As mobile devices are increasingly used in day-to-day tasks involving sensitive information, authentication and money, they are becoming attractive targets for attackers. Recent attacks against mobile devices have succeeded in leaking the sensitive information stored on the device and have provided attackers financial gain through the unauthorized use of phone and messaging services.While the current state-of-the-art is designed with security in mind and provides a level of protection they are static and have a major assumption: every user will download applications from the ‘official app store’ in which, submitted applications are statically checked and validated prior to being admitted. The app store validation is mainly based on permission checks and code verification prior to installation. However, once the application passes and makes its way to the user’s mobile device, no further security checks occur. This leaves the users open for sophisticated attacks involving various data leak cases or the interaction of existing applications on the device.Therefore, ACTIVMOBSEC proposes an active approach based on user and application behaviour modelling, similar but not identical to anomaly detection, for detecting the behaviour changes on the device. The main challenge is to differentiate between legitimate changes (i.e., software updates) and the malicious acts such as device theft, malware infection or data leaks. To this end, ACTIMOBSEC aims to improve the user awareness and provide clear and concise information on the device state. Furthermore, a user centric validation technique will be investigated to provide a way for only the legitimate user to train his/her device while the malicious use and users will cause the device to operate in a defensive state, preventing access to sensitive data and functions.