On Sat, Jun 27, 2020, at 5:43 AM, Rich Freeman wrote: > But, as I said, using more uids/gids in general means having more > separation. In general it only increases security, with the caveat > that it does potentially make auditing more complex. >
Android's security model is uid per app. This is about as effective you can get on a mostly stock kernel. There is essentially no isolation within a uid. It's also why it is very hard to use an Android phone for anything without rooting it. If you look at the CVEs for Android they are typically rather benign, the more persistent issue is you constantly carry the device with you.
