Security issues (e.g., data breaches, malicious applications, account hijacking, and insecure application programming interfaces) are obstacles in the adoption of Cloud Computing (CC) and Mobile Cloud Computing (MCC) technologies as the enormous data circulation through the Internet has attracted attackers to this environment. MCC inherits the security challenges faced by CC that affect the security and privacy of user information, such as multi-tenancy, data security, virtualization security, and application vulnerabilities. The highly distributed nature of MCC makes it vulnerable to attacks such as denial of service (DoS), distributed denial of services (DDoS), virtual machines to virtual machines attacks, man-in-the-middle attacks, cloud malware injection, covert channel, and others. These attacks spread to the Mobile Device (MD) layer of the MCC infrastructure, in which external access to MDs may enable the stealing of sensitive information. The exposure of the MD is due in part to vulnerabilities introduced by malicious applications downloaded by users from trusted, or untrusted sources. Despite the significant attack exposure level of the MD layer of the MCC architecture, it has received little research attention; most of the existing work reported in the extant literature targets the cloud infrastructure of the MCC environment. Although some researchers have offered security solutions for the MCC environment, these solutions are not comprehensive enough as they only provide countermeasures to a small number of known security threats. Hence the main research question: what security components are required in a framework that can be used to protect MCC resources against attacks and enhance the security of user data in this environment? To address the main research question, this study adopted a Design Science Research Methodology (DSRM) approach, to identify the security components needed and proposes a novel security framework that offers a comprehensive solution to a large number of the known security threats in the MCC domain. Based on the framework, a proof-of-concept prototype system, a novel hybrid intrusion detection and prevention system named MINDPRES (Mobile-Cloud Intrusion Detection and Prevention System) was designed and implemented. MINDPRES aims to protect the security of the MD layer of the MCC infrastructure, it combines a host-based Intrusion Detection System (IDS) and a network-based IDS using a Machine Learning (ML) model for the detection of malicious activities at the MD nodes of the MCC environment. Android apk files from two repositories were collected and used to construct the datasets used in building an ensemble ML classification model that uses the permissions and intents demanded by apps to determine if an app is malicious or not. Using the prototype system (MINDPRES), MD users can evaluate all apps on their device; each app is assigned a risk score and risk category. The system also monitors the actual behaviour of the apps by analysing the API calls to detect malicious behaviour; the MD user is automatically alerted, and the activities of such apps are blocked. The results obtained from the experiments carried out in this study show that the prototype system is effective in tackling security issues caused by malicious apps in the user layer of the MCC environment. The energy consumption and intrusion detection performance evaluation results indicate that the prototype system is feasible for implementation in the resource-constrained MDs used in the MCC environment. In addition, the prototype system was evaluated by invited security experts who were given access to standalone MDs with MINDPRES pre-installed. The expert feedback was also positive, and they all agreed that the prototype system is highly effective in detecting and preventing malicious activities at the MD node of the MCC infrastructure. Despite the prototype implementation being limited to the Android mobile ecosystem, this study proposes a novel data security framework that detects and prevents the security issues caused by malicious applications in the MCC environment, by monitoring device behaviour using a hybrid analysis approach without root-level access to the device resources. However, there is a need for further research to improve the proposed framework to manage security issues at other layers of the MCC architecture and the implementation of a cross-platform prototype system.