Android's use of DAC

In the Android sandbox model, every application runs as its own UID. This means that each app can separate its stored data from one another. The user and group are set to the UID and GID of that application, so no app can access the private files of an application without the application explicitly performing chmod on its objects. Also, applications in Android cannot have capabilities, so we don't have to worry about capabilities such as CAP_SYS_PTRACE, which is the ability to debug another application. In Android, in a perfect world, only system components run with privileges, and applications don't accidentally chmod private files for all to read. This issue was not corrected by the current AOSP SELinux policy due to app compatibility, but could be closed with SELinux. The proper way to share data between applications on Android is via binder, and sharing file descriptors. For smaller amounts of data, the provider model suffices.