At its simplest, an app is just an html snippet in a file, with out the html headers. freezr takes the html and wraps it in a header, adding a couple of extra elements - notably the freezr_core.js API, and a freezr logo to the top right of each app page. Clicking on the freezr logo will let you see all the data the app has been gathering and also manage the permissions you can grant to the app.
The cheese tutorials
Once you upload an app, the app's files are copied to a folder on your freezr file system called "app_files", under a directory with the name of the app, and they are served from there.
By convention, and for scalability's sake, each app's full name should be in a "reverse domain name notation", with the actual app name at the end - eg "com.example.exampleapp". (Parts of the name after the first space are ignored. So you can call the file: "com.example.exampleapp version feb 4 2017.zip".)
Without an app_config file, freezr just grabs index.html and index.css and index.js. To add more pages and multiple js / css files, you can use the app_config - a sort of manifest for the app, where you can define the resources each app or app page needs. See here.
All permissioning requests are also done via the app_config file.
You cannot add node.js modules to your apps - they need to be pure client-side.
Rule #1. Apps should never link to, or access the internet (except via the freezr_core api.) freezr is meant to create a sand-boxed environment, like apps on your phone - so apps should not make any ajax (XMLHttpRequest) calls. This is because you wouldn't want apps to send your data out to the internet wihtout your knowledge.
Rule #2. The database should only be accessed via the freezr_core api. Don't try to access other apps' data, or circumvent the freezr permissioning system
Rule #3. Apps cannot use "eval" statements or to create / include scripts elements dynamically , or do anything else that circumvents rules number 1 and 2. All external js files should be declared in the app_config.
(Only the "freezr" functions should be accessed by apps. The "freezer_restricted" functions shouldn't be called by your app.)
Learn more about freezr's security and how these rules are currently enforced here.