From: "Russell Coker" <russell@coker.com.au>

Lots of apps get access to all the mass storage of the phone when they really only need one of the following:

1) Access to store their own data (a chroot would do in this case, but it's only one situation).

2) Access to one particular data store - the most common case being an application which only needs access to photos. A chroot wouldn't work for this as it's a fairly standard feature to store photos in two locations.

3) Access to particular files, EG you view a picture in the gallery app and then say that you want to share it via a particular application.

Well, if the app has its own container, the sharing could be creating a hardlink for the file in question. Containers could cover limited network access too. If you have one running a firewall and a web-proxy, you really know what's sent. Regards Peter