Methods and apparatus to monitor permission-controlled hidden sensitive application behavior at run-time

What is claimed is: 1. An apparatus for resource access monitoring comprising: a display; a processor coupled to the display; and a memory coupled to the processor, the memory comprising instructions executable by the processor to: identify an access attempt to a monitored resource by an application, the identification occurring after an access permission check is performed, implement a monitor on a critical access path to the monitored resource, the monitor configured to identify the access attempt to the monitored resource by the application, implement a permission monitor, the permission monitor configured to receive, via the monitor, a call reporting the access attempt to the monitored resource by the application, authenticate the call to the permission monitor by a caller authenticator, responsive to the caller authenticator authenticating the call to the permission monitor, determine whether the access attempt involves suspicious activity by evaluating a potential risk associated with the application accessing the monitored resource, and in response to determining that the access attempt involves suspicious activity, provide a graphical user interface (GUI) to the display, the GUI providing a notification of the access attempt. 2. The apparatus of claim 1 , further comprising: the memory comprising instructions executable by the processor to: collect context information associated with the access attempt, and determine whether the access attempt involves suspicious activity based in part on the collected context information. 3. The apparatus of claim 1 , wherein the permission monitor is configured to implement at least one of a whitelist, an access risk evaluator, a rate limiter or a communicator. 4. The apparatus of claim 1 , further comprising instructions executable by the processor to: implement a configurator, the configurator configured to receive, from the permission monitor, a notification of the access attempt by the application, wherein the configurator is configured, in response to receiving the notification, to perform at least one of permitting the application to access to the monitored resource, blocking the application from accessing the monitored resource or generating the GUI providing a notification of the access attempt. 5. The apparatus of claim 1 , further comprising instructions executable by the processor to: implement a second monitor on a critical access path to a second monitored resource, identify, after a second access permission check is performed, a second access attempt to a second monitored resource by a second application, transmit, from the second monitor to the permission monitor, a second call reporting a second access attempt, the second access attempt performed by the second application attempting to access the second monitored resource, and determine whether the second access attempt involves suspicious activity by evaluating a potential risk associated with the second application accessing the monitored resource. 6. The apparatus of claim 2 , wherein the context information comprises at least one of a unique user ID (UID) of the application, the application's process ID (PID), permission information related to the application, a time stamp, or an access history of the application. 7. A method for monitoring resource access, the method comprising: granting, to an application, an access permission for a monitored resource of an apparatus during installation of the application at the apparatus or during a subsequent runtime of the application; performing an identification, by a processor connected to a memory and a display, ofidentifying, by a monitor between the application and the monitored resource, an access attempt to athe monitored resource by anthe application, the identification being performedoccurring after the access permission for the monitored resource of the apparatus is granted to the application and after an access permission check is performed; implementing a monitor on a critical access path to the monitored resource, the monitor configured to identify the access attempt to the monitored resource by the application; implementing a permission monitor, the permission monitor configured to receive, via the monitor, receiving a call reporting the access attempt to the monitored resource by the application; authenticatingmonitoring the call to the permission monitor by a caller authenticatorreporting the access attempt to the monitored resource by the application; responsive to the caller authenticator authenticating monitoring the call to the permission monitor reporting the access attempt to the monitored resource by the application, determiningwhether, based on the access permission granted to the application, that the access attempt involves is related to suspicious activity by evaluating a potential risk associated with the access attempt by the application accessing the monitored resource; and in response to determining that the access attempt involves is related to suspicious activity, providing a graphical user interface (GUI) to the a display, the GUI providing a notification of the access attempt. 8. The method of claim 7 , further comprising: collecting context information associated with the access attempt; and determining whether the access attempt involves is related to suspicious activity based in part on the collected context information. 9. The method of claim 7 , further comprising: implementing, by the permission monitor, at least one of a whitelist, an access risk evaluator, a rate limiter, or a communicator. 10. The method of claim 7 , further comprising: implementing a configurator, the configurator configured to receive, from the permission monitor, a notification of the access attempt by the application, wherein the configurator is configured, in response to receiving the notification, to perform at least one of permitting the application to access to the monitored resource, blocking the application from accessing the monitored resource, or generating the GUI providing a notification of the access attempt. 11. The method of claim 7 , further comprising: implementing a second monitor on a critical access path to between a second application and a second monitored resource; identifying, after a second access permission check is performed, a second access attempt to a second monitored resource by a the second application; transmitting, from the second monitorto the permission monitor, a second call reporting a information associated with the identification of the second access attempt, the second access attempt performed by the second application attempting to access the second monitored resource; and determining whether the second access attempt involves is related to suspicious activity by evaluating a potential risk associated with the access attempt by the second application accessing the monitored resource. 12. The method of claim 8 , wherein the context information comprises at least one of a unique user ID (UID) of the application, the application's process ID (PID), permission information related to the application, a time stamp, or an access history of the application. 13. A non-transitory computer-readable medium comprising program code, that when executed by a processor, causes a system to: grant, to an application, an access permission for a monitored resource of an apparatus during installation of the application at the apparatus or during a subsequent runtime of the application; identify, by a monitor between the application and the monitored resource, an access attempt to a the monitored resource by an the applicati