9. Application Isolation
• When an app is installed, it gets a new UID.
• All data stored by that application is assigned
that same UID
• All resources for that app are given full
permissions for the app’s UID.
• Different UIDs can not access each other’s
data.
10. Filesystem Isolation
• All data for the app is stored in
/data/data/app_package_name
• Only UID for specific app can access it
• Apps with same UIDs can access each other’s
data
• Root UID can access all apps’ data!
• SD Card data is not protected!
• Files created using apps MUST be have
appropriate permissions