alt Hacker NewsThere is software that does exactly that. You install a software kiosk were users can pick from and users don't get admin rights.
Won't satisfy developers for long though because it cannot work.
The problem is that mobile OS security systems isn't fit to develop anything but shit. It is simply no solution for desktop.
Well, one issue with the app store solution at my workplace is that you can still download anything, even if you can't install it. And executables can still be executed even from your downloads folder. Or your personal bin folder. So preventing people from executing unknown apps is not going to work that way.
But then again, we write and execute our own code, so of course we have to be able to execute unknown code.
The whole thing feels like an exercise in futility to me. It would make more sense to specify what rights a specific application should have. Let me approve the external urls it wants to visit, the folders it wants to access, etc. Shield everything else off.