This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
7. - Key terms for the MDM world and beyond: Read more in this section
- application sandboxing
- COPE (corporate-owned, personally-enabled)
- dual persona (mobile device management)
Explore other sections in this guide:
- 1. - Mobile device management strategy and policy
- 2. - MDM tools, training and software
- 3. - Focusing on the endpoints
Application sandboxing, also called application containerization, is an approach to software development and mobile application management (MAM) that limits the environments in which certain code can execute.
The goal of sandboxing is to improve security by isolating an application to prevent outside malware, intruders, system resources or other applications from interacting with the protected app. The term sandboxing comes from the idea of a child's sandbox, in which the sand and toys are kept inside a small container or walled area.
Developers that don't want an application to be touched by outside influences can wrap security policies around an app (see app wrapping) or isolate each application in its own virtual machine (VM), an approach known as micro-virtualization.
Application sandboxing is controversial because its complexity can cause more security problems than the sandbox was originally designed to prevent. The sandbox has to contain all the files the application needs to execute, which can also create problems between applications that need to interact with one another. For example, if a developer builds an application that needs to interact with a device's contacts list, sandboxing would cause that application to lose important functionality.