If a system is compromised, storing applications and software separately from state information about users’ interactions with an application may better protect individuals’ privacy.