Re: [android-developers] permission to access another apk's assets/ directory

On Fri, May 25, 2012 at 10:31 AM, Latimerius <l4t1m3r1us@googlemail.com> wrote:
> Am I messing up somewhere, or is this the expected outcome?

You believe that all data is created equal. :-) While egalitarian, it
is inaccurate. You appear to be conflating:

-- resources & assets
-- internal storage
-- external storage

An app's reesources & assets are world-readable (i.e., any app on the
device can read them). An app's internal storage, by default, is
private to the app's own user ID. Anything on external storage is
world-readable (and world-writeable, for the portion of the world that
holds the WRITE_EXTERNAL_STORAGE permission).

> Or, does
> it work because both applications are (probably - I'm not totally sure
> what Eclipse does behind the scenes while creating and building
> projects) signed with same key?

No.

> I might also be misreading the Dev
> Guide security docs when they refer to "application data" - does that
> mean stuff in assets/ or res/, or just anything an application writes
> to the SD card (should I say "external storage")?

Neither -- see above.

> Also, does it mean anybody can read my assets/ if they know the file name?

Yes, and your resources as well.

--
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy

Android Training...At Your Office: http://commonsware.com/training

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en