Android applications are written in the Java programming language. The Android SDK tool compiles your code-along with any data and resource files-into an APK:Android Package , which is an .apk
archive file with a suffix. An APK file contains all the content of an Android app, which is a file that is used by Android-based devices to install the app.
After installing to the device, each Android app runs in its own security sandbox:
- The Android operating system is a multi-user Linux system, where each application is a different user;
- By default, each app is assigned a unique Linux user ID (the ID is only used by the system and is not known by the app). The system sets permissions for all files in the app so that only the user ID assigned to the app can access the files;
- Each process has its own virtual machine (VM), so the application code is run in an environment that is isolated from other applications;
- By default, each app runs within its own Linux process. Android starts the process when it needs to execute any application components, and then shuts down the process when it is no longer needed or when the system must recover memory for other apps.
This is the way Android systems can implement the principle of least privilege . That is, by default, each app has access only to the components that it needs to perform its work, not to other components. This creates a very secure environment in which apps cannot access the parts of the system that they do not have permissions on.
However, apps can still share data with other apps and access system services in some ways:
- You can schedule two apps to share the same Linux user ID, in which case they can access each other's files. To conserve system resources, you can schedule an app with the same user ID to run in the same Linux process and share the same VM (the app must also be signed with the same certificate).
- Apps can request access to device data, such as users ' contacts, text messages, loadable storage devices [SD cards], cameras, Bluetooth, and so on. Users must explicitly grant these permissions. For more information, see Using System permissions
[Android Development] Permissions