diff --git a/services/better-jail.ts b/services/better-jail.ts
new file mode 100644
index 0000000..f4b5e40
--- /dev/null
+++ b/services/better-jail.ts
@@ -0,0 +1,6 @@
+import { asyncExecFile } from './adapter';
+
+export async function buildBetterJail(id: string, appDir: string) {
+  // Populate the jail with `native` instead of `native_devmode`, to gain higher privileges
+  await asyncExecFile('jailer', ['-t', 'native', '-p', appDir, '-i', id, '/bin/true']);
+}
diff --git a/services/service.ts b/services/service.ts
index 2160fce..20392fb 100644
--- a/services/service.ts
+++ b/services/service.ts
@@ -13,6 +13,7 @@ import Service, { Message } from 'webos-service';
 
 import { asyncStat, asyncExecFile, asyncPipeline, asyncUnlink, asyncWriteFile, asyncReadFile, asyncChmod, asyncMkdir } from './adapter';
 import { fetchWrapper } from './fetch-wrapper';
+import { buildBetterJail } from './better-jail';
 
 import rootAppInfo from '../appinfo.json';
 import serviceInfo from './services.json';
@@ -406,8 +407,14 @@ function runService(): void {
     return serviceRemote as Service;
   }
 
-  async function getAppInfo(appId: string): Promise<Record<string, any>> {
-    const appList = await asyncCall<{ apps: { id: string }[] }>(
+  interface AppInfo {
+    id: string;
+    title: string;
+    type: string;
+    folderPath: string;
+  }
+  async function getAppInfo(appId: string): Promise<AppInfo> {
+    const appList = await asyncCall<{ apps: AppInfo[] }>(
       getInstallerService(),
       'luna://com.webos.applicationManager/dev/listApps',
       {},
@@ -491,7 +498,12 @@ function runService(): void {
 
       try {
         const appInfo = await getAppInfo(installedPackageId);
-        await createToast(`Application installed: ${appInfo['title']}`, service);
+        if (appInfo.type === 'native') {
+          await createToast(`Updating jailer config for ${appInfo.title}…`, service);
+          await buildBetterJail(appInfo.id, appInfo.folderPath)
+            .catch((err) => console.warn('jailer execution failed:', err));
+        }
+        await createToast(`Application installed: ${appInfo.title}`, service);
       } catch (err: unknown) {
         console.warn('appinfo fetch failed:', err);
         await createToast(`Application installed: ${installedPackageId}`, service);