Basics - II Attack Defense-in-Surface depth Least Privilege
Android Architecture Your AppsApplication Framework Native Libraries Linux Kernel
Android Security Model Application Isolation Application Signing Filesystem Isolation
Application Isolation• When an app is installed, it gets a new UID.• All data stored by that application is assigned that same UID• All resources for that app are given full permissions for the app’s UID.• Different UIDs can not access each other’s data.
Filesystem Isolation• All data for the app is stored in /data/data/app_package_name• Only UID for specific app can access it• Apps with same UIDs can access each other’s data• Root UID can access all apps’ data!• SD Card data is not protected!• Files created using apps MUST be have appropriate permissions