Application sandboxing, also called application containerization, is an approach to software development and mobile application management (MAM) that limits the environments in which certain code can execute.
The goal of sandboxing is to improve security by isolating an application to prevent outside malware, intruders, system resources or other applications from interacting with the protected app. The term sandboxing comes from the idea of a child's sandbox, in which the sand and toys are kept inside a small container or walled area.
Developers that don't want an application to be touched by outside influences can wrap security policies around an app (see app wrapping) or isolate each application in its own virtual machine (VM), an approach known as micro-virtualization.
Application sandboxing is controversial because its complexity can cause more security problems than the sandbox was originally designed to prevent. The sandbox has to contain all the files the application needs to execute, which can also create problems between applications that need to interact with one another. For example, if a developer builds an application that needs to interact with a device's contacts list, sandboxing would cause that application to lose important functionality.