The unique application ID are explain in this RFC. I don´t know if, in this moment, is implemented.
Application ID is generated using a deterministic approach. Every application will provide its own unique key/identifier string along with the vendor name in the authorisation request. The hash of Vendor name and Unique key provided by the application (SHA512(Vendor + AppKey)) will yield the id of the application.
And also, are some change with the new Low level Api. With this API each App will have a separate encryption key.
Currently one of the functionality of Launcher is to provide sandboxing. Apps which pass through the Launcher (which is the recommended approach because it is considered bad to give one’s credentials to every app) have access to data either within specific folder created for them or within SAFEDrive which is where common data is. No app is allowed to access data in a folder reserved for another app. However this guarantee will be broken once the low level API’s are xposed because apps will have freedom to create whatever data they want and wherever they want it on the network.
Under the current implementation this would mean that private data stored by one app can be potentially compromised (accessed by another app). For e.g. say App-0 creates and stores StructuredData abc somewhere in the network. If App-1 uses a direct GET for abc there is no way Launcher knows this should not be allowed. Previously apps were only allowed to travel a directory hierarchy to get data and Launcher could assert it travelled only the permissible ones.
To get around this limitation, Launcher shall enforce a rule of separate secretbox::gen_key() for each app that registers successfully with it. All private data created on the network by the app will use this to encrypt/decrypt data.
These keys will need to be persistent, so Launcher will write the details in its configuration file against the registered app. Which keys will be used will be determined by CipherOption below. Note that, new nonce shall be generated everytime encryption is used.