Android security mechanism
: Address
Android apps are running in a sandbox. This sandbox is implemented based on the user ID (UID) and user group ID (GID) provided by the Linux kernel. Android applications during installation, the installation service Packagemanagerservice assigns them a unique UID and GID, as well as grants other GID based on the permissions requested by the application. With these UID and GID, the application can only access specific files, usually only the files that you create. In addition, when the Android application calls the sensitive API, the system checks that it does not request the appropriate permissions when it is installed. If there is no application, then the access will be rejected. For applications that have root privileges, they are not restricted by the sandbox above. In addition, there are root-privileged applications that can be injected into other application processes through Linux ptrace, as well as system processes, to intercept various function calls.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Android security mechanism