Sandbox

A "sandbox" refers to a protected, limited environment where software is allowed to "play" without risking damage to the rest of the operating system.

History
Early Macs running classic Mac OS had no form of memory protection until the introduction of the Mac OS nanokernel in 1994 for PowerPC-based systems. Though protected memory prevents a problematic app from corrupting the memory used by other software, a sandbox goes further by limiting any access at all. For example, Java programs downloaded from the Internet being prevented from accessing a user's private information for malware purposes.

The first version of Mac OS X with a rudimentary sandbox (originally called "Seatbelt") was introduced in 2007 as part of Mac OS X 10.5 (Leopard) as an opt-in system that was often disregarded by developers. Mac OS X 10.7 (Lion) enforced the sandbox by default. This was eventually called the "App Sandbox", which was also implemented in iOS for Apple's mobile devices and required jailbreaking to circumvent it.

Articles

 * Sandboxing vs. Virtualisation by Simon at Stack Overflow (2010-09-12)