Embodiments of the invention are directed to a system, method, or computer program product for a passive based security escalation to shut off of applications on a mobile device based on rules. As such, the system may identify, via extraction of data, time periods correlating to events that the user may be offline or inactive with respect to his/her mobile device. Once the time periods are identified, rules are created for the level of security escalation required based on the event. Subsequently, a trigger is identified at a time leading up to the event, where the system integrates with the mobile device and requires additional authentication to access one or more applications. Once the offline event starts, the system initiates a shutdown of the functions of one or more applications on the user's mobile device. The system then reinstates the application functionality after the offline event has ended.