Malwarebytes on Android includes a file scanner. Is it known or claimed to be sandboxed, by anything more than the Android sandbox for the Malwarebytes app?
Or does it avoid using any parser code in languages with low memory safety (C, C++ etc)?
Perhaps they have been independently certified, for protecting their file scanner appropriately?
File parsers are prone to vulnerabilities. That’s partly why PC antiviruses scan even non-program files. But it’s also why PC antiviruses have been vulnerable, and started to sandbox their file parsers.
I have read these previous questions and their answers: