I am not aware that anyone has ever made this work. Full VMs are escapable, iOS jails have been broken and even permissions technically allowed can be abused, etc. There is room to improve, but "just make it impossible to escape the sandbox" is massively oversimplifying. It also makes it harder to make useful apps if you reduce API surface.