Does Apple sandbox their own apps? -- Not those sold in the Mac App Store. And, to be honest, it would really help their case with developers if Apple would follow their own rules. It would also help Apple better understand developer concerns and improve entitlements if their own teams had to work within the same restrictions. Perhaps they are moving this direction internally, but the current versions of Apple’s major applications in the Mac App Store (like Aperture, Final Cut Pro, iLife, and iWork) are not sandboxed.
This reminds me of Twitter. When Twitter forced third-party clients to move to OAuth, but didn’t change their own app to use it, many developers said it was a double standard. Twitter’s response: the official Twitter app was part of the service, not really a separate app, so it didn’t need to use OAuth.
Indeed, after the June 1 deadline, Apple issued non-bug-fix updates such as iPhoto 9.3 and Aperture 3.3, yet they remain unsandboxed. Meanwhile, I’ve heard from at least one developer that Apple deemed a third-party 0.0.1 bug-fix update to not be a bug-fix, and so rejected it for not being sandboxed.