117 Copyright © 2017, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 6 DOI: 10.4018/978-1-5225-0945-5.ch006 ABSTRACT The proliferation of mobile devices has changed the way that individuals access digital information with desktop applications now performed seamlessly in mobile applications. Mobile applications related to healthcare, fnance/banking, etc., have highly sensitive data where unsecure access could have serious consequences. This chapter demonstrates an approach to Role-Based Access Control (RBAC) for mobile applications that allows an information owner to defne who can do what by role, which is then enforced within a mobile application’s infrastructure (UI, API, server/database). Towards this objective, the chap- ter: motivates the usage of RBAC for mobile applications; generalizes the structure and components of a mobile application so that it can be customized by role; defnes a confgurable framework of locations where RBAC can be realized in a mobile application’s infrastructure; and, proposes an approach that realizes RBAC for mobile security. To demonstrate, the proposed RBAC approach is incorporated into the Connecticut Concussion Tracker mobile application. INTRODUCTION The proliferation of mobile devices in all aspects of daily living has fundamentally altered the way that individuals interact with mobile applications. Evidence includes: the worldwide shipments of 1.9 billion Role-Based Access Control for Mobile Computing and Applications Yaira K. Rivera Sánchez University of Connecticut, USA Steven A. Demurjian University of Connecticut, USA Joanne Conover University of Connecticut, USA Thomas P. Agresta University of Connecticut Healthcare Center, USA Xian Shao University of Connecticut, USA Michael Diamond Pomona College, USA