- defense in depth means adding such an extra layer is a good idea
- an app can 100% stay within its sandbox and still be nefarious. For example, a password manager could secretly send all your passwords to Mr(s) Evil.
It also wouldn't have a competitive feature set if that were the case -- syncing across devices is a bog standard feature for password managers.
Also, the possibilities for nefarious apps that aren't thwarted by sandboxes are endless: social engineering and phishing are very common and effective.
- an app can 100% stay within its sandbox and still be nefarious. For example, a password manager could secretly send all your passwords to Mr(s) Evil.