Particular embodiments provide a method to authenticate a user of an application running on a mobile operating system (OS) installed on a mobile device, wherein the mobile OS invokes callback methods of the application upon making changes to an execution state of the application. Code embedded into the application causes the application to communicate with a management agent installed in the mobile OS upon invocation of a hooked callback method. Upon invocation of the hooked callback method, the embedded code assesses whether the user should be provided an authentication challenge prior to enabling the application to run in the foreground, and presents the authentication challenge if necessary. Finally, the embedded code returns execution control from the management agent back to the application wherein the application executes the at least one callback method prior to running in the foreground.