Understanding Security at the Process Boundary

Unlike your desktop environment where most of the applications run under the same user ID, each Android application generally runs under its own unique ID. By running each application under a different ID, Android creates an isolation boundary around each process. This prevents one application from directly accessing another application's data.

Although each process has a boundary around it, data sharing between applications is obviously possible, but has to be explicit. In other words, to get data from another application, you have to go through the components of that application. For example, you can query a content provider of another application, you can invoke an activity in another application, or—as you'll see in Chapter 8—you can communicate with a service of another application. All of these facilities provide methods for you to share information between applications, but they do so in an explicit manner because you don't access the underlying database, files, and so on.

Android's security at the process boundary is clear and simple. Things get interesting when we start talking about protecting resources (such as contact data), features (such as the device's camera), and our own components. To provide this protection, Android defines a permission scheme. Let's dissect that now.

0 0

Post a comment