Flatpak absolutely does use containers for sandboxing. Bubblewrap is wrapper for Linux namespaces. Containers is just another name for the underlying kernel technology called namespaces. Same goes for Docker, LXC, Podman, systemd-nspawn, Firejail, etc. It’s all just userland frontends for kernel namespaces. man bwrap, you can also use the generic unshare to create them and nsenter to enter those same namespaces. It’s cool technology, it’s very easy to use, a simple flag on your exec or opening of an existing fd is all that is required. I used to work on one of the many userland frontend, even have gotten a couple PRs from Jess Fraz who was one of the core Docker devs. Userns still scares the shit out of me (pretty much every single escape has come from them).
Here’s a fun experiment for you: create a root fs using debootstrap and then enter it using unshare and chroot! Tada! Container!