Abstract: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.

Abstract: An application based hardware identifier is generated for an application on a device. The application based hardware identifier is generated based on both information describing the application and information describing one or more hardware components of the device. The application based hardware identifier can also optionally be based on an identifier of a user of the device. The application based hardware identifier can be provided by the application to a service provider, allowing the service provider to associate the application based hardware identifier with a particular user or user account. However, as the application based hardware identifier is based on the application information, different applications on the same device will have different application based hardware identifiers. The application based hardware identifier thus helps maintain privacy by preventing tracking of the device across different applications.

Abstract: Methods, systems, and computer program products are provided for enabling selective file system access by applications. An application is installed in a computing device. An application manifest associated with the application is received. The application manifest indicates one or more file types that the application is allowed to access. The indicated file type(s) are registered in a location accessible by a broker service. The application is launched as an application process. The application process is isolated in an application container. The application container prevents direct access by the application process to file system data. An access request related to first data of the file system data is received at the broker service from the application process. Access by the application process to the first data is enabled when the broker service determines that a file type of the first data is included in the registered file type(s).

Abstract: One or more techniques and/or systems are provided for dynamically maintaining user centric data. For example, a data provider app may have knowledge about user centric data associated with a user (e.g., a social network app may have contact information for a social network friend of the user). A user centric profile may be defined for the user centric data based upon information provided by the data provider app (e.g., a contact card may be generated for the social network friend). Responsive to receiving a request for the user centric profile from a requestor app (e.g., an event planning app), the user centric profile may be exposed to the user but not to the requestor app for security and/or privacy purposes. For example, an operating system may present at least some of the user centric profile within an operating system user interface.

Abstract: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.

Abstract: One or more techniques and/or systems are provided for dynamically maintaining user centric data. For example, a data provider app may have knowledge about user centric data associated with a user (e.g., a social network app may have contact information for a social network friend of the user). A user centric profile may be defined for the user centric data based upon information provided by the data provider app (e.g., a contact card may be generated for the social network friend). Responsive to receiving a request for the user centric profile from a requestor app (e.g., an event planning app), the user centric profile may be exposed to the user but not to the requestor app for security and/or privacy purposes. For example, an operating system may present at least some of the user centric profile within an operating system user interface.

Abstract: Systems, methods, apparatuses, and computer program products are described for checking the integrity of applications installed on a computing device and preventing the launch of applications that appear to have been tampered with or modified. In accordance with embodiments, the content of an application is validated at the time the application is to be launched, but before the launch has actually occurred. In accordance with additional embodiments, integrity protection can also be extended to content that is generated by an application (e.g., documents or other files generated by the application), thereby enabling applications to write their own files and data with the same degree of integrity protection.

Abstract: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.

Abstract: One or more techniques and/or systems are provided for dynamically maintaining user centric data. For example, a data provider app may have knowledge about user centric data associated with a user (e.g., a social network app may have contact information for a social network friend of the user). A user centric profile may be defined for the user centric data based upon information provided by the data provider app (e.g., a contact card may be generated for the social network friend). Responsive to receiving a request for the user centric profile from a requestor app (e.g., an event planning app), the user centric profile may be exposed to the user but not to the requestor app for security and/or privacy purposes. For example, an operating system may present at least some of the user centric profile within an operating system user interface.

Abstract: Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination.

Abstract: Systems, methods, apparatuses, and computer program products are described for checking the integrity of applications installed on a computing device and preventing the launch of applications that appear to have been tampered with or modified. In accordance with embodiments, the content of an application is validated at the time the application is to be launched, but before the launch has actually occurred. In accordance with additional embodiments, integrity protection can also be extended to content that is generated by an application (e.g., documents or other files generated by the application), thereby enabling applications to write their own files and data with the same degree of integrity protection.

Abstract: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.

Abstract: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.

Abstract: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.

Abstract: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.

Abstract: One or more techniques and/or systems are provided for dynamically maintaining a service profile. That is, a user may be associated with a variety of services, such as an email service, a social network service, a photo sharing service, etc. An operating system may dynamically provide support for services by maintaining service profiles. For example, a service provider application may specify a service definition defining a service not yet supported (e.g., a social network app may describe functionality and/or information about a new social network service). A service profile may be generated for the service based upon the service definition. The service profile may be exposed to system components and/or applications that may utilize the service profile to access information and/or functionality provided by service (e.g., a camera system component may allow a user to upload a photo to the new social network service utilizing the service profile).

Abstract: One or more techniques and/or systems are provided for dynamically maintaining user centric data. For example, a data provider app may have knowledge about user centric data associated with a user (e.g., a social network app may have contact information for a social network friend of the user). A user centric profile may be defined for the user centric data based upon information provided by the data provider app (e.g., a contact card may be generated for the social network friend). Responsive to receiving a request for the user centric profile from a requestor app (e.g., an event planning app), the user centric profile may be exposed to the user but not to the requestor app for security and/or privacy purposes. For example, an operating system may present at least some of the user centric profile within an operating system user interface.

Abstract: An application based hardware identifier is generated for an application on a device. The application based hardware identifier is generated based on both information describing the application and information describing one or more hardware components of the device. The application based hardware identifier can also optionally be based on an identifier of a user of the device. The application based hardware identifier can be provided by the application to a service provider, allowing the service provider to associate the application based hardware identifier with a particular user or user account. However, as the application based hardware identifier is based on the application information, different applications on the same device will have different application based hardware identifiers. The application based hardware identifier thus helps maintain privacy by preventing tracking of the device across different applications.

Abstract: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.

Abstract: Methods, systems, and computer program products are provided for enabling selective file system access by applications. An application is installed in a computing device. An application manifest associated with the application is received. The application manifest indicates one or more file types that the application is allowed to access. The indicated file type(s) are registered in a location accessible by a broker service. The application is launched as an application process. The application process is isolated in an application container. The application container prevents direct access by the application process to file system data. An access request related to first data of the file system data is received at the broker service from the application process. Access by the application process to the first data is enabled when the broker service determines that a file type of the first data is included in the registered file type(s).