Android’s app model provides developers with a rich set of features and a relatively secure environment, particularly for simple apps. Every app under Android is “sandboxed” into its own process and filesystem space. Taking advantage of the Linux kernel’s process space protection mechanisms, Android assigns each installed app a unique user ID. Unlike traditional desktop operating systems (Linux, Windows, Mac, etc.), Android (generally speaking) uses the concept of the user ID to represent an app rather than a human user. This allows the kernel to keep apps confined in memory, restrict access to underlying hardware or services, and restrict access to the filesystem on the device. By default, each app’s data and resources are contained in a location which only the app and the core framework can access. This design is central to the Android security model.