University of California, Santa Cruz
From mobile phones to social networks, installing and running third-party applications can be risky. Installing applications often requires running unverified, untrustworthy code with the privilege of a system administrator, allowing it to compromise the security of user data and the operating system. Once installed, applications on most platforms can access anything that a user can: a web browser can read users' e-mail and an e-mail client can access browsing history. Computer scientists have been developing systems for decades which follow the \"Principle of least authority,\" yet few consumer computing platforms adopt their techniques.