Android keeps a close eye on what files your application can read and write. We call this the "application sandbox": a safe area for your code to run which prevents other apps from interfering with your data, and prevents you from interfering with other apps or the operating system

In this talk I will be looking at the rationale behind the sandbox, and how it works. I will look at file ownership, file access modes and the reasons for those "Permission denied" messages. I will dig down to find out exactly why an app can access only a well defined set of private files and shared storage. And I will explain
how SE Linux enforces all of this at at a deep level

You will be reassured that Android is a secure operating system. But, as you know there are always exceptions to the rules. So, in the final section of this talk I will show you how preinstalled system apps can crash though all the barriers