When your app gets installed, that's when the system creates the identity, or the account, that's going to be associated with your app. So, let's dive a little deeper into what that actually means on app or Android when you install an app, and what happens under the hood to create that user account. Well, when you create an Android app, one of things you have to specify is an Android manifest.xml file. And this is a file that all of you should be very well familiar with if you've been building Android apps. And what this does is it tells Android things that it needs to know about your app in order to install it on the system, in order to understand what each different components are. And very importantly from a security perspective, it tells it which capabilities of the hardware platform on the Android device or the capabilities provided by other apps, like the Contacts app, that you want to have access to in your app. So you declare a series of uses permissions. And these are things that your app wants to have access to on the underlying platform. And each of these user permissions corresponds to some type of underlying capability of the device. Something like access to the Internet maybe, or access to the camera. And your app declares all of these things up front so that when the user installs your app on their device, Android can go and scan all of these user permissions, figure out what they map to in terms of capabilities in your device, and then present a menu to the user saying do you want to allow this app to have access to x, y and z things. So the user gets to decide is this okay? And if they say that it's okay, what Android does is it takes all these user permissions and it goes and creates an account on the underlying Linux operating system that's part of Android for your app. So, Android is a modified version of Linux that runs on mobile devices. And when you create, install an app, and then create a user account for it, what's actually happening is that the underlying Linux operating system is creating a user for that app. So, this and this, basically create the Linux user for your app. This is what's going to define the capabilities of this linux user. It's the things that you ask for in your manifest file. Underneath the hood, each of the things you ask for like Internet or camera, each of those has a separate Linux group that's associated with it. For example, you may have the camera group. And this is a user group that is set up to define the set of users that have access to the camera. And this is already on the device when you install the app. And so, what Android does is it creates your Linux user and then based on each of the uses permissions it figures out which of the different user groups your account should be associated with. So it associates this app for a photo editor, let's say, with its own Linux user. And then it associates that Linux user with the underlying camera group. And so now, when your app is running, if your app goes and tries to access the camera, Android and it's underlying Linux kernel can look at the user account associated with your app, and then can check if it's part of this Linux user group that should have access to the camera. So underneath the hood, all of these permissions that we see in our apps and that are manifested as uses permissions in the Android manifest XML files, actually get mapped down to Linux user groups.