Re: [android-developers] permission to access another apk's assets/ directory

Thanks a lot for your explanation, Mark. Indeed, while I have no
problem with the concepts defined by the underlying Linux layer, the
Android add-ons and terminology prove mighty confusing to me. I'm
reading docs but no particularly clear picture of how things are
actually set up under the hood arises in my mind. I guess I should
root a phone and see for myself...

I take it from your reply all security pertains pretty much internal
storage only. Not a very pleasant surprise, I must say. Makes me
wonder what the benefit of leaving resources and assets world-readable
might be...

On Sat, May 26, 2012 at 2:48 AM, Mark Murphy <mmurphy@commonsware.com> wrote:
> On Fri, May 25, 2012 at 10:31 AM, Latimerius <l4t1m3r1us@googlemail.com> wrote:
>> Am I messing up somewhere, or is this the expected outcome?
>
> You believe that all data is created equal. :-) While egalitarian, it
> is inaccurate. You appear to be conflating:
>
> -- resources & assets
> -- internal storage
> -- external storage
>
> An app's reesources & assets are world-readable (i.e., any app on the
> device can read them). An app's internal storage, by default, is
> private to the app's own user ID. Anything on external storage is
> world-readable (and world-writeable, for the portion of the world that
> holds the WRITE_EXTERNAL_STORAGE permission).
>
>> Or, does
>> it work because both applications are (probably - I'm not totally sure
>> what Eclipse does behind the scenes while creating and building
>> projects) signed with same key?
>
> No.
>
>> I might also be misreading the Dev
>> Guide security docs when they refer to "application data" - does that
>> mean stuff in assets/ or res/, or just anything an application writes
>> to the SD card (should I say "external storage")?
>
> Neither -- see above.
>
>> Also, does it mean anybody can read my assets/ if they know the file name?
>
> Yes, and your resources as well.
>
> --
> Mark Murphy (a Commons Guy)
> http://commonsware.com | http://github.com/commonsguy
> http://commonsware.com/blog | http://twitter.com/commonsguy
>
> Android Training...At Your Office: http://commonsware.com/training
>
> --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to android-developers@googlegroups.com
> To unsubscribe from this group, send email to
> android-developers+unsubscribe@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en