cyren.com

I've had a few visits from these guys recently. So far I think they're the good guys.

From their website:

Protect against known and previously unseen malware – our superior detection is based on a combination of heuristics, signatures, and CYREN GlobalView Cloud detection, specifically tailored for Android

They didn't trigger any of the dozen or so behavioural traps I use, so they remain unblocked on my site.

Some security products follow users around and check the pages they visit. I have two visits from them today, both requests for my home page.

Impersonating Firefox/27 and not reading robots.txt seems reasonable if you are effectively proxying for a human. If they crawl a site, that's different.

I'm assuming their visits are accompanying a visitor who's using their service. If they keep on coming indefinitely that's also different, because it means that the traffic they generate is no longer proportional to my human traffic, and that's where I start to object.

Benefit of the doubt on my site.

Well their hits *did* trigger one of my behavioral traps (can't remember which) but upon further consideration, I am allowing them for the moment, especially since they say they are "tailored for Android."

I'm turning them away till I know their purpose. In late Feb., two appeared on radar generating 404s (seeking case-sensitive pages as lowercase) on two different days.

216.163.188.236
216.163.188.239

(keyplyr, re your OP: Did the UA have a quote at the end? Mine didn't.)

Sorry, early onset Alzheimer's

(which will be my excuse from now on, if I remember to use it)

Had a data inquiry on a specific widget on Jan 2nd (with a request for copyrite use from a person writing a book). I provided links to two topic related pages and the pages were immediately crawled by this I, and using the same UA keyplr provided.
In summary, it appears the person simply uploaded the pages to a cloud.

Some security products follow users around and check the pages they visit.

I've never understood these. "Hey, you know that site you visited three seconds ago? Well, turns out they gave your computer an incurable virus." If the user has already been to the site and downloaded all supporting files-- including ones the security program doesn't ask for, because nobody in human history ever disguised malign activity behind a .jpg extension-- isn't it too late?

But then, I never understood royal tasters either. Poisons don't act that fast.

This type of thing has been going on for years. The user has either a browser plug-in or is using a tool bar, so that's how the URL is captured by the service. In this case, they pretty much tell you they are installed on Android devices, so there it is, mystery solved... now back to my dementia :)