapsulate the application using an application wrapping technique in such a manner that processes of the application cannot detect the dynamic real-time security and behavior analysis engine and processes performed thereby; storing, by the dynamic real-time security and behavior analysis engine, meta-data, which describes (1) the monitored subset of all data input to the application and data output from the application and (2) performance characteristics of the application, on the mobile device; determining, by the dynamic real-time security and behavior analysis engine, whether a behavior of the application is anomalous based on a comparison of real-time meta-data to historical meta-data stored on the mobile device, wherein the historical metadata describes normal application operation performance characteristics of the application while executing on other mobile devices; in response to determining that the behavior of the application is anomalous, initiating enhanced monitoring to monitor all data input to the application and data output from the application on the mobile device, wherein the enhanced monitoring comprises recording video of all actions taken on the mobile device and diagnosing a cause of the anomalous behavior based at least in part on the enhanced monitoring; in response to determining, based on the data input to and output from the application received in the enhanced monitoring mode, that a particular application is requesting a resource that the particular application has never accessed before, determining a risk level associated with the particular application accessing the resource based on (1) performance history of the particular application, (2) a sensitivity of the resource, and (3) an importance of the resource; and determining whether the particular application should be granted full, restricted, or any access to the resource based on the risk level. 2. The method of claim 1 , wherein determining whether the behavior of the application is anomalous based on the meta-data stored on the mobile device includes: determining whether the behavior of the application deviates from a baseline level by a predetermined amount or greater; and determining that the behavior of the application is anomalous in response to determining that the behavior of the application deviates from the baseline level by the predetermined amount or greater. 3. The method of claim 2 , wherein the behavior of the application corresponds to an amount of processor capacity utilized by the application, wherein the baseline level corresponds to an average amount of processor capacity utilized by a plurality of applications similar to the application, and wherein the predetermined amount is a deviation of about 30%. 4. The method of claim 1 , further comprising: providing the meta-data to the other device; receiving feedback data from the other device, the feedback data indicating whether the behavior of the application is anomalous based on the meta-data; and providing the detailed data to the other device in response to receiving feedback data indicating that the behavior of the application is anomalous based on the meta-data. 5. The method of claim 1 , further comprising: injecting the dynamic real-time security and behavior analysis engine into the application using the application wrapping technique. 6. The method of claim 1 , further comprising: providing the meta-data to the other device; and receiving feedback data from the other device, the feedback data indicating a baseline level for the behavior of the application, wherein determining whether the behavior of the application is anomalous based on the meta-data stored on the mobile device includes: determining whether the behavior of the application deviates from the baseline level by a predetermined amount or greater; and determining that the behavior of the application is anomalous in response to determining that the behavior of the application deviates from the baseline level by the predetermined amount or greater. 7. The method of claim 1 , further comprising: receiving feedback data from the other device, the feedback data indicating whether the behavior of the application is anomalous based on the detailed data; and restricting the application's access to a resource in response to receiving feedback data indicating that the behavior of the application is anomalous based on the detailed data. 8. A system comprising: a dynamic real-time security and behavior analysis engine configured to encapsulate an application on a mobile device using an application wrapping technique in such a manner that processes of the application cannot detect the dynamic real-time security and behavior analysis engine and processes controlled thereby; a monitoring device configured to be controlled by the dynamic real-time security and behavior analysis engine to monitor a subset of all data input to the application and data output from the application; a memory of the mobile device configured to be controlled by the dynamic real-time security and behavior analysis engine to store meta-data, which describes (1) the monitored subset of all data input to the application and data output from the application and (2) performance characteristics of the application; a determining device configured to be controlled by the dynamic real-time security and behavior analysis engine to determine whether a behavior of the application is anomalous based on a comparison of real-time meta-data to historical meta-data stored on the mobile device, wherein the historical metadata describes normal application operation performance characteristics of the application while executing on other mobile devices; the determining device further configured to, in response to determining that the behavior of the application is anomalous, initiate enhanced monitoring to monitor all data input to the application and data output from the application on the mobile device, wherein the enhanced monitoring comprises recording video of all actions taken on the mobile device and diagnosing a cause of the anomalous behavior based at least in part on the enhanced monitoring; the determining device further configured to, in response to determining, based on the data input to and output from the application received in the enhanced monitoring mode, that a particular application is requesting a resource that the particular application has never accessed before, determine a risk level associated with the particular application accessing the resource based on (1) performance history of the particular application, (2) a sensitivity of the resource, and (3) an importance of the resource; and the determining device further configured to determine whether the particular application should be granted full, restricted, or any access to the resource based on the risk level. 9. The system according to claim 8 , wherein the determining device is configured to: determine whether the behavior of the application deviates from a baseline level by a predetermined amount or greater; and determine that the behavior of the application is anomalous in response to determining that the behavior of the application deviates from the baseline level by the predetermined amount or greater. 10. The system according to claim 9 , wherein the behavior of the application corresponds to an amount of processor capaci