Thanks a lot for your explanation, Mark. Indeed, while I have no problem with the concepts defined by the underlying Linux layer, the Android add-ons and terminology prove mighty confusing to me. I'm reading docs but no particularly clear picture of how things are actually set up under the hood arises in my mind. I guess I should root a phone and see for myself...
I take it from your reply all security pertains pretty much internal storage only. Not a very pleasant surprise, I must say. Makes me wonder what the benefit of leaving resources and assets world-readable might be... On Sat, May 26, 2012 at 2:48 AM, Mark Murphy <[email protected]> wrote: > On Fri, May 25, 2012 at 10:31 AM, Latimerius <[email protected]> > wrote: >> Am I messing up somewhere, or is this the expected outcome? > > You believe that all data is created equal. :-) While egalitarian, it > is inaccurate. You appear to be conflating: > > -- resources & assets > -- internal storage > -- external storage > > An app's reesources & assets are world-readable (i.e., any app on the > device can read them). An app's internal storage, by default, is > private to the app's own user ID. Anything on external storage is > world-readable (and world-writeable, for the portion of the world that > holds the WRITE_EXTERNAL_STORAGE permission). > >> Or, does >> it work because both applications are (probably - I'm not totally sure >> what Eclipse does behind the scenes while creating and building >> projects) signed with same key? > > No. > >> I might also be misreading the Dev >> Guide security docs when they refer to "application data" - does that >> mean stuff in assets/ or res/, or just anything an application writes >> to the SD card (should I say "external storage")? > > Neither -- see above. > >> Also, does it mean anybody can read my assets/ if they know the file name? > > Yes, and your resources as well. > > -- > Mark Murphy (a Commons Guy) > http://commonsware.com | http://github.com/commonsguy > http://commonsware.com/blog | http://twitter.com/commonsguy > > Android Training...At Your Office: http://commonsware.com/training > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
