Exported content providers can provide access to potentially sensitive data

Question

I'm using ContentProvider in my android application to share the database between the application. For sharing the database I need to add the provider access in AndroidManifest.xml like as follows:

<provider
android:name="Contentprovider"
android:authorities="umb.con.apps.vid" />

I added and implemented successfully but the warning message showing in the <provider/> tag like this "Exported content providers can provide access to potentially sensitive data". Will it cause any security problem in future?

Answer 1

If you just want the content provider to be accessed internally from within your app, simply add

android:exported="false"

into the node in the manifest.

From the doc:

false: The provider is not available to other applications. Set android:exported="false" to limit access to the provider to your applications. Only applications that have the same user ID (UID) as the provider will have access to it.

If, on the other hand, you really want to expose your data to other apps but you also have sensitive data in your data storage, remember that you can have more than one content provider and thus expose just the "public" one.

Answer 2

Also if you are sure that you want to allow external access to your content provider and silence the warning add tools:ignore="ExportedContentProvider"

e.g.

<provider
tools:ignore="ExportedContentProvider"
android:exported="true"
android:name="Contentprovider"
android:authorities="umb.con.apps.vid" />