Application Sandbox Security involves ensuring that an app operates within its designated boundaries—isolated from other apps and system resources. Modern mobile and desktop operating systems enforce sandboxing to prevent apps from accessing unauthorized data or functionalities. However, misconfigurations or insecure development practices can lead to sandbox violations, exposing sensitive user information and creating attack vectors. Testing this area helps identify risks where an app exceeds its intended privileges or improperly shares data.
Sandbox Security Tests include:
Shared User Resources
Checks whether the app unnecessarily stores sensitive data in shared or globally accessible locations (like public folders), potentially allowing other apps or users to access it.
Excessive Permissions
Evaluates whether the app requests more permissions than required for its core functionality—such as access to the camera, microphone, location, or file system—which increases the risk if the app is compromised.
Disclosure of Privileged Data to Public Resources
Tests for private or sensitive data (e.g., access tokens, user credentials, or internal logs) that is, unintentionally, exposed to logs, external storage, or other publicly accessible locations.