Getting Back Into the Swing of Things

For my first day back I am starting by looking at how Android sandboxes applications. The security section of Android's open source documentation (at https://source.android.com/tech/security/) does a fair job of documenting the basics. The most interesting portion of the description that I found explains that all of Android's applications run as separate users. This gives each one the flexibility to make system calls and utilize all of android's services while not being able to interact with one another. It is also deeply ingrained in the Linux kernel (which android is based off of) that users must not be able to affect one another, helping to ensure that if one application is exploited, the attacker will not be able to affect other programs unless he/she finds a vulnerability in the Linux kernel. Understanding that the system is set up this way also helps to explain why having root makes the whole system vulnerable. Because root has permissions to access all other users' files, any program with root access can read, write, and execute all other applications' files, breaching the sandbox and allowing an attacker to influence all programs on a phone.