User IDs and File Access
Each Android package (.apk) file installed on the device is given its
own unique Linux user ID, creating a sandbox for it and preventing it from touching
other applications (or other applications from touching it). This user ID is
assigned to it when the application is installed on the device, and
remains constant for the duration of its life on that device.
Because security enforcement happens at the
process level, the code of any two packages can not normally
run in the same process, since they need to run as different Linux users.
You can use the sharedUserId attribute in the
AndroidManifest.xml
's
manifest tag of each package to
have them assigned the same user ID. By doing this, for purposes of security
the two packages are then treated as being the same application, with the same
user ID and file permissions. Note that in order to retain security, only two applications
signed with the same signature (and requesting the same sharedUserId) will
be given the same user ID.
Any data stored by an application will be assigned that application's user
ID, and not normally accessible to other packages. When creating a new file
with getSharedPreferences(String, int),
openFileOutput(String, int), or
openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory),
you can use the
MODE_WORLD_READABLE and/or
MODE_WORLD_WRITEABLE flags to allow any other
package to read/write the file. When setting these flags, the file is still
owned by your application, but its global read and/or write permissions have
been set appropriately so any other application can see it.