freezr, like any web-server, has 3 elements:
You can install all of these in one place, but freezr also makes it relatively easy to have these three elements be somewhat independent, so you can have amazon AWS run your web server, but put your files on dropbox, and have mlabs host your database.
Apps need to abide by some rules to make sure that the data in freezr is only seen by the apps and by he people you permit it. At this point, it is not too difficult to circumvent these rules, but the pricniple is that any app you install is inevitably open source and so malicious apps can be more easily detected.
For apps to access each others' data, freezr has a permissioning system. Permissioning takes place at two levels, the "System level" and the "App level".
This is similar to an iphone app. For example, an iphone app may ask permission to access the user's location. Once you grant that access in settings (ie at the "System level"), then it is up to the app to actually use the permission and access your location based on its own use case and policies (ie at the "App level").
Apps declare the permissions they would like in ther app_config file.