[flangola7]

In a nutshell, because an application won't be able to do anything evil. We're already halfway there on mobile devices. An Android app cannot access system files or files of other apps, period. "Run as admin" doesn't exist. It can't access shared files like camera photos or documents without explicit user permission.

This is mostly accomplished using SELinux, which is an afterthought slapped onto the original OS architecture.

There are exploits that defeat these walls, but it's getting harder. Walls built from the hardware level up will be almost impenetrable and might require finding an error in the chips' microcircuit designs.

[saagarjha]

These are, quite frankly, easy protections to put up. I know a lot of work is invested into them but it’s pretty clear that apps shouldn’t be able to scribble all over the address space of other processes, or just have access to all system devices. The hard part is when you actually have a legitimate need to do certain things but not every app should be granted this permission. For accessibility reasons some apps should be able to simulate user input. Obviously, giving this permission to every app is not good. Some apps should be able to know where you are. The one that your spouse installed on your phone secretly to track you? Probably not. This is where the challenge is these days.