Hi Cmn,
I need more time to look into your issue with mobile applications. I probably wont be able to get through it tonight. I hope to have something to report early in the work week.
Yes, the visuals in the gallery are not sandboxed because they have been verified to be safe for end users. That being said, most visuals work properly in sandbox with no changes. Anything that does not work is considered either (A) a bug in sandbox (which we want to fix) or (B) use of an unsupported PowerBi API unexpected to be used for custom visuals (we want to expose these in a better way) or (C) a security vulnerability (these need to be prevented).
Custom visuals is a preview feature and people are using it in ways we could not have ever imgined which is great! But we need to continue to invest to make sure that all (A) and (B) scenarios are supported in a way that will never break long term ever.
