ICSI in Fast Company

Officially, apps generally interact with Android through software hooks known as APIs, giving the operating system the ability to manage their access. “While the Android APIs are protected by the permission system, the file system often is not,” said Serge Egelman, research director of the Usable Security and Privacy Group at the International Computer Science Institute. “There are apps that can be denied access to the data, but then they find it in various parts of the file system.”