[johncolanduoni]

Android always required sandboxing, and Windows's Store/UWP (and the older Windows 8 variant) also require sandboxing. Unfortunately Windows "desktop apps" don't have the option of using the same sandbox, but with some effort you can sandbox your program (Chrome does this to its renderer subprocesses, for example).

[contextfree]

To clarify, the same AppContainer mechanism that UWP apps run in is available for use by Win32 apps (e.g., desktop IE11 used it for "Enhanced Protected Mode"). It's not suitable as a way for users to force existing apps designed for medium trust to run under AppContainer, which I'm guessing is what you meant?

[johncolanduoni]

No actually I wasn't aware AppContainer was available to Win32 apps, I thought the only thing they could use is integrity and the pre-Vista permission model.