Android 外文翻译：Application、System(User) Apps - litonghui/TechBlog GitHub Wiki

Applications

######On the highest level of the stack are applications (or apps), which are the programs that users directly interact with. While all apps have the same structure and are built on top of the Android framework, we distinguish between system apps and user-installed apps.

应用程序是最高水平的堆的程序，与用户直接相互影响。所有的应用有相同的结构被创建在最顶层的Android framework 层，我们可以区分为系统应用和用户安装应用。

System Apps

######System apps are included in the OS image, which is read-only on production devices (typically mounted as /system), and cannot be uninstalled or changed by users. Therefore, these apps are considered secure and are given many more privileges than user-installed apps. System apps can be part of the core Android OS or can simply be preinstalled user applications, such as email clients or browsers. While all apps installed under /system were treated equally in earlier versions of Android (except by OS features that check the app signing certificate), Android 4.4 and higher treat apps installed in /system/priv-app/ as privileged applications and will only grant permissions with protection level signatureOrSystem to privileged apps, not to all apps installed under /system. Apps that are signed with the platform signing key can be granted system permissions with the signature protection level, and thus can get OS-level privileges even if they are not preinstalled under /system. (See Chapter 2 for details on permissions and code signing.) While system apps cannot be uninstalled or changed, they can be updated by users as long as the updates are signed with the same private key, and some can be overridden by user-installed apps. For example, a user can choose to replace the preinstalled application launcher or input method with a third-party application. #####不能被卸载或者更改被用户。当然，这些应用出于安全考虑和拥有更多的特权比用户安装应用。系统应用一部分是Android 系统的核心 或者简单的预装的用户应用，例如邮件客户端或者浏览器。早期的版本的Android，所有的应用被安装在/system（除过系统特殊会检查应用签名证书），在Android4.4以及更高系统应用被安装在 /system/priv-app/作为特殊应用同时被授予权限用于保护 signatureOrSystem 对特殊应用。不是对所有安装在/system 下的应用。所用应用在打包平台上签名被授予系统权限同时这些被授予系统水平的特殊及时他们不被预安装在/system 下（看第二章详细介绍关于权限和代码签名）当然说有的系统应用不被卸载或者修改，但是用户可以更新只要更新的软件签名秘钥相同。一些应用可能被用户安装的应用覆盖。例如，一个用户可以选择替换桌面特殊应用或者第三方输入法 ####User-Installed Apps ######User-installed apps are installed on a dedicated read-write partition (typicallymounted as /data) that hosts user data and can be uninstalled at will.Each application lives in a dedicated security sandbox and typically cannot affect other applications or access their data. Additionally, apps can only access resources that they have explicitly been granted a permission to use. Privilege separation and the principle of least privilege are central to Android’s security model, and we will explore how they are implemented in the next section. #####用户安装应用被安装在一个声明权限为读和写位置（典型安装在/data）指向用户的数据可以被刺耳在以后每一个应用声明周期被声明在一个安全的沙盒中同时不能被其他应用或者第三方数据影响。另外，应用可能只是通过资源中声明请求授予制定用户权限，特殊的权限和特殊原则性被取消为了用户安全我们将探索怎样使用它们在下面部分