[pyre]

I thought that iOS and/or Android gave each App its own user account in order to sandbox permissions between apps, so that they can't overwrite each other's files. If all of the user data for an app is owned by that app's uid, then wouldn't this allow someone else running that app to somehow gain access to user data from another 'actual' user?

E.g.

App1 has uid 100 User1 has uid 101 User2 has uid 102

If all userdata for App1 is owned by uid 100, User1 or User2 could potentially used App1 to gain access to the other user's app-specific user data.

(I'll admit that I'm not an iOS or Android programmer, so I may be a bit out of my depth here.)

[pyre]

This is a good example of how HN has gone down the tubes. I've been downvoted to -1 based solely on a post where I raised a possible security concern. I admitted that I wasn't fully versed, but I expected someone to correct my if I was wrong. Instead, I'm downvoted, but no one has bothered to actually post useful information. Am I wrong? Did someone just 'not like the tone' of my post for some strange reason? Who knows? No one is talking.

[Dylan16807]

Ephemeral voting noise is not going down the tubes.

[rlpb]

You are right, and I upvoted you.

On Android, uids are used for apps, not for users. Supporting multiple users on Android is thus not as simple as one might think.