A central design point of the Android security architecture is that no
application, by default, has permission to perform any operations that would
adversely impact other applications, the operating system, or the user. This
includes reading or writing the user's private data (such as contacts or
e-mails), reading or writing another application's files, performing
network access, keeping the device awake, etc.
An application's process is a secure sandbox. It can't disrupt other
applications, except by explicitly declaring the permissions it needs
for additional capabilities not provided by the basic sandbox. These
permissions it requests can be handled by the operating in various ways,
typically by automatically allowing or disallowing based on certificates or
by prompting the user. The permissions required by an application are declared
statically in that application, so they can be known up-front at install time
and will not change after that.