application sandboxing definition

This definition is part of our Essential Guide: Mobile endpoint security: What enterprise InfoSec pros must know now
Contributor(s): Margaret Jones

Application sandboxing, also called application containerization, is an approach to software development and mobile application management (MAM) that limits the environments in which certain code can execute.

The goal of sandboxing is to improve security by isolating an application to prevent outside malware, intruders, system resources or other applications from interacting with the protected app. The term sandboxing comes from the idea of a child's sandbox, in which the sand and toys are kept inside a small container or walled area.

Developers that don't want an application to be touched by outside influences can wrap security policies around an app (see app wrapping) or isolate each application in its own virtual machine (VM), an approach known as micro-virtualization.

Application sandboxing is controversial because its complexity can cause more security problems than the sandbox was originally designed to prevent. The sandbox has to contain all the files the application needs to execute, which can also create problems between applications that need to interact with one another. For example, if a developer builds an application that needs to interact with a device's contacts list, sandboxing would cause that application to lose important functionality.

See also: walled garden, mobile virtualization, dual personna, endpoint security management

This was first published in November 2012

Continue Reading About application sandboxing



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:


File Extensions and File Formats

Powered by: