Using data from context providers or requesting Google Photos read permission?

Question

My app allows users to import their photos and videos from other apps. Now that Google replaced Google+ Photos with Google Photos, couple of things broke for me. One of these things is re-using imported files after app restart. I have a feeling they've tightened up the permissions given out when Google Photos returns the intent with the image URI, so after my app gets killed it no longer has the permission to access the uploaded file. I'm getting the Security expection:

java.lang.SecurityException: Permission Denial: opening provider com.google.android.apps.photos.contentprovider.MediaContentProvider from ProcessRecord{2c17ab9e 2124:com.myapp.myapp/u0a436} (pid=2124, uid=10436) that is not exported from uid 10427

EDIT:

I'm also getting the same problem with reusing files provided by com.google.android.apps.docs.sync.filemanager.FileProvider

Any suggestions/workaround? I know I can read the file before I lost permission so in theory I could copy it but I can't say I like this very much..

Answer 1

Yep, this is by design, as described on Android Developer site.

For security reasons, the permissions are temporary, so once the client app's task stack is finished, the file is no longer accessible. You must get the file data when you receive the intent answer, in the onActivityResult method. Store a copy of the file data, because the file won't be available anymore when onActivityResult returns.

Answer 2

1. You can reproduce this SecurityException Log when you use the "Google Photo" app.

2. Main cause of this problem is "Google Photo" shares ContentUri with fixed string like "content://com.google.android.apps.photos.contentprovider/1/1" and connect it with a static temporary values. "Google Photo" does not provide the file path when the actual Activity or Context which receives Intent.ACTION_SEND. Maybe, it is the policy of "Google Photo", not to expose the private image file to other app.

3. For example, you defines 2 Activity in Manifest file, Actvity A and Activity B. Activity A for receives the Intent.ACTION_SEND. Activity B for processing the image file. Activity A forward the intent to Activity B. Then Activity B is not the correct Activity to "Google Photo", you encounters the SecurityException.

So, I recommend you to save the file temporarily on Activity A and use the temporary file path on Activity B

Answer 3

maybe you can try adding this user-permission into your manifest file.

<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />

Answer 4

Looks like this question is simular

I think when activity (not fragment) dies - all retrieved by it URI become invalidated

I also have the same problem - trying to upload picture in background. But user in UI thread may change activity and URI becomes invalid