First to clarify only root
(UID 0
) isn't enough to get access to /data
at least since Android 5. Discretionary Access Control based on traditional UNIX UIDs/GIDs alone doesn't fulfill the needs of modern complex OSes like Android. DAC is supplemented by Mandatory Access Control (MAC);
SELinux in case of Android. So to access /data
your process/user must have an allowed policy explicitly defined.
Google Play Store was opened under my current user permission
This isn't correct. Concept of “users†is different on Android than on normal Linuxes. On Android every app is assigned a unique UID (from range 10000 to 19999) and it runs under its own user. Privileges are then controlled through Android's permission framework. At filesystem level every app is bound to a few directories (private and shared), that too subject to some permissions. For details see Where Android apps store data?
So there is no human user which could run its all programs under current user/UID.
it downloaded and installed other APKs to /data. That means I have full access to the /data
partition.
Play Store doesn't install apk
files, it just performs a few verifications and downloads the file using Download Manager (com.android.providers.downloads
) which runs under its own UID. App installation to /data/app
and other relevant directories is mainly handled by Package Manager service running under UID 1000
(system_server
process) in Java stack and installd
running under UID 0
in native stack. Package Installer (com.android.packageinstaller
) is the system app - running under its own UID - which provides user interface to (un)install apps manually. See more details here. Similarly all apps and processes have their own SELinux contexts to allow access to required processes and files. There are a number of APIs and IPCs involved in this whole process.
Why superuser permission is needed for accessing /data
partition?
Simply put, it's protection. As you need root access to change /etc
directory on Linux OSes and as you need Administrator rights to open Registry Editor on Windows. This restriction is to isolate and protect every app's process in a confined environment. Other than DAC and MAC, other phenomena like Linux capabilities, namespaces, cgroups and seccomp filters are also used for this sandboxing. It also enforces apps' limited access to resources and makes auditing easy.
A few common reasons from my answer to How do I access $HOME/storage
outside of Termux?:
/data
partition also contains system settings including sensitive data like password databases (though not saved as plain text), contacts, call logs and apps statistics. So /data
isn't accessible without root in order to:
- Protect apps' private data from other apps
- Protect system data and settings from bad apps and malware
- Isolate users/profiles from other users/profiles
- Not let apps access shared storage without Storage permission granted
- Enforce APIs by Android framework so that apps can't use system resources and read/manipulate device information and settings without proper permissions
And possibly there are other reasons. For more details see Are multiple-users protected from each other differently than apps?