Re: But shirley...
... if you have 2 processes running under the same user id on a system, then 1 process can attach to the other and scan its memory anyway
That depends on the operating system. But I'll assume we're talking about UNIX-family OSes here.
That's why the resource isolation model in iOS doesn't simply run apps as conventional UNIX processes under the same ID. There's more information in the paper, or elsewhere.
Under Android, according to the paper, each app runs under a different UID. (I haven't bothered trying to confirm this from other sources.)