Why do you think this is possible when you have basically rogue apps that will abuse any provided infrastructure? The only real way around it is to review every app and only allow trusted programs.