Putting Your App in a Sandbox Voluntarily

Why should you put your app, voluntarily, in a sandbox? Why would anyone want to limit their apps in such a way, when that only limits the functionality? But does it really?

First of all, for those who don’t know. A sandbox environment is when a program is limited to function within it’s own context. This means that, without the system’s blessing, the program can only access data that it has created. And it can only create data in it’s own container. A sandbox can also limit functionality, this means that, say, an application does not need networking, then the sandbox can deny all requests to do networking.

So, if an app running in a sandbox is exploited by a malicious 3rd party, that code can only access files and functionality the system has explicitly granted to the app. This way, an exploited app will not take down an entire system, only that specific app.

Now, back to why any developer with self-respect would want to do this. In the end, everything you make, that you want to make public, is for a user. So whenever you make something, you will have to keep the user in mind.

I don’t know about you, but I definitely don’t write perfect code. My code is prone to bugs (exploitable and just annoying to users). And this is why you should sandbox your applications. We, who create applications, are responsible for protecting them from our stupidity (or imperfections, if you will).

Sandboxing your application will not protect data or the integrity of your own app. Sandboxing will, however, stop an attacker from leveraging your app as a springboard to maliciously access the whole system.

In the end, nothing will an attacker, persistent on maliciously access a consumer’s system. But don’t let your apps be the front door for hackers.