I'm using ContentProvider
in my android application to share the database between the application. For sharing the database I need to add the provider access in AndroidManifest.xml
like as follows:
<provider
android:name="Contentprovider"
android:authorities="umb.con.apps.vid" />
I added and implemented successfully but the warning message showing in the <provider/>
tag like this "Exported content providers can provide access to potentially sensitive data". Will it cause any security problem in future?
When you want to access data in a content provider, you use the ContentResolver object in your application's Context to communicate with the provider as a client. The ContentResolver object communicates with the provider object, an instance of a class that implements ContentProvider .
The exported attribute is used to define if an activity, service, or receiver in your app is accessible and can be launched from an external application. As a practical example, if you try to share a file you'll see a set of applications available.
A content provider is a subclass of ContentProvider that supplies structured access to data managed by the application. All content providers in your application must be defined in a <provider> element in the manifest file; otherwise, the system is unaware of them and doesn't run them.
If you just want the content provider to be accessed internally from within your app, simply add
android:exported="false"
into the node in the manifest.
From the doc:
false: The provider is not available to other applications. Set android:exported="false" to limit access to the provider to your applications. Only applications that have the same user ID (UID) as the provider will have access to it.
If, on the other hand, you really want to expose your data to other apps but you also have sensitive data in your data storage, remember that you can have more than one content provider and thus expose just the "public" one.
Also if you are sure that you want to allow external access to your content provider and silence the warning add tools:ignore="ExportedContentProvider"
e.g.
<provider
tools:ignore="ExportedContentProvider"
android:exported="true"
android:name="Contentprovider"
android:authorities="umb.con.apps.vid" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With