Chris Simmonds

Looking after the inner penguin

Talk Title

Why can’t my app open that file? A deep dive into the Android app sandbox






13:25 > 40 min


on Twitter

Android keeps a close eye on what files your application can read and write. We call this the "application sandbox": a safe area for your code to run which prevents other apps from interfering with your data, and prevents you from interfering with other apps or the operating system

In this talk I will be looking at the rationale behind the sandbox, and how it works. I will look at file ownership, file access modes and the reasons for those "Permission denied" messages. I will dig down to find out exactly why an app can access only a well defined set of private files and shared storage. And I will explain
how SE Linux enforces all of this at at a deep level

You will be reassured that Android is a secure operating system. But, as you know there are always exceptions to the rules. So, in the final section of this talk I will show you how preinstalled system apps can crash though all the barriers

Speaker Bio

Chris Simmonds is a software consultant and trainer living in southern England. He has two decades of experience in designing and building open-source embedded systems. He is the founder and chief consultant at 2net Ltd, which provides professional training and mentoring services in Android platform development, Embedded Linux, and Linux device drivers. He has trained engineers at many of the biggest companies in the embedded world. He is the author of the book “Mastering Embedded Linux Programming”, and is a frequent presenter at open source and embedded conferences, including the Embedded Linux Conference and FOSDEM. You can see some of his work on the “Inner Penguin” blog at