[skuzins]

It's not a proper sandbox. Converted apps run with full trust. There's file system and registry redirection but a malicious app can get around it. See this discussion: https://arstechnica.com/civis/viewtopic.php?f=15&t=1312055

Also full trust vs app container here: https://msdn.microsoft.com/en-us/windows/uwp/porting/desktop...

[oridecon]

That's worse than Win32 since it gives you a false sense of security and you have no way, AFAIK, to see what the app is doing (or to check if it's a true "native" UWP app). Some app uploading my personal stuff without my permission (no extra privileges required) is worse than a cryptolocker.