privacy – Utilize “burner” user accounts to sandbox specific “sketchy” apps

There’s some apps that are sort of irreplaceable for a user, yet at the same time unwanted by them, (due to violating privacy, controversial history etc.)

In my case that is Google’s Android File Transfer¹, which is irreplaceable (to me), yet like any Google product, behaves literally like malware when installed on your computer.

When it comes specifically to an app that is:
(i) simply “drag-to-Applications-folder” to install (rather than through a .PKG installer²),
and (ii) on a computer that hasn’t already launched/used that “sketchy” app (now or in the past), can I:

(a) Make a burner Standard-type User Account → logout from my Admin acc → login with that burner one → download and use the “sketchy” app there and then, but making sure I don’t use my Admin credentials at any time, if/when asked while logged in the burner one → logout and back in with my Admin acc → and just erase the burner one?
Would that leave any traces of the “sketchy” app behind, or is it as if it’s never been on this computer?

(b) Instead of deleting that burner acc, can I just keep it for future use, so that it permanently works sort of as a sandbox, for when I need to use “sketchy” apps? (Since I haven’t been able to find a built-in or 3rd-party macOS feature which sandboxes apps for you)
Or would it leave my computer susceptible to those apps?


¹ The reference to that specific app is purely indicative; my inquiry applies to any app that one might deem “sketchy”.

² i.e., app related files will inevitably be installed in /Library/ (and not just ~/Library/) for the app to work properly, when installed through a .PKG installer. Examples: Adobe Photoshop, Microsoft Office, etc.